account hijacking
Open-source Rafel RAT steals info, locks Android devices, asks for ransom
The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money …
361 million account credentials leaked on Telegram: Are yours among them?
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials …
How fraudsters stole $37 million from Coinbase Pro users
A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – …
Okta warns customers about credential stuffing onslaught
Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential …
Microsoft: Russian hackers accessed internal systems, code repositories
Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country’s Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft …
Spoutible API exposed encrypted password reset tokens, 2FA secrets of users
A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the …
Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)
Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have …
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have …
SEC’s X account hacked to post fake news of Bitcoin ETF approval
Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the …
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns
Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications …
Booking.com customers targeted in hotel booking scam
Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. …
Rise in automated attacks troubles ecommerce industry
Automated attacks on application business logic, carried out by sophisticated bad bots, were the leading threat for online retailers, according to Imperva. In addition, …
Featured news
Sponsored
Don't miss
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
- Risk related to non-human identities: Believe the hype, reject the FUD
- Realm: Open-source adversary emulation framework
- Discover the growing threats to data security
- Encrypted traffic: A double-edged sword for network defenders