Credential-stealing Chrome extensions target enterprise HR platforms

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP ...
CSO Online

Five Chrome extensions caught hijacking enterprise sessions

Malicious Chrome extensions posing as productivity tools were found stealing session tokens, blocking security controls, and ...
The Hacker News

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft reports a multi-stage AitM phishing and BEC campaign abusing SharePoint, inbox rules, and stolen session cookies to ...
InfoWorld

GitLab 2FA login protection bypass lets attackers take over accounts

The platform warns users of on-premises versions to upgrade to the latest versions; SaaS and web versions have been patched.
SecurityWeek

Why Identity Security Must Move Beyond MFA

Organizations with a comprehensive identity security strategy are better positioned to defend against evolving threats and ...

Hackers exploited SharePoint to steal credentials from multiple energy companies

Microsoft uncovered how attackers bypassed security measures and stayed hidden inside compromised mailboxes for days.

Aadhar lock: You can now lock and unlock your Aadhar card, here's how you can do it

The biometrics of Aadhaar can be locked through the Unique Identification Authority of India (UIDAI) self-service portal.
Security Info Watch

From Malicious to Manipulated: How AI Is Redefining Insider Threat Detection

Insider threats increasingly stem from compromised, careless, or fabricated identities. AI is emerging as the critical ...
Security Boulevard

Bearer Tokens Explained: Complete Guide to Bearer Token Authentication & Security

Learn how bearer tokens work in OAuth 2.0 and CIAM. A complete guide for CTOs on bearer token authentication, security risks, and best practices.
Microsoft

Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint

Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting ...
SecurityWeek

Phishers Abuse SharePoint in New Campaign Targeting Energy Sector

Microsoft warns of a new AitM phishing and BEC campaign targeting the energy sector with SharePoint-hosted malicious payloads ...
Infosecurity Magazine

Malicious Google Chrome Extensions Hijack Workday and Netsuite

Users of widely used HR and ERP platforms targeted with malicious extensions which were available in the Chrome Web Store ...