account hijacking
Okta breach post mortem reveals weaknesses exploited by attackers
The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our …
Compromised Skype accounts deliver DarkGate malware to employees
A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. “Versions of DarkGate …
Requests via Facebook Messenger lead to hijacked business accounts
Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing …
How Ducktail capitalizes on compromised business, ad accounts
Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. “We …
The removal of Qakbot from infected computers is just the first step
The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by …
LinkedIn users targeted in account hijacking campaign
LinkedIn users are being targeted in an ongoing account hijacking campaign, getting locked out of their accounts; the hacked accounts are held for ransom. Users discussing …
Microsoft 365 accounts of execs, managers hijacked through EvilProxy
A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at …
0mega ransomware gang changes tactics
A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a …
Kodi forum breach: User data, encrypted passwords grabbed
The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a …
Fake ChatGPT for Google extension hijacks Facebook accounts
A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. While this …
DHL, MetaMask phishing emails target Namecheap customers
A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal …
CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie
The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s …
Featured news
Resources
Don't miss
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
- Android financial threats: What businesses need to know to protect themselves and their customers
- Post-quantum cryptography and the future of online safety
- How to manage and protect your biometric data
- UK NCSC offers security guidance for domain and DNS registrars