top of page
Posts
FortiBleed: Global Credential-Spraying Operation Uncovered Across Multiple Platforms
Key Findings Multi-operator crew conducted industrial-scale credential-spraying campaign against Fortinet FortiGate SSL VPN devices across 207 countries Campaign generated 1.16 billion login combinations against 320,777 FortiGate endpoints and 2.1 billion attempts against 163,650 MSSQL servers Operators used custom tools running up to 50,000 threads and a 45-way NVIDIA RTX 4090 GPU cluster for password cracking At least four organizations fully compromised, including a Turkis
Jun 212 min read
Critical ArcGIS Account Recovery Vulnerability Exploited in Ongoing Attack Campaign
Key Findings Cybercriminals are actively exploiting ArcGIS Account Recovery configurations to breach customer environments right now Attackers bypass hardened primary login defenses by targeting weaker account recovery mechanisms instead Built-in application accounts with weak security questions or common usernames are primary targets Organizations using centralized identity providers instead of built-in accounts are protected from this specific threat Esri will release a sec
Jun 202 min read
The Gentlemen's GentleKiller: How a Standardized EDR-Killer Framework Emerged as the New Ransomware Threat
Key Findings The Gentlemen ransomware operation has developed GentleKiller, a standardized EDR-killer suite distributed to affiliates before ransomware deployment GentleKiller exists in at least eight variants, each impersonating legitimate products and exploiting different vulnerable drivers via BYOVD technique The framework targets over 400 processes across 48 security products including CrowdStrike, SentinelOne, and Microsoft Defender The Gentlemen adopts newly disclosed e
Jun 203 min read
Passwordless Phishing: How Attackers Hijack Microsoft 365 Through Device Code Authentication
Key Findings A sophisticated phishing-as-a-service kit called EvilTokens exploits Microsoft's legitimate OAuth 2.0 device authorization flow to hijack Microsoft 365 accounts without stealing passwords Attackers trick victims into entering a device code on a real Microsoft login page, which grants the attacker valid access tokens to the compromised account The attack bypasses traditional phishing detection methods by using genuine Microsoft authentication pages, eliminating fa
Jun 204 min read
AutoJack Attack: Web Page Hijacking Enables AI Agent Host Code Execution
Key Findings Microsoft researchers discovered AutoJack, an exploit chain in AutoGen Studio that allows a single web page to execute arbitrary code on a developer's machine The vulnerability exists in the Model Context Protocol (MCP) WebSocket handler and requires no authentication, credentials, or user interaction beyond the agent loading a malicious URL Vulnerable pre-release builds 0.4.3.dev1 and 0.4.3.dev2 were shipped to PyPI, though the stable release 0.4.2.2 is unaffect
Jun 203 min read
bottom of page
