APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins
The Russia-linked threat group is harvesting credentials for Microsoft’s cloud offering, and targeting mainly election-related organizations.
Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Attackers check the victims’ Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
WordPress Plugin Flaw Allows Attackers to Forge Emails
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.