Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments

A new proof-of-concept attack dubbed Cookie-Bite demonstrates how a malicious Chrome extension can steal Azure Entra ID session cookies to bypass multi-factor authentication (MFA) and maintain unauthorized access to Microsoft cloud services.

SheByte PaaS Launches Subscription Service for Cybercriminals

Launched in June 2024, SheByte has rapidly gained traction among cybercriminals by offering customizable phishing kits and a subscription model, signaling a durable presence in the threat landscape.

Billbug: Intrusion Campaign Against Southeast Asia Continues

A newly uncovered espionage campaign by the Billbug group (aka Lotus Blossom, Lotus Panda, Bronze Elgin) targeted multiple Southeast Asian organizations between August 2024 and February 2025.

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

A widespread and ongoing SMS phishing (smishing) campaign has been targeting toll road users across eight U.S. states since mid-October 2024. The campaign impersonates electronic toll systems.

SCAMONOMICS THE DARK SIDE OF STOCK & CRYPTO INVESTMENTS IN INDIA

A coordinated fraud campaign is targeting investors using fake investment platforms, impersonation tactics, and compromised legitimate websites. These schemes aim to steal financial data and defraud victims through social engineering.

Dark Web Market: STYX Market

STYX Market is a rapidly growing dark web marketplace that has emerged as a central hub for financially motivated cybercriminals. Launched in 2023, it specializes in the sale of stealer logs, access credentials, and identity documents.

CISA warns of increased breach risks following Oracle Cloud leak

On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks.

Around the World in 90 Days: State-Sponsored Actors Try ClickFix

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over three months from late 2024 through the beginning of 2025.

LabHost: A defunct but potent phishing service

LabHost, a sophisticated PhaaS platform, enabled widespread credential theft and fraud by offering an end-to-end phishing campaign infrastructure. Its takedown in April 2024 marked a significant disruption in the cybercrime ecosystem.

North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil

North Korean hackers sent more than 120,000 phishing emails to nearly 18,000 individuals over a three-month campaign that impersonated South Korea’s Military Counterintelligence Command’s communication during the Martial Law turmoil.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags