Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Tactical anti-infostealer defenses to reduce credential theft and session abuse

Defensive Guidance
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Security teams are being told to harden against infostealers with specific technical controls, because stolen credentials and session artifacts can enable unauthorized access and downstream ransomware activity. The guidance emphasizes moving beyond basic hygiene and implementing measures such as FIDO2 MFA, forced re-authentication, and cookie replay detection. It also highlights monitoring for suspicious or impossible travel to catch stolen-session abuse before it spreads.

Related Happenings

Healthcare phishing defense guidance for VPN MFA and continuous training

Defensive Guidance
First: 22.05.2026 16:17 Last: 22.05.2026 16:17 Sources 1

About this happening: Healthcare defenders were urged to treat **phishing** as a top priority, which matters because social engineering is a direct path to **credential abuse** in clinical environments...

Open Happening

CISA and NCSC-UK China-nexus covert device networks advisory

Advisory/Mitigation
First: 23.04.2026 15:00 Last: 23.04.2026 15:00 Sources 1

About this happening: **CISA** and **NCSC-UK** released a new advisory warning organizations about **Chinese government-linked** covert networks built from **compromised devices**. The guidance says we...

Open Happening

Microsoft AiTM payroll pirate attack mitigation

Advisory/Mitigation
First: 10.04.2026 14:56 Last: 10.04.2026 14:56 Sources 1

About this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...

Open Happening

Venom PhaaS SharePoint QR-code campaign targeting C-suite executives

Campaign
First: 03.04.2026 11:00 Last: 03.04.2026 11:00 Sources 1

About this happening: The **Venom PhaaS** operation ran a **credential theft campaign** against **C-suite executives and senior personnel** at major global organizations, creating a broad risk of accou...

Open Happening

Tycoon2FA phishing campaign resumes after takedown

Campaign
First: 23.03.2026 18:05 Last: 23.03.2026 18:05 Sources 1

About this happening: **Tycoon2FA** has resumed a **broad phishing campaign** after a **major takedown**, and it is again **compromising email accounts** while **bypassing MFA**. The operation uses **a...

Open Happening

Timeline

  1. 17.10.2025 11:30 2 articles · 7mo ago

    Security teams urged to deploy anti-infostealer defenses

    Initial Disclosure

    At ISACA Europe 2025, Tony Gee of 3B Data Security described infostealers as a driver of the current ransomware wave, noted that stealer logs can be bought for as little as $10 on dark web marketplaces, and urged security teams to harden identity and session controls with FIDO2-enabled MFA, forced re-authentication, shorter token lifetimes, cookie replay detection, and suspicious or impossible travel monitoring.

    Show sources
    Open in new tab