UNC6395 Expands Data Theft Campaign to Email OAuth Tokens
Google researchers discovered the new attacks and are advising all customers to treat any authentication tokens for those integrations as compromised.
Author Bio
Dennis Fisher
Editor
Dennis Fisher is an award-winning journalist and author. He is one of the co-founders of Decipher and Threatpost and has been writing about cybersecurity since 2000. Dennis enjoys finding the stories behind the headlines and digging into the motivations and thinking of both defenders and attackers. He is the author of 2.5 novels and once met Shaq. Contact: dennis at decipher.sc.
Featured Articles
Citrix CVE-2025-7775 Under Active Attack
The vulnerability (CVE-2025-7775) is a buffer overflow that can lead to remote code execution and attackers were already targeting it before the public disclosure.
CISA, Microsoft Warn of Exchange CVE-2025-53786 Risk
CISA has issued an emergency directive regarding the recently disclosed and somewhat weird vulnerability in Microsoft Exchange hybrid deployments (CVE-2025-53786), ordering all civilian federal agencies to address the flaw by Aug. 11.
Attacks Hit Possible SonicWall Zero Day
Attackers are exploiting a likely zero day vulnerability in some versions of SonicWall Firewall devices with the SSL VPN functionality enabled, and in some cases are able to bypass MFA protections. The intrusions have been ongoing since at least the end of last week, and researchers have observed some attackers deploying the Akira ransomware after […]
New PXA Stealer Campaign Hits Victims Worldwide
A group of attackers with ties to the Vietnamese cybercrime underground ecosystem are running a significant campaign across many different countries that is delivering the PXA Stealer malware and uses novel sideloading and anti-analysis techniques to slip past defensive measures. The campaign has targeted victims in more than 60 countries and the attackers have harvested […]
Microsoft Finds Secret Blizzard Targeting Foreign Diplomats
Microsoft has uncovered a long-running campaign by a threat group affiliated with Russian intelligence that has targeted diplomats working in Russia with a custom tool called ApolloShadow that enables the group to maintain persistence on victims’ devices as part of a cyberespionage operation. The group is known as Secret Blizzard and Microsoft’s researchers found that […]