Phishers have found a way to downgrade-not bypass-FIDO MFA
The phishing attack bypasses a multifactor authentication scheme based on FIDO, the standard considered immune to credential phishing attacks, leading to unauthorized access.
Hackers are using Microsoft 365 features to bombard enterprises with phishing emails - and they've already hit more than 70 organizations
A new phishing campaign exploits Microsoft's 365 Direct Send feature, targeting organizations without needing user credentials, leading to successful credential theft.
SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
"The threat actor added code in the installed binaries of the fake NetExtender so that information related to VPN configuration is stolen and sent to a remote server," Ganachari said.
Medication stolen from Saratoga senior care facility
On March 22, a significant incident occurred at Our Lady of Fatima where an unsecured medication storage room was breached, resulting in the theft of medication valued at around $869.
Large enterprises scramble after supply-chain attack spills their secrets
Open-source software tj-actions/changed-files was compromised with credential-stealing code, affecting thousands of organizations and highlighting vulnerabilities in software supply chains.