Tag: credential stuffing
28 articles

government email credentials: Exclusive Risky Threat
Imagine someone buying access to a government inbox for less than the price of dinner — and using it to intercept investigations, impersonate officials, or fuel disinformation. With law-enforcement emails reportedly selling for about $40 on underground markets, stronger credential hygiene, MFA, and coordinated policy action aren’t optional — they’re urgent.

FortiSIEM vulnerability: Critical, Urgent Must-Fix
A critical FortiSIEM vulnerability now has working exploit code circulating, and defenders are seeing a sharp spike in automated scanning and brute‑force attacks against exposed devices. If you manage FortiSIEM, patch or apply Fortinet’s mitigations immediately, isolate internet‑facing appliances, and rotate credentials to stay ahead of opportunistic attackers.

APT28 LameHug: Exclusive Risky AI Threat Warning
MITRE’s take on APT28’s LameHug at Black Hat is a wake-up call: while crude now, this testbed shows how AI and automation could quickly turn basic tools into powerful cyber weapons. Defenders, policymakers, and everyday users should sharpen defenses and share intel now—before experiments like this graduate into routine attacks.

ShinyHunters cybercrime group: Critical Exclusive Threat
When your bank calls about a transaction you didn’t make, it’s a stark reminder that the ShinyHunters cybercrime group is now homing in on banks, fintechs and their vendors to harvest credentials and personal data for large-scale fraud. Institutions must act fast—tightening credential defenses, shoring up vendor security, and boosting detection—to protect customers, reputation and regulatory standing.