Fake Invitation Phishing Campaign Steals Credentials From U.S. Organizations
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S.
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1078 — Valid Accounts (Initial Access)
Clear filter50 articles found
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes durin...
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Ve...
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
Verizon’s 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, as AI accelerates attacks, patching delays ...
VoidStealer Malware Targets Chrome Data Despite Built-In Browser Protections
A newly discovered infostealer called VoidStealer is raising concerns after researchers revealed it can bypass Google Chrome’s App-Bound Encryption (ABE), a ...
How Storm-2949 turned a compromised identity into a cloud-wide breach
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident...
Avada Builder WordPress plugin flaws allow site credential theft
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and ...
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond trad...
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber...
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code...
Over 70% of organizations hit by identity breaches
Attackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Ide...
When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
Overview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In Apr...
Weaponized JPEG file Drops Trojanized ScreenConnect Malware
Hackers are abusing a weaponized JPEG file to quietly install a trojanized version of the ConnectWise ScreenConnect remote‑access tool on Windows systems, en...
Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks
Palo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warn...
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any a...
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America...
Iranian cyber espionage disguised as a Chaos Ransomware attack
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without en...
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugi...
Malicious PyTorch Lightning update hits AI supply chain security
A malicious PyTorch Lightning update (v2.6.
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate em...