The Hacker News reports that multiple new tactics have been employed by the advanced persistent threat operation ToddyCat to compromise corporate Outlook emails and Microsoft 365 access tokens.
Microsoft Entra B2B tenant invitations have been exploited by threat actors to facilitate a new Telephone-Oriented Attack Delivery phishing campaign, according to Cybernews.
More than 90% of phishing intrusions between July and September have been aimed at Microsoft Outlook and Gmail inboxes, with threat actors increasingly weaponizing trusted platforms to facilitate compromise, according to GBHackers News.
AI was the constant background hum at the OWASP Global AppSec conference last week, but the scene-stealer was a keynote talk telling us that managing risk is pointless.
BleepingComputer reports that the threat group CryptoChameleon sends phishing emails to LastPass users requesting access to their password vaults by uploading death certificates.
Pakistan-linked threat operation Transparent Tribe, also known as APT36, has targeted Indian government organizations' Linux-based systems with the new DeskRAT malware as part of a cyberespionage campaign that commenced in June, Infosecurity Magazine reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
