credentials

  • Blog

    Stolen credentials are the new front door to your network

    Cybercriminals no longer need zero-day exploits or other vulnerabilities to breach your systems—these days, they just log in. On July 9th at 2:00 PM ET, BleepingComputer and SC Media will co-host a live webinar with identity security expert Darren Siegel of Specops Software (part of Outpost24), exploring how threat actors are increasingly breaching networks by simply logging in with stolen…

    Read More »
  • Blog

    No, the 16 billion credentials leak is not a new data breach

    News broke today of a “mother of all breaches,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. To be clear, this is not a new data breach, or a breach at all, and the websites involved were…

    Read More »
  • Blog

    Ivanti Workspace Control hardcoded key flaws expose SQL credentials

    Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company’s Workspace Control (IWC) solution. IWC helps enterprise admins manage desktops and applications, acting as an intermediary between the operating system and users and regulating access and workspace configuration. It provides centralized control over user workspaces and dynamically configures desktops, applications, and user settings based on…

    Read More »
  • Blog

    New PumaBot botnet brute forces SSH credentials to breach devices

    A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. The targeted nature of PumaBot is also evident by the fact it targets specific IPs based on lists pulled from a command-and-control (C2) server instead of broader scanning of the internet. Targeting surveillance cams Darktrace documented PumaBot in a report…

    Read More »
  • Blog

    CoGUI phishing platform sent 580 million emails to steal credentials

    A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. The messages impersonate major brands like Amazon, Rakuten, PayPal, Apple, tax agencies, and banks. The activity culminated in January 2025, where 170 campaigns sent 172,000,000 phishing messages to targets, but the following months maintained…

    Read More »
  • Blog

    CISA issues warning in wake of Oracle cloud credentials leak

    CISA has issued a warning over the risk of data breaches following a security incident affecting legacy Oracle cloud environments, urging enterprises to shore up defences. In an advisory published Wednesday 16th April, the security agency said the incident “presents a potential risk to organizations and individuals” despite unconfirmed reports on the scale of the breach. CISA specifically highlighted risks…

    Read More »
  • Blog

    A ‘significant increase’ in infostealer malware attacks left 3.9 billion credentials exposed to cyber criminals last year – and experts worry this is a ticking time bomb for enterprises

    Researchers have warned that billions of credentials exposed to cyber criminals were sourced from infostealer logs last year – and it’s created a ticking time bomb for enterprises as hackers begin cracking systems. KELA Cyber Threat Intelligence’s State of Cybercrime 2024 report singled out infostealers as a persistent threat that usually serve as “precursors to advanced attacks, including ransomware and…

    Read More »
  • Blog

    Cisco warns of Webex for BroadWorks flaw exposing credentials

    Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. Webex for BroadWorks integrates Cisco Webex’s video conferencing and collaboration features with the BroadWorks unified communications platform. While the company has yet to assign a CVE ID to track this security issue, Cisco says in a Tuesday security advisory that it already pushed…

    Read More »
  • Blog

    Cloudflare Adopts Content Credentials for Image Authenticity

    Cloudflare has integrated Content Credentials metadata into Cloudflare Images, the content delivery network firm announced on Feb. 3. First proposed in 2021 by the Coalition for Content Provenance and Authenticity (C2PA), Content Credentials identify whether an image was AI-generated, modified with AI, or photographed. About 20% of internet properties use Cloudflare, Content Authenticity Initiative Community Manager Jen Tse pointed out…

    Read More »
  • Blog

    A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFA

    Hackers are targeting organizations around the world that rely on Microsoft’s Active Directory Federation Services (ADFS) secure access system in an ongoing phishing campaign, according to new research. Analysis from Abnormal Security describes how Microsoft’s ADfS, a legacy single-sign-on (SSO) solution that allows employees to use one set of credentials to authenticate across multiple applications and environments, is being mimicked…

    Read More »
Back to top button
close