All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Attackers exploited passwords stored in Active Directory description fields to deploy ransomware

11d ago· 1 min readenNews
Bagel score 38 of 100
38/100
Stale
Bagelometer

Best dunked in coffee. Better still, swap for a fresh one.

Score38TypenewsSentimentvery negative

Summary

Attackers used a phishing campaign and the Sliver offensive tool to steal credentials, then queried Active Directory where they discovered passwords stored in accessible description fields. This gave them full domain access, allowing them to delete all backups and deploy ransomware that encrypted Hyper-V hypervisors and hosts. The attack affected over 2,000 users, and the company remained offline for months.

Key quotes

· 5 pulled
Attackers used a phishing campaign and the Sliver offensive tool to capture a victim's credentials, then queried Active Directory.
Once inside Active Directory, they found many passwords stored in accessible fields and obtained full domain access.
With that access, they deleted all backups and deployed ransomware.
The ransomware encrypted Hyper-V hypervisors and their hosts, putting 2000+ users out of action.
The company remained offline for months.
Snippet from the RSS feed
Attackers used a phishing campaign and the Sliver offensive tool to capture a victim’s credentials, then queried Active Directory. Once inside Active Directory, they found many passwords stored in accessible fields and obtained full domain access. With th

You might also wanna read

CPUID Website Breach Redirected Software Downloads to Malware

The CPUID website was compromised in a six-hour breach where attackers hijacked backend systems to replace legitimate software downloads (li

theregister.com·2mo ago

Bitwarden CLI 2026.4.0 Compromised in Checkmarx Supply Chain Attack via GitHub Action

Socket researchers discovered that Bitwarden CLI version 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign. Th

socket.dev·1mo ago

Massive Data Breach Compilation: Nearly 2 Billion Email Addresses and 1.3 Billion Passwords Exposed

The article discusses a massive data breach compilation containing nearly 2 billion unique email addresses and 1.3 billion unique passwords,

troyhunt.com·7mo ago

How an Exposed .git Folder Revealed a Phishing Campaign's Operations

A cybersecurity researcher details how an exposed .git folder on a phishing website allowed them to uncover and dox an entire phishing campa

news.ycombinator.com·7mo ago

183M Gmail Passwords Leaked

forbes.com·7mo ago

Windows Defender Vulnerability Allows Malicious File Persistence Through Cloud Tag Detection

The article describes a GitHub repository called 'RedSun' that documents a Windows Defender vulnerability. The vulnerability involves Window

github.com·2mo ago