Let’s get something straight: most “holiday breaches” don’t start during the holidays – we already covered last week.They continue during the holidays. We didn’t exploit a 0day.We didn’t phish anyone on December 29th.We didn’t bruteforce a login. We reused an identity that was already trusted, and that’s the part everyone keeps missing. The myth: “no […]
Holiday periods create ideal conditions for identity-based attacks: reduced monitoring, delayed response, and persistent access. This PacketHunters analysis explains why attackers prefer holidays and how identity abuse accelerates when vigilance drops.
North Korean threat actors are stealing cryptocurrency through fake Zoom meetings by exploiting trust, screen sharing, and malware delivery instead of blockchain vulnerabilities. These attacks rely on advanced social engineering, targeting crypto founders, developers, and investors to drain wallets and launder funds for state-sponsored operations.
Single Sign-On simplifies access but concentrates trust. This PacketHunters analysis explores how SSO misconfigurations turn identity providers into single points of failure, enabling attackers to pivot across entire organizations using one inherited identity.
Behind every identity-based attack there are humans making decisions, trusting signals, and interpreting reality. In this Decoded episode, the Baited team reflects on identity not as a technical construct, but as a human experience shaped by fatigue, trust, culture, and context.
OAuth tokens are designed to simplify authentication, but when stolen, they allow attackers to bypass passwords and MFA entirely. This PacketHunters deep dive explores how OAuth token theft works, why it enables silent identity takeover, and how modern phishing campaigns exploit session-based authentication.
Digital identities are breaking under pressure – deepfakes, credential leaks, synthetic users, token theft. Identity Month opens by exploring why identity resilience is now the foundation of cybersecurity, and how companies must evolve from access control to continuous verification.
Attackers use AI assistants, leaked aliases, and prompt hijacking to run precise Black Friday phishing campaigns. Here’s how these threats work end-to-end.
The Iberia data breach exposed 77GB of Airbus fleet maintenance files — a stark reminder that aviation security collapses when devices are trusted blindly. This #PacketHunters unpacks Zero Trust for airlines, lists recent aviation breaches, and shows CISOs how device-posture enforcement stops infostealers before they reach critical systems.
In a world where endpoints move faster than your perimeter ever could, Zero Trust becomes a system of continuous verification, not a framework on paper. This article unpacks why context-aware, AI-driven endpoint defense is now the backbone of real security.
