‘ONNX’ MFA Bypass Targets Microsoft 365 Accounts
The service, likely a rebrand of a previous operation called 'Caffeine,' mainly targets financial institutions in the Americas and EMEA…
ONNX phishing service targets Microsoft 365 accounts at financial firms
A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR…
New York Times warns freelancers of GitHub repo data breach
The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and…
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and…
Exploit for critical Veeam auth bypass available, patch now
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making…
New York Times source code stolen using exposed GitHub token
Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being…
What Individuals Get Wrong About Business Email Compromise
Businesses tend to obsess over business email compromise. This obsession is misguided. Observations from the front lines of combating business…
Microsoft spots gift card thieves using cyber-espionage tactics
Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in…
FBI warns of gift card fraud ring targeting retail companies
The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in…
Billions of Android Devices Open to ‘Dirty Stream’ Attack
Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have…