toad.social

0 posts0 participants0 posts today

LMG SecurityMicrosoft 365 credential theft is evolving quickly!Attackers are no longer just stealing your login—they’re using your own AI tools like Microsoft Copilot to accelerate fraud from inside your environment.Our 4-minute video breaks down how threat actors are targeting Microsoft 365 accounts and weaponizing Copilot, Teams, SharePoint, and more to perform rapid reconnaissance, commit fraud, and exploit centralized trust systems.Watch now to learn:▪ How Copilot can be used against you ▪ Real phishing tactics mimicking Microsoft 365, Adobe & DocuSign ▪ Why SSO, OAuth, and poor access controls can make attacks worse ▪ What your organization must do to stay aheadWatch the video! <a href="https://youtu.be/zaBwxy1Gjhc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/zaBwxy1Gjhc</a><a href="https://infosec.exchange/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft365</a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialTheft</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/CoPilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CoPilot</a> <a href="https://infosec.exchange/tags/ZeroTr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZeroTr</a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyberaware</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMB</a> <a href="https://infosec.exchange/tags/CEO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CEO</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/CIO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CIO</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/M365" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#M365</a> <a href="https://infosec.exchange/tags/Riskmanageemnt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Riskmanageemnt</a>

Bruce Sterling @bruces*Politically hacking the smart toilet screens in the resort-town airport. <a href="https://mastodon.social/tags/InternetOfThings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InternetOfThings</a> <a href="https://mastodon.social/tags/credentialtheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#credentialtheft</a> <a href="https://mastodon.social/tags/hack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hack</a> <a href="https://mastodon.social/tags/digitaloutsideofhome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#digitaloutsideofhome</a> <a href="https://mastodon.social/tags/TwentyTwenties" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TwentyTwenties</a> <a href="https://thethaiger.com/news/phuket/phuket-airport-scrambles-to-explain-cyberattack-on-digital-screen" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thethaiger.com/news/phuket/phuket-airport-scrambles-to-explain-cyberattack-on-digital-screen</a>

LMG SecurityMicrosoft 365 credential theft is evolving—and AI tools like Microsoft Co-Pilot are becoming attackers' latest weapons!Watch our new, 4-minute video, to learn how attackers use <a href="https://infosec.exchange/tags/CoPilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CoPilot</a> for rapid reconnaissance and fraud, see real-world phishing examples targeting Microsoft 365, Adobe, and DocuSign, and understand why SSO and OAuth vulnerabilities significantly amplify credential risks. We'll also share essential steps to protect your organization! <a href="https://youtu.be/zaBwxy1Gjhc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/zaBwxy1Gjhc</a><a href="https://infosec.exchange/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft365</a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialTheft</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/CoPilotSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CoPilotSecurity</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZeroTrust</a> <a href="https://infosec.exchange/tags/AIThreats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIThreats</a> <a href="https://infosec.exchange/tags/SaaSsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SaaSsecurity</a> <a href="https://infosec.exchange/tags/DocuSignPhishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DocuSignPhishing</a> <a href="https://infosec.exchange/tags/M365" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#M365</a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyberaware</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a>

LMG SecurityNew Polymorphic browser attack alert: Malicious extensions mimic legitimate ones with pixel-perfect clones, disabling the real add-ons to steal credentials from Chrome, Edge & others! The malicious extensions clone the look and behavior of legitimate add-ons, including icons and workflows, and even temporarily disable the real extensions—tricking users into handing over sensitive credentials. Remind your team to only install extensions from trusted sources, monitor browser activity, and review permissions often.Read the details: <a href="https://thehackernews.com/2025/03/researchers-expose-new-polymorphic.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thehackernews.com/2025/03/researchers-expose-new-polymorphic.html</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITsecurity</a> <a href="https://infosec.exchange/tags/Chrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chrome</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialTheft</a> <a href="https://infosec.exchange/tags/Chromium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chromium</a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZeroDay</a> <a href="https://infosec.exchange/tags/PolymorphicAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PolymorphicAttack</a>

nemo™ 🇺🇦🚨 Security Alert! 🚨 A recent attack has compromised 16 Chrome extensions, exposing over 600,000 users to data theft! 🛡️ Cyberhaven was among the first affected, with malicious code stealing sensitive information. This highlights the vulnerabilities of browser extensions. Stay safe and review your installed extensions! 🔍✨ <a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mas.to/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChromeExtensions</a> <a href="https://mas.to/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataProtection</a> <a href="https://mas.to/tags/PhishingAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhishingAttack</a> <a href="https://mas.to/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialTheft</a> <a href="https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html</a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#newz</a>

