Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain...

lemlist: Unauthorized Password Reset Allows Account Takeover Across Tenant Boundaries

An authorization issue was discovered in the application that allowed a tenant admin to change the password of another user within the same tenant, including invited agency accounts. The victim had to first accept the invitation before the attacker could proceed. The issue could allow unintended...

New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security

Building on the momentum of our initial launch of the Microsoft Secure Future Initiative SFI patterns and practices, this second installment continues our commitment to making security implementation practical and scalable. The first release introduced a foundational library of actionable guidanc...

EUVD-2018-18952

Malware in sbrugna...

EUVD-2020-2309

Malware in sbrugna...

EUVD-2021-23725

Malware in sbrugna...

EUVD-2013-0288

Malware in sbrugna...

EUVD-2019-11418

Malware in sbrugna...

EUVD-2020-7881

Malware in sbrugna...

EUVD-2021-1357

Malware in sbrugna...

EUVD-2020-7588

Malware in sbrugna...

EUVD-2021-2457

Malware in sbrugna...

EUVD-2021-15687

Malware in sbrugna...

EUVD-2020-7592

Malware in sbrugna...

EUVD-2024-38580

Malicious code in bioql PyPI...

EUVD-2024-1364

Malicious code in bioql PyPI...

EUVD-2025-15829

Malicious code in bioql PyPI...

EUVD-2023-44667

Malicious code in bioql PyPI...

EUVD-2024-2888

Malicious code in bioql PyPI...

EUVD-2024-22154

Malicious code in bioql PyPI...