Lucene search
+L

38 matches found

Microsoft Secure
Microsoft Secure
added 2026/05/04 3:0 p.m.10 views

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

In this article 1. Multi-step social engineering campaign leading to credential theft 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Hunting queries 5. Indicators of compromise Phishing campaigns continue to improve sophistication and refinement in blending social...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 12:3 p.m.5 views

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using adversary-in-the-middle AitM phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actor...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/30 11:5 a.m.28 views

Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool

A China-aligned advanced persistent threat APT group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle AitM attacks. "Spellbinder enables adversary-in-the-middle AitM attacks, through IPv6 stateless address autoconfiguratio...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/11 6:2 p.m.12 views

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observ...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/30 1:5 p.m.17 views

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking , could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and accou...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/10/15 5:28 a.m.13 views

BEC-ware the phish (part 1). Investigating incidents in M365

TL;DR Review the key artefacts to ensure the best possible telemetry is available in the case of a Business Email Compromise BEC. Keep an eye on data retention, where necessary export or forward data for investigations longer than 30 days. Verify and enable Unified Audit Logging, its free and giv...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/29 11:26 a.m.19 views

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Attackers are increasingly using new phishing toolkits open-source, commercial, and criminal to execute adversary-in-the-middle AitM attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MF...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/05 4:16 a.m.37 views

China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider ISP to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. Evasive Panda, also known by the names Bronze Highlan...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/27 9:2 a.m.15 views

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle Ai...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/16 4:2 p.m.23 views

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all...

7.3AI score0.00716EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/05/09 5:55 p.m.34 views

New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

Researchers have detailed a Virtual Private Network VPN bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 CVSS score: 7.6. It impac...

7.6CVSS6.6AI score0.04063EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/02/12 11:14 a.m.34 views

4 Ways Hackers use Social Engineering to Bypass MFA

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication MFA. With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/25 10:8 a.m.79 views

China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle AitM attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat APT...

9CVSS5.9AI score0.99876EPSS
Exploits26
RedHat Linux
RedHat Linux
added 2024/01/10 6:38 p.m.3 views

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

8.7CVSS5.8AI score0.0117EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/01/10 4:0 a.m.101 views

CVE-2024-0056

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

8.7CVSS7.9AI score0.0117EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/11/13 5:27 a.m.33 views

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service PhaaS operation called BulletProofLink. The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police AFP and the U.S. Federal Bureau of Investigation...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/26 1:56 p.m.35 views

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financiall...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/09 12:36 p.m.43 views

Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle AiTM phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in Jul...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/29 5:56 a.m.69 views

Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

Microsoft is warning of an increase in adversary-in-the-middle AiTM phishing techniques, which are being propagated as part of the phishing-as-a-service PhaaS cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/11 2:23 p.m.33 views

Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle AitM attacks at the...

7.3AI score
Exploits0
Rows per page
Query Builder