How to Detect AiTM Phishing Attacks
AiTM attacks bypass MFA completely — attackers steal sessions while your tools see nothing wrong. Here is how to detect them.
Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.
Search across headline titles and summaries.
Background for this topic.
Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.
Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.
AiTM attacks bypass MFA completely — attackers steal sessions while your tools see nothing wrong. Here is how to detect them.
The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. [...]
Two malicious extensions in Microsoft's Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers. [...]
South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. [...]
Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts
Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. [...]
Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files.
Admins say attackers are still getting in despite recent patches FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who've figured out how to sidestep SSO protections and grab sensitive settings right out of the box.…
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users
Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf. [...]
TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions.
Loan phishing operation in Peru is stealing card info by impersonating financial institutions
Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization
ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.…
Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem
eSync Alliance Chair Shrikant Acharya on How Standardization Can Prevent BreachesOver-the-air updates are an irreplaceable part of software-defined vehicles, giving manufacturers a convenient way of remotely fixing and upgrading vehicles. If not appropriately secured, over-the-air updates can become a gateway for data theft, malware injection, vehicle theft and even injury.
AI Agent Can Access File Upload API to Exfiltrate DocumentsSecurity researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about.
A Tennessee man has pleaded guilty to hacking the U.S. Supreme Court's electronic filing system and breaching accounts at the AmeriCorps U.S. federal agency and the Department of Veterans Affairs. [...]