Account takeover
Hackers spoof Microsoft ADFS login pages to steal credentials
A help desk phishing campaign targets an organization’s Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. The targets of this campaign, according to Abnormal Security that discovered it, are primarily education, healthcare, and government organizations, with the attack targeting at least 150 targets. These […]
Clone2Leak attacks exploit Git flaws to steal credentials
A set of three distinct but related attacks, dubbed ‘Clone2Leak,’ can leak credentials by exploiting how Git and its credential helpers handle authentication requests. The attack can compromise passwords and access tokens in GitHub Desktop, Git LFS, GitHub CLI/Codespaces, and the Git Credential Manager. The flaws that make ‘Clone2Leak’ possible were discovered by Japanese researcher RyotaK […]
Subaru Starlink flaw let hackers hijack cars in US and Canada
Security researchers have discovered an arbitrary account takeover flaw in Subaru’s Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate. Bug bounty hunter Sam Curry revealed on Thursday that the vulnerability was discovered on November 20, 2024, with the help of researcher Shubham Shah. They found […]
Google OAuth flaw lets attackers gain access to abandoned accounts
A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms. The security gap was discovered by Trufflesecurity researchers and reported to Google last year on September 30. Google initially disregarded the finding as […]
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. The campaign was recently discovered by incident response firm SpearTip, who said the attacks began on January 6, 2025, targeting the Azure Active Directory Graph API. The researchers warn that the brute-force attacks have to successful account […]
Stolen Path of Exile 2 admin account used to hack player accounts
Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. The breached admin account allowed the threat actors to change the passwords of other accounts, with many losing their […]
New DoubleClickjacking attack exploits double-clicks to hijack accounts
A new variation of clickjacking attacks called “DoubleClickjacking” lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. Clickjacking, also known as UI redressing, is when threat actors create malicious web pages that trick visitors into clicking on hidden or disguised webpage elements. The attacks work by […]
Security plugin flaw in millions of WordPress sites gives admin access
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin ‘Really Simple Security’ (formerly ‘Really Simple SSL’), including both free and Pro versions. Really Simple Security is a security plugin for the WordPress platform, offering SSL configuration, login protection, a two-factor authentication layer, and real-time vulnerability detection. Its free version alone is used in […]
CISA warns of critical Palo Alto Networks bug exploited in attacks
Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition […]
LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack’s Rafie Muhammad on August 22, 2024. A fix was made available yesterday with the release of […]