IT NewsYearlong supply-chain attack targeting security pros steals 390K credentials - A sophisticated and ongoing supply-chain attack operating for the past yea... - <a href="https://arstechnica.com/security/2024/12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2024/12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/</a> <a href="https://schleuss.online/tags/supplychainattacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychainattacks</a> <a href="https://schleuss.online/tags/credentialtheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#credentialtheft</a> <a href="https://schleuss.online/tags/cryptomining" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptomining</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#github</a> <a href="https://schleuss.online/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a>

LMG SecurityA new Fortinet VPN zero-day vulnerability is being exploited by a toolkit called 'DeepData'. The <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> gap allows credential dumping from memory after authentication. Until a patch is available, you should restrict VPN access and monitor for unusual login activity. IOCs are available in this article: <a href="https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZeroDay</a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fortinet</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialTheft</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/Databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Databreach</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a>

Sean Whalen 👨🏼‍🦼🏳️‍🌈🇺🇦🕊️The Russian cybercrime group FIN7 ran a network of fake AI undressing sites that delivered credential stealing malware to those who uploaded pictures. I gotta say, this is one group of cybercrime victims that I don't feel sorry for.<a href="https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/</a><a href="https://infosec.exchange/tags/FIN7" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FIN7</a> <a href="https://infosec.exchange/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybercrime</a> <a href="https://infosec.exchange/tags/NetSupport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetSupport</a> <a href="https://infosec.exchange/tags/NetSupportRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetSupportRAT</a> <a href="https://infosec.exchange/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialTheft</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/Deepfake" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Deepfake</a> <a href="https://infosec.exchange/tags/Deepfakes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Deepfakes</a> <a href="https://infosec.exchange/tags/DeepNude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeepNude</a> <a href="https://infosec.exchange/tags/DeepNueds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeepNueds</a> <a href="https://infosec.exchange/tags/SilentPush" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SilentPush</a>

Paul ShreadA cloud vulnerability a lot of people apparently don't know about: .env files contain secrets such as hard-coded cloud access keys, and not configuring them properly can lead to very bad things. <a href="https://masto.ai/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://masto.ai/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://masto.ai/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AWS</a> <a href="https://masto.ai/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerabilities</a> <a href="https://masto.ai/tags/IAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IAM</a> <a href="https://masto.ai/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialTheft</a> <a href="https://masto.ai/tags/CloudStorage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudStorage</a> <a href="https://masto.ai/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://masto.ai/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://masto.ai/tags/AttackSurfaceManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AttackSurfaceManagement</a> <a href="https://masto.ai/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VulnerabilityManagement</a> <a href="https://thecyberexpress.com/cloud-extortion-campaign-hacks-aws-env-files/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thecyberexpress.com/cloud-extortion-campaign-hacks-aws-env-files/</a>

IT NewsMysterious family of malware hid in Google Play for years - Enlarge A mysterious family of Android malware with a demonst... - <a href="https://arstechnica.com/?p=2040171" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/?p=2040171</a> <a href="https://schleuss.online/tags/credentialtheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#credentialtheft</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://schleuss.online/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#android</a> <a href="https://schleuss.online/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biz</a>&it

Techy Geek :verified:Cybercriminals are using a malicious Telegram bot!<a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Telekopye" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Telekopye</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialTheft</a><a href="https://thehackernews.com/2023/11/cybercriminals-using-telekopye-telegram.html?m=1" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thehackernews.com/2023/11/cybercriminals-using-telekopye-telegram.html?m=1</a>

Recent searches

Search options

Administered by:

Server stats:

#credentialtheft