Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
An eSentire report showed credential theft accounted for 74% of all observed cyber threats in 2025
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts
As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security's Blue Report 2025 shows that organizations continue to struggle with preventing
The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints
A Barracuda report found that 92% of organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices
A British Library report found the most likely source of the incident was the compromise of third-party account credentials and no MFA was in place to stop the attackers
A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad
Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials
A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems
Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems