In recent months, the insider problem has become increasingly important for large companies , and one recent episode involved CrowdStrike. The cybersecurity firm has in fact removed an employee believed to have shared confidential information on the company’s internal systems with a group of hackers. Reviewed by TechCrunch , the screenshots revealed internal dashboards, including an Okta Single Sign-On (SSO) panel that employees used to access company applications. Although the hackers claimed to have received authentication cookies , CrowdStrike maintains that its security operations center detected the activity before any malicious access could be fully established. It further reported that the leaked

The developers of password manager LastPass have warned users of a large-scale phishing campaign that began in mid-October 2025. Attackers are sending emails containing fake requests for emergency access to the password vault, related to the death of users. According to experts, the financially motivated hacker group CryptoChameleon (also known as UNC5356 ) is behind this campaign. The group specializes in cryptocurrency theft and previously attacked LastPass users in April 2024. The new campaign has proven to be extensive and technologically advanced: attackers are now hunting not only master passwords, but also passkeys. CryptoChameleon uses a specialized phishing kit that targets cryptocurrency

The U.S. Department of Justice and British police have charged Talha Jubair, 19, a resident of East London, who investigators believe is a key member of Scattered Spider , a group responsible for a series of extortion attacks targeting major businesses and government agencies. According to the file, from May 2022 to September of this year, attackers carried out at least 120 intrusions, affecting 47 organizations in the United States, and the total amount of payments exceeded $115 million. A parallel case in London involves an attack on Transport for London in August 2024, in which 18-year-old Owen Flowers was involved along

The authors of the PoisonSeedphishing campaign have found a way to bypass FIDO (in this case, FIDO2 with WebAuthn) using the cross-device authentication mechanism implemented in WebAuthn. The attackers convince victims to approve login requests from fake corporate portals. Please note that the PoisonSeed campaign is based on phishing, the ultimate goal of which is financial fraud. In the past, attackers have hacked corporate accounts for email marketing purposes and sent users letters containing pre-set seed phrases for cryptocurrency wallets. In the new attacks identified by Expel experts, attackers are not exploiting a vulnerability in FIDO mechanisms, but are abusing a legitimate

By Cyber Defense Center Maticmind (Andrea Mariucci, Riccardo Michetti, Federico Savastano, Ada Spinelli) The Scattered Spider threat actor, UNC9344, made its appearance in 2022 with two targeted attacks on Caesars and MGM casinos. Belonging to the informal group “The Com,” UNC3944 is known for its sophisticated social engineering tactics and its ability to navigate cloud environments. SCATTERED SPIDER uses a variety of techniques to gain access to victims’ systems, including stealing administrative credentials through phishing attacks via email, SMS, SIM swapping, and impersonating IT/helpdesk staff, as well as legitimate software such as AnyDesk and ScreenConnect to maintain persistence. The group is also