#account-takeover tag

Google, Microsoft account takeover made easy via VoidProxy

The phishes target any Google and Microsoft accounts, from small businesses to large enterprises, we're told. And while Okta didn't have a confirmed victim count, "we have observed high-confidence account takeovers in multiple entities," the threat intel team told us. "By extension, we expect Microsoft and Google will have observed a larger number of ATO events, given that VoidProxy proxies non-federated users directly with Microsoft and Google servers."

Information security

fromThe Hacker News

6 days ago

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

"A potential attacker could take over customer accounts in Adobe Commerce through the Commerce REST API," Adobe said in an advisory issued today. The issue impacts the following products and versions - Adobe Commerce (all deployment methods): 2.4.9-alpha2 and earlier 2.4.8-p2 and earlier 2.4.7-p7 and earlier 2.4.6-p12 and earlier 2.4.5-p14 and earlier Adobe Commerce B2B: 1.5.3-alpha2 and earlier 1.5.2-p2 and earlier 1.4.2-p7 and earlier

E-Commerce

Information security

fromTheregister

6 days ago

Pentagon left livestream keys exposed, hijack risk included

Pentagon publicly posted streaming platform stream keys on DVIDS, exposing military social accounts to hijacking; the vulnerability has been addressed with new keys and fixes.

Information security

fromThe Hacker News

6 days ago

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Threat actors exploit Axios and Microsoft Direct Send to spoof trusted senders, bypass gateways, and drive highly successful phishing and account takeover campaigns across industries.

Information security

fromSecuritymagazine

1 week ago

Account Profile Scam Targets PayPal Users

Sophisticated phishing campaign spoofs PayPal emails to prompt victims to call scam-linked numbers or click links that grant attackers secondary account access.

Information security

fromThe Hacker News

2 months ago

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

Security flaws in Microsoft's Entra ID may allow for account takeovers in multiple SaaS applications.

#cybersecurity

fromThe Hacker News

3 months ago

Growth hacking

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

fromThe Hacker News

4 months ago

Privacy professionals

Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About

fromThe Hacker News

3 months ago

Growth hacking

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

fromThe Hacker News

4 months ago

Privacy professionals

Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About

Chrome vulnerability allowing account takeover fixed

Google has issued an emergency Chrome update to address a severe security vulnerability allowing account takeovers.

#account-takeover#account-takeover

Google, Microsoft account takeover made easy via VoidProxy

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Pentagon left livestream keys exposed, hijack risk included

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Account Profile Scam Targets PayPal Users

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About

Chrome vulnerability allowing account takeover fixed

#account-takeover
#account-takeover