Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...
Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
Security Boulevard

Attackers replaced JDownloader installer downloads with malware

The post Attackers replaced JDownloader installer downloads with malware appeared first on . If you downloaded the JDownloader installer during the compromise window ( ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Decrypt

OpenAI Confirms Security Breach Linked to AI Malware Campaign

OpenAI says malware tied to the Shai-Hulud supply chain attack accessed internal repositories after infecting two employee ...

Microsoft Reveals How One Hacked Identity Triggered a Massive Cloud-Wide Breach

Microsoft says Storm-2949 used one hacked identity to infiltrate cloud systems, steal sensitive data, and spread across Azure ...
Daily Mirror

Kaspersky identifies new SilverFox campaign targeting Indian and Indonesian companies

The APT campaign involved disguising malicious files as documents related to tax violations. Upon infection, the attackers ...