#account-takeover

[ follow ]
fromTheregister
2 weeks ago

Google, Microsoft account takeover made easy via VoidProxy

The phishes target any Google and Microsoft accounts, from small businesses to large enterprises, we're told. And while Okta didn't have a confirmed victim count, "we have observed high-confidence account takeovers in multiple entities," the threat intel team told us. "By extension, we expect Microsoft and Google will have observed a larger number of ATO events, given that VoidProxy proxies non-federated users directly with Microsoft and Google servers."
Information security
fromThe Hacker News
2 weeks ago

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

"A potential attacker could take over customer accounts in Adobe Commerce through the Commerce REST API," Adobe said in an advisory issued today. The issue impacts the following products and versions - Adobe Commerce (all deployment methods): 2.4.9-alpha2 and earlier 2.4.8-p2 and earlier 2.4.7-p7 and earlier 2.4.6-p12 and earlier 2.4.5-p14 and earlier Adobe Commerce B2B: 1.5.3-alpha2 and earlier 1.5.2-p2 and earlier 1.4.2-p7 and earlier
E-Commerce
Information security
fromTheregister
2 weeks ago

Pentagon left livestream keys exposed, hijack risk included

Pentagon publicly posted streaming platform stream keys on DVIDS, exposing military social accounts to hijacking; the vulnerability has been addressed with new keys and fixes.
Information security
fromThe Hacker News
2 weeks ago

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Threat actors exploit Axios and Microsoft Direct Send to spoof trusted senders, bypass gateways, and drive highly successful phishing and account takeover campaigns across industries.
#cybersecurity
[ Load more ]