Category: Cyber Threat Intelligence
-
How Threat Actors Are Abusing Microsoft Entra ID Self-Service Password Reset (SSPR) to Compromise Cloud Environments
Threat actors are increasingly leveraging Microsoft Entra ID’s Self-Service Password Reset (SSPR) feature to conduct highly targeted, identity-driven attacks. Advanced threat groups, such as Storm-2949, have demonstrated how legitimate account recovery functionality can be manipulated to gain access to high-value executive and IT accounts. Once access is obtained, attackers move beyond traditional account compromise, targeting… Read more
-
Using AI Responsibly: Risks, Incidents, and Controls
Summary AI chatbots, including Claude, ChatGPT, or any other AI-powered chatbot, carry the inherent risk of unauthorized data exposure/loss. Since the introduction of AI chatbots to the public, multiple incidents have occurred that have either directly or indirectly resulted in unwanted data exposure. Non-exhaustive but impactful ways to reduce risk can be with AI usage… Read more
-
Major Web Attacks: The Impact of the Shai-Hulud Worm
The Shai-Hulud Worm: What is it? How is it different? Shai-Hulud is a novel, self‑propagating software supply chain worm that targets the NPM (Node Package Manager) ecosystem and associated development, CI/CD, and cloud-connected environments. Historically, supply chain compromises required a human threat actor to breach a vendor, modify a product or update mechanism, and then… Read more
-
Your Devices May Be Spying on You — And You Would Never Know
For anyone who frequently shops online, you may have noticed an increase in the number of electronic products sold by obscure, unheard of companies. Many of these products come with unbelievably, surprisingly affordable prices. A 4K projector with dual-band WiFi 6, 5G wireless, Bluetooth 5.2, and Android 13 for $54. What a deal. It almost… Read more
-
Salesforce Breaches 2025
The second half of the year came with several waves of Salesforce-related breach incidents. Starting in August, researchers first linked the threat actors UNC6395/ShinyHunters. They were conducting a widespread campaign that targeted Salesforce environments by using compromised OAuth tokens linked to Salesloft’s Drift AI customer-engagement integration. The second wave can be considered more of a… Read more
-
Artificial Intelligence Threat Landscape
Artificial Intelligence (AI) is one of the fastest-growing aspects of the tech industry. Whether for professional or personal use, AI is a part of almost everyone’s life, from Google searches to work applications. As AI capabilities expand and more use cases emerge, the risk of exploitation also increases. While AI is a tool that IT… Read more
-
What is Email Bombing?
Email bombing is a disruptive tactic in which a threat actor deliberately floods a victim’s inbox with thousands of unsolicited or automated messages in a short period of time. Discovering your inbox under an email bombing attack requires fast, deliberate action. Threat actors use email bombing as a tool for disruption and facilitation of further… Read more
-
Deepfakes (Voice and Video): DefendEdge Executive Brief Risks, Tools, Detection, and Client-Facing Guidance
Executive Summary Voice and video deepfakes are actively used to impersonate senior leaders and push payments, credentials, and malware in real time. Recent events include an attempted impersonation of WPP executives that staff blocked, and North Korea–aligned BlueNoroff using deepfaked Zoom calls to deliver macOS malware. The FBI’s Internet Crime Complaint Center (IC3) warned on… Read more
-
The Truth Behind the “Brushing” Cyber Scam
Of the various forms of e-commerce fraud, one of the lesser-known yet prevalent kinds is the brushing scam. This scam appears harmless; receivers will simply get a package they never ordered. However, behind every “free gift” is a manipulative operation abusing personal data and online trust. Description:The goal behind brushing scams are to generate fake… Read more
-
Session Hijacking
There are many different types of session hijacking, including session fixation, man-in-the-middle attacks, and active session hijacking. In active session hijacking, an attacker takes over a live session by stealing the session ID while the victim is already logged in. This can be done through methods such as network sniffing or cross-site scripting. The goal… Read more