Tag: credentials
-
JSON Config File Leaks Azure ActiveDirectory Credentials
In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/public-file-leaks-azure-activedirectory-credentials
-
Azure AD Credentials Exposed in Public App Settings File
Experts have revealed an Azure AD vulnerability exposing ClientId and ClientSecret in a publicly accessible appsettings.json file First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/azure-ad-credentials-exposed/
-
Stolen OAuth tokens expose Palo Alto customer data
Security firm’s Salesforce instance accessed using credentials stolen from Salesloft’s Drift platform breach First seen on theregister.com Jump to article: www.theregister.com/2025/09/02/stolen_oauth_tokens_expose_palo/
-
Stolen OAuth tokens expose Palo Alto customer data
Security firm’s Salesforce instance accessed using credentials stolen from Salesloft’s Drift platform breach First seen on theregister.com Jump to article: www.theregister.com/2025/09/02/stolen_oauth_tokens_expose_palo/
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
Azure AD Vulnerability Leaks Credentials, Lets Attackers Deploy Malicious Apps
Exposing an ASP.NET Core appsettings.json file containing Azure Active Directory (Azure AD) credentials poses acritical attack vector, effectively handing adversaries the keys to an organization’s cloud environment. During a recent cybersecurity assessment by Resecurity’s HUNTER Team, researchers discovered that a publicly accessible appsettings.json file had exposed the ClientId and ClientSecret of an Azure AD application,…
-
What the GitGuardian secrets sprawl report reveals about leaked credentials
In this Help Net Security video, Dwayne McDaniel, Senior Developer Advocate at GitGuardian, presents findings from The State of Secrets Sprawl 2025. McDaniel explains why … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/02/gitguardian-secrets-sprawl-video/
-
Understanding the Two Sides of Infostealer Risk: Employees and Users
Co-authored by Constella Intelligence and Kineviz Infostealer malware dominates today’s cyber threat landscape. Designed to extract credentials, cookies, session tokens, autofill data, and other forms of digital identity, infostealers operate silently, persistently, and at industrial scale. They are no longer just a precursor to other attacks”, infostealers are the breach. There are two critical vectors…
-
Phishing Campaign Exploits Ads to Breach Hotel Property Management Systems
A sophisticated malvertising campaign has emerged that specifically targets hoteliers and vacation rental operators by impersonating well-known service providers. Okta Threat Intelligence reports that attackers have used malicious search engine advertisements”, particularly sponsored ads on Google Search”, to lure unsuspecting hospitality professionals to counterfeit login portals. The ultimate goal: harvesting credentials for cloud-based property management…
-
APT Groups Weaponize Infostealer Malware in Precision Attacks
Tags: apt, attack, credentials, cyber, cybersecurity, espionage, group, intelligence, malware, threat, tool, warfareThe cybersecurity landscape has witnessed a dangerous evolution as Advanced Persistent Threat (APT) groups increasingly weaponize opportunistic infostealer malware for sophisticated espionage campaigns. What once served as broad-spectrum credential harvesting tools are now being repurposed into precision instruments of geopolitical warfare, targeting diplomatic institutions worldwide with devastating effectiveness. Recent threat intelligence from Hudson Rock’s Cavalier…
-
Russian-Linked ATP29 Makes Another Run at Microsoft Credentials
Amazon researchers disrupted a watering hole campaign by Russian-linked cyberespionage group APT29 designed to use compromised websites to trick users into giving the threat actors access to their Microsoft accounts and data via the tech giant’s device code authentication flow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/russian-linked-atp29-makes-another-run-at-microsoft-credentials/
-
Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks
Tags: access, advisory, attack, authentication, china, cisa, cisco, credentials, cve, cyber, cybersecurity, data, espionage, exploit, firewall, fortinet, germany, government, identity, infrastructure, injection, ivanti, kev, malicious, microsoft, military, mitigation, mitre, network, remote-code-execution, risk, software, tactics, threat, update, vulnerability, zero-dayAn analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ)…
-
When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach
3 min readThis malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/when-salesforce-becomes-a-de-facto-credential-repository-lessons-from-the-drift-oauth-breach/
-
BSidesSF 2025: Log In Through The Front Door: Automating Defense Against Credential Leaks
Creator, Author and Presenter: Barath Subramaniam Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube…
-
AWS catches Russia’s Cozy Bear clawing at Microsoft credentials
Look who’s visiting the watering hole these days First seen on theregister.com Jump to article: www.theregister.com/2025/08/29/aws_catches_russias_apt29_trying/
-
Google warns that mass data theft hitting Salesloft AI agent has grown bigger
Assume all Salesloft credentials are compromised after Workspace breach, Google says. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/08/google-warns-that-mass-data-theft-hitting-salesloft-ai-agent-has-grown-bigger/
-
Popular Nx Packages Compromised by Credential-Stealing Malware
A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats. Security researchers have confirmed that malicious versions of Nx”, numbered 20.9.0 through 21.8.0″, systematically scanned infected machines for a broad range of secrets before exfiltrating them…
-
TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies
Cybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef.”The objective is to lure victims into downloading and installing a trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef,” Truesec researchers Mattias WÃ¥hlén, Nicklas First seen on thehackernews.com Jump…
-
16 billion credentials exposed: why your business needs a password manager now
Your passwords may already be at risk. First seen on theregister.com Jump to article: www.theregister.com/2025/08/28/16_billion_credentials_exposed/
-
Hackers Chase Credentials in Hybrid Cloud Deployments
Financially Motivated Actor Storm-0501 Systematically Probed Victim Environments. As enterprises go with hybrid cloud developments, so follow hackers, even if it means jumping through extra hoops to get to where the data is stored. Microsoft on Wednesday said it spotted a financially-motivated hacking group probing a hybrid on-premise. First seen on govinfosecurity.com Jump to article:…
-
CCSP certification: Exam, cost, requirements, training, salary
Tags: access, application-security, best-practice, china, cloud, compliance, computer, credentials, cybersecurity, data, governance, infosec, infrastructure, jobs, risk, skills, training, usaCCSP vs. CISSP: ISC2 also offers the Certified Information Systems Security Professional (CISSP) certification aimed at upper-level security pros with industry experience. The biggest difference between these two certifications is that the CISSP exam draws from a much broader and more general pool of security knowledge, as it is meant to show that you can design,…
-
High-severity vulnerability in Passwordstate credential manager. Patch now.
Vulnerability can be exploited to gain access to customers’ crown jewels. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/08/high-severity-vulnerability-in-passwordstate-credential-manager-patch-now/
-
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted… First seen on hackread.com Jump to article: hackread.com/developer-credentials-stolen-macos-s1ngularity-attack/
-
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities.”Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the…
-
BadSuccessor After Patch: Using dMSAs for Credential Theft and Lateral Movement in AD
Akamai researchers evaluated Microsoft’s patch for the BadSuccessor vulnerability (CVE-2025-53779) to determine its scope and limitations. While the update effectively blocks the original direct escalation path, the core mechanics of BadSuccessor remain exploitable under specific conditions. In this article, we examine how attackers can continue to leverage delegated Managed Service Accounts (dMSAs) for credential theft…
-
New TamperedChef Attack Uses Weaponized PDF Editor to Steal Sensitive Data and Login Credentials
Cybersecurity researchers at Truesec have uncovered a sophisticated malware campaign distributing a weaponized PDF editor under the guise of >>AppSuite PDF Editor.