Wednesday , February 5 2025

Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

infosecbulletin 10 hours ago Alert, Cyber Attack, Vulnerabilities

Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers.

ATO attacks leveraging HTTP clients by volume of affected user-accounts (JAN – DEC 2024).

These tools enable customization of request methods (like GET, POST, PUT, DELETE), headers, and payloads, making them useful for both legitimate and malicious activities.

AMD Patches CPU Vulnerability

By infosecbulletin / Wednesday , February 5 2025
AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure Encrypted Virtualization (SEV) protection, potentially...
Read More
AMD Patches CPU Vulnerability

Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

By infosecbulletin / Wednesday , February 5 2025
Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants...
Read More
Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

By infosecbulletin / Wednesday , February 5 2025
Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8)...
Read More
Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability

By infosecbulletin / Tuesday , February 4 2025
Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow...
Read More
CVE-2025-21415 Microsoft Patches Critical Azure AI Face Service Vulnerability

Daily Security Update Dated:4.02.2025

By infosecbulletin / Tuesday , February 4 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated:4.02.2025

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

By infosecbulletin / Tuesday , February 4 2025
In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in...
Read More
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

.Gov Domains Weaponized in Phishing Surge

By infosecbulletin / Monday , February 3 2025
A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to...
Read More
.Gov Domains Weaponized in Phishing Surge

RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS

By infosecbulletin / Sunday , February 2 2025
The cybersecurity seminar "RedSentry presents: Hacked 101," organized by RedSentry with the University of Information Technology and Sciences (UITS) as...
Read More
RedSentry presents Hacked 101 Seminar Successfully Ended at UITS

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

By infosecbulletin / Sunday , February 2 2025
Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...
Read More
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

By infosecbulletin / Sunday , February 2 2025
This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI's ChatGPT, DeepSeek, and Alibaba's Qwen. After its...
Read More
ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

In February 2018, Proofpoint researchers found a widespread campaign targeting Microsoft 365 environments that used an unusual version of the OkHttp client (‘okhttp/3.2.0’).

Proofpoint researchers observed that a nearly four-year campaign targeted high-value individuals, particularly C-level executives and privileged users.

   Volume of Node Fetch based account takeover attacks, by targeted vertical (JUN-DEC 2024).

Attackers used user enumeration to find valid email addresses before launching spear phishing and password spraying attacks.

Since 2018, HTTP clients have been key in account takeover (ATO) attacks. By early 2024, OkHttp variants were popular, but by March 2024, a wider variety of HTTP clients emerged.

A recent campaign using the Axios HTTP client successfully compromised 43% of targeted user accounts. When combined with Adversary-in-the-Middle (AiTM) platforms like Evilginx, Axios can steal credentials, MFA tokens, and session tokens. To read full report click here.

Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

 

Check Also

2023

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin