Skip to main content

Tag: credentialharvesting

36 articles

Axios user agent Dangerous Surge: Must-Have Defense

Axios user agent Dangerous Surge: Must-Have Defense

A routine Axios user‑agent has been weaponized — ReliaQuest found a 241% surge in phishing that spoofs the header to evade filters and increase clicks. Security teams need to stop trusting user‑agent strings alone and adopt layered defenses before attackers scale this trick further.

Analyst 207
remote access trojan: Stunning Risky Threat Revealed

remote access trojan: Stunning Risky Threat Revealed

One click from a phishing email can now install MostereRAT — a stealthy, modular remote‑access trojan that evolved from banking malware into a plugin‑driven tool for data theft, persistence and lateral movement — proving attackers are turning familiar scams into long‑term, hard‑to‑detect footholds. Protect yourself with multifactor authentication, least‑privilege access, up‑to‑date patching and behavioral detection, because signature‑based defenses alone won’t cut it.

Analyst 207
Tycoon phishing kit: Stunning Dangerous Cloaking Tactics

Tycoon phishing kit: Stunning Dangerous Cloaking Tactics

A prolific phishing kit called Tycoon is now hiding malicious links behind layered redirects, URL obfuscation, and browser-only cloaking to slip past email scanners and trick users. Stay vigilant—combine stronger link inspection, browser-based emulation, DMARC/DKIM/SPF hardening, and user training to blunt this evolving threat.

Analyst 207
watering-hole technique: Exclusive Risky Exposed

watering-hole technique: Exclusive Risky Exposed

When nation‑state actors like APT29 weaponize familiar conveniences — such as “Sign in with Microsoft” flows and popular websites — a routine visit can hand over credentials and session tokens at scale. Amazon’s disclosure shows watering‑hole attacks have evolved, so teams and users should treat federated logins and consent prompts with fresh skepticism and stronger protections.

Analyst 207
spear-phishing campaign: Risky North Korean Tactic Exposed

spear-phishing campaign: Risky North Korean Tactic Exposed

North Korea’s APT37 is luring South Koreans with real-looking internal briefings, turning trusted emails into powerful espionage tools — a wake-up call to strengthen MFA, behavior-based detection, and cross‑agency info sharing.

Analyst 207
ShadowSilk Exclusive: Risky Cyber Heist Exposes 36 Govs

ShadowSilk Exclusive: Risky Cyber Heist Exposes 36 Govs

Group-IB says ShadowSilk quietly siphoned sensitive data from 36 government-linked targets across Central Asia and the Asia‑Pacific, proving stealthy, data-driven espionage can outflank regional defenses. Its modular tools and persistent backdoors underscore why governments must share intelligence, harden networks, and treat cybersecurity as an ongoing strategic priority.

Analyst 207
credential-theft campaign: Exclusive Salesforce Risk

credential-theft campaign: Exclusive Salesforce Risk

Google warns of a credential-theft campaign that abused a Salesloft integration to phish Salesforce logins — a wake-up call that third-party apps can be your weakest link. Audit connected apps, enforce MFA, and tighten permissions now before attackers pivot from integrations into your CRM.

Analyst 207
phishing attack Stunning Risky ZipLine Exposed

phishing attack Stunning Risky ZipLine Exposed

A new ZipLine phishing campaign uses a legitimate-looking White House photo and fake contact forms to trick employees at U.S. manufacturers into handing over credentials — opening the door to IP theft and ransomware. It’s a sharp reminder that a single authentic image can bypass defenses, so tighten verification, MFA, and training now.

Analyst 207
Warlock ransomware: Exclusive Critical Threat to SharePoint

Warlock ransomware: Exclusive Critical Threat to SharePoint

If your organization still runs on-premises SharePoint, Trend Micro’s findings are a wake-up call: attackers are using a ToolShell exploit to turn unpatched SharePoint instances into staging grounds for multi-stage Warlock ransomware campaigns that can steal data and cripple recovery. Patch promptly, lock down admin access, and treat collaboration platforms as critical assets before a trusted service becomes an easy path to extortion.

Analyst 207
Taiwanese web hosting Exclusive: Critical Espionage Risk

Taiwanese web hosting Exclusive: Critical Espionage Risk

Imagine an invisible enemy living inside the servers that power your websites and email — Cisco Talos found a Chinese‑linked APT using a Taiwanese web host to intercept traffic, harvest credentials and stage persistent espionage. This supply‑chain breach is a wake‑up call: treat hosts as critical infrastructure and demand stronger controls, logging and incident guarantees now.

Analyst 207
Taiwanese web host Critical: Exclusive Must-Have Fixes

Taiwanese web host Critical: Exclusive Must-Have Fixes

A suspected Chinese state-backed crew quietly breached a Taiwanese web host, stealing credentials and planting backdoors to maintain months-long access — a stark reminder that compromising one trusted provider can expose dozens of downstream victims. Strengthening access controls, adopting zero-trust segmentation, and rotating credentials aren’t optional — they’re the best way to stop a single breach from becoming a widespread supply-chain disaster.

Analyst 207
phishing campaign: Stunning Risk to UK Sponsors

phishing campaign: Stunning Risk to UK Sponsors

A slick phishing campaign is targeting Home Office sponsor licence holders, risking fraud, extortion and even licence revocation by stealing the credentials used to manage migrant sponsorships. If you manage a sponsor account, verify any Home Office contact, enable MFA, and treat unexpected emails with extreme caution to protect your organisation and the people you sponsor.

Analyst 207