Phishing uses Azure Static Web Pages to impersonate Microsoft
Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. [...]
Protecting Your Organization Against a New Class of Cyber Threats: HEAT
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.
Too Hot to Handle:The case for Zero Trust and SASE
By Jonathan Lee, Senior Product Manager, Menlo Security Insecurity today we often see the continued reliance on legacy […] The…
CISA warns orgs to patch actively exploited Chrome, Redis bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch a Google Chome zero-day and…
Hacked WordPress sites force visitors to DDoS Ukrainian targets
Hackers are compromising WordPress sites to insert a malicious script that uses visitors' browsers to perform distributed denial-of-service attacks on…
Emergency Google Chrome update fixes zero-day used in attacks
Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the…
New Phishing toolkit lets anyone create fake Chrome browser windows
A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login…
Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks
The maintainer of a widely used npm module served up an unwelcome surprise for developers.
Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware
Researchers are tracking a number of open-source "protestware" projects on GitHub that have recently altered their code to display "Stand…
Over 40% of Log4j Downloads Are Vulnerable Versions of the Software
The data point is a reminder of why fixing the widespread vulnerability will take a long time.