Skip to main content

Tag: credential stuffing

28 articles

government email credentials: Exclusive Risky Threat

government email credentials: Exclusive Risky Threat

Imagine someone buying access to a government inbox for less than the price of dinner — and using it to intercept investigations, impersonate officials, or fuel disinformation. With law-enforcement emails reportedly selling for about $40 on underground markets, stronger credential hygiene, MFA, and coordinated policy action aren’t optional — they’re urgent.

Analyst 207
FortiSIEM vulnerability: Critical, Urgent Must-Fix

FortiSIEM vulnerability: Critical, Urgent Must-Fix

A critical FortiSIEM vulnerability now has working exploit code circulating, and defenders are seeing a sharp spike in automated scanning and brute‑force attacks against exposed devices. If you manage FortiSIEM, patch or apply Fortinet’s mitigations immediately, isolate internet‑facing appliances, and rotate credentials to stay ahead of opportunistic attackers.

Analyst 207
APT28 LameHug: Exclusive Risky AI Threat Warning

APT28 LameHug: Exclusive Risky AI Threat Warning

MITRE’s take on APT28’s LameHug at Black Hat is a wake-up call: while crude now, this testbed shows how AI and automation could quickly turn basic tools into powerful cyber weapons. Defenders, policymakers, and everyday users should sharpen defenses and share intel now—before experiments like this graduate into routine attacks.

Analyst 207
ShinyHunters cybercrime group: Critical Exclusive Threat

ShinyHunters cybercrime group: Critical Exclusive Threat

When your bank calls about a transaction you didn’t make, it’s a stark reminder that the ShinyHunters cybercrime group is now homing in on banks, fintechs and their vendors to harvest credentials and personal data for large-scale fraud. Institutions must act fast—tightening credential defenses, shoring up vendor security, and boosting detection—to protect customers, reputation and regulatory standing.

Analyst 207