Hackers are increasingly using HTTP client tools to execute account takeover attacks on Microsoft 365, targeting 78% of tenants. Notable clients like OkHttp, Axios, and Node Fetch have facilitated these attacks through phishing and credential theft. Recommendations include enhancing detection, implementing multi-factor authentication, and regularly updating software to mitigate emerging threats.
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Microsoft has warned of a new version of the macOS malware XCSSET, which is now targeting users via infected Xcode projects. The updated malware includes
