#account takeover
16 stories taggedaccount takeover.

Spanish Startup 8Layers Has Raised $2.9 Million to Track Every Digital Identity Inside a Business
The Madrid company says its platform watches human accounts, software service accounts, and AI agents across cloud tools, then flags suspicious behaviour before it becomes a breach.

Passkeys Are Winning the Login Fight. Attackers Are Moving to the Verification Step.
Credential stuffing is fading as passkeys go mainstream. The next account takeover battle is happening at password resets, help desks, and identity checks.

Fake DoorDash Calls Are Draining Delivery Drivers' Wallets
Criminals are posing as DoorDash support staff, tricking gig workers into handing over account details, then quietly emptying their earnings. One driver lost $21,000.

Fake Teams Invites Are Tricking Microsoft 365 Users Into Handing Over Their Accounts
A phishing crew is skipping the fake login page and walking victims straight through Microsoft's own device sign-in flow.

Behavioral AI vs. modern email attacks: what a vendor webinar actually promises
A live session pitches behavioral analysis as the answer to phishing, BEC and account takeover. Here's what that means in plain English, and where the hard parts still sit.

SSU, FBI Detail Russian Phishing Op Targeting Signal and Telegram Accounts
Ukrainian counterintelligence says GRU and FSB-linked operators ran fake tech-support flows against officials' messengers across Ukraine, Europe, and the U.S.

Account Takeovers Still Outrunning Detection, Vendors Push Behavioral AI as Answer
Compromised credentials remain the cheapest entry point on criminal marketplaces. A new webinar argues behavioral models, not static rules, are the only way to close the gap.

Third DraftKings Credential-Stuffing Conspirator Sentenced to 18 Months
Nathan Austad gets a year and a half in federal prison, plus $1.8 million in forfeiture and restitution, closing out the last of the DraftKings account-takeover prosecutions.

Email security teams are buried in alerts. Behavioral AI vendors say they have an answer.
Phishing, BEC and account takeover noise keeps SOCs busy. A new webinar pitches behavioral detection as the way to cut through it.

Mastra npm Namespace Hit: 145 Packages Tampered After Contributor Account Hijack
Researchers tracking the 'easy-day-js' supply chain incident say a single compromised maintainer account was sufficient to push malicious versions across the @mastra/* registry footprint.

Someone Wallpapered the @mastra npm Namespace With Malicious Builds
A hijacked maintainer account pushed 144 booby-trapped packages across the Mastra AI framework before anyone noticed. The attacker called it 'easy-day-js.' It was.

Behavioral AI Pitched as Triage Layer for Phishing and ATO Floods
A vendor webinar argues that pattern-learning models can cut investigation time on BEC and account takeover incidents. The harder question: what does that mean for breach-notification timelines?

Tchap Account Takeover Exposes 73,000 French Government Users
France's sovereign messaging platform wasn't broken — a user was. Social engineering got an attacker inside, and unencrypted public rooms did the rest.

World Cup 2026 Phishing Infrastructure Is Already Stood Up
Lookalike FIFA domains, trojanized streaming apps, and credential harvesters are live weeks before kickoff. The pattern is familiar; the scale isn't.

Meta's AI Support Bot Handed Out Password Resets to Anyone Who Asked Nicely
A pro-Iran Telegram channel published a walkthrough showing how Instagram's conversational recovery assistant could be talked into linking attacker-controlled email addresses to target accounts. The Obama White House and a senior U.S. Space Force account were briefly defaced.