CyberSecurityBoard
Sponsor Register Login

Hackers Weaponize Gamma Tool Via Cloudflare Turnstile to Steal Microsoft Credentials

Abnormal Security researchers identified this campaign as part of a growing trend of “living-off-trusted-sites” (LOTS) attacks, where threat actors exploit legitimate services to host malicious content. This campaign highlights the growing sophistication of phishing attacks and emphasizes the need for organizations to implement advanced security solutions that can detect context-based threats rather than relying solely on traditional indicators of compromise. “What makes this campaign particularly dangerous is its use of Gamma, a relatively new platform that employees may not recognize as a potential vector for phishing attacks,” noted the security team. This newly identified attack chain demonstrates how threat actors are increasingly leveraging legitimate platforms to bypass security controls and deceive unsuspecting victims. Cybersecurity experts have uncovered a sophisticated multi-stage phishing campaign that exploits Gamma, an AI-powered presentation tool, to deliver credential-harvesting attacks targeting Microsoft account users. This sophisticated approach demonstrates how modern phishing campaigns have evolved beyond simple credential harvesting to implement complex technical mechanisms that can circumvent even robust security measures. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This addition serves a dual purpose: preventing automated security tools from analyzing the malicious content while simultaneously increasing the perceived legitimacy of the page. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The infection chain concludes at a convincing replica of a Microsoft SharePoint login portal, where the page design mimics Microsoft’s UI patterns with a modal-style login window overlaid on a blurred background. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 17:00:11 +0000


Cyber News related to Hackers Weaponize Gamma Tool Via Cloudflare Turnstile to Steal Microsoft Credentials

Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
1 year ago Techtarget.com
Hackers Exploit Gamma AI to Create Sophisticated Phishing Redirectors - These malicious actors are exploiting Gamma’s advanced capabilities to host phishing redirect pages directly on the legitimate domain, gamma.app, raising concerns about the misuse of AI-powered tools in cyberattacks. Cybercriminals are ...
3 weeks ago Cybersecuritynews.com
Cloudflare Dashboard and APIs down after data center power outage - An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose ...
1 year ago Bleepingcomputer.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
9 months ago Bleepingcomputer.com
Hackers Weaponize Gamma Tool Via Cloudflare Turnstile to Steal Microsoft Credentials - Abnormal Security researchers identified this campaign as part of a growing trend of “living-off-trusted-sites” (LOTS) attacks, where threat actors exploit legitimate services to host malicious content. This campaign highlights the ...
2 days ago Cybersecuritynews.com
How to Arm Yourself With CloudFlare Security Solutions - Securing your website or digital asset is a critical part of running a successful business or website. With the rise of the digital era, the need to protect yourself from cyber-attacks is essential. That's why CloudFlare, the leading cloud solution ...
2 years ago Blog.cloudflare.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
1 year ago Go.theregister.com
SectopRAT as Weaponized Cloudflare Turnstile Challenge Attacks Windows Users - The final stage delivers the full SectopRAT payload, which establishes a connection to attacker servers and begins monitoring user activity, capturing keystrokes, and exfiltrating valuable data including stored credentials, financial information, and ...
3 weeks ago Cybersecuritynews.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Threat Actors Using Fake CAPTCHAs & CloudFlare Turnstile to Deliver LegionLoader - The threat actors are leveraging fake CAPTCHAs and CloudFlare Turnstile to distribute the LegionLoader malware, ultimately leading to the installation of a malicious browser extension designed to steal sensitive user data. Netskope Threat Labs has ...
1 week ago Cybersecuritynews.com
Cloudflare R2 service outage caused by password rotation error - The absence of safeguards and validation checks for high-impact actions led to the outage, prompting Cloudflare to plan and implement additional measures for improved account provisioning, stricter access control, and two-party approval processes for ...
3 weeks ago Bleepingcomputer.com
New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code - The infection flow begins with injected JavaScript on compromised websites, which retrieves malicious code from blockchain smart contracts, ultimately leading to the display of fake security challenges. The latest variant, discovered in December ...
1 month ago Cybersecuritynews.com
Cloudflare hacked using auth tokens stolen in Okta attack - Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The threat actor first gained access ...
1 year ago Bleepingcomputer.com
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
1 year ago Bleepingcomputer.com APT29
Hackers Abuse Cloudflare Services for Sophisticated Phishing Attacks - The attacks, which began emerging in early 2025, leverage Cloudflare Workers and Pages to host malicious content that easily bypasses traditional security filters due to the trusted nature of Cloudflare’s infrastructure. Cybersecurity experts ...
2 weeks ago Cybersecuritynews.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
6 months ago Unit42.paloaltonetworks.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
Content Credentials Show Promise, But Ecosystem Still Young - It's a good start, but an end-to-end workflow requires more: Cameras or smartphones to generate signed images, support for Content Credentials in a wide variety of image-editing software, and the ability to view authenticated metadata on social ...
1 month ago Darkreading.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 week ago Cybersecuritynews.com
Cloudflare Incident on January 24th, 2023 - An Overview - On January 24th, 2023, Cloudflare experienced an incident that impacted its customers globally. In this article, we will provide an overview analysis of the incident, its impacts on SEO, security, threats, etc. ...
2 years ago Blog.cloudflare.com
Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse - After a relatively quiet final Patch Tuesday of 2023, Microsoft published warnings this week about the potential for gift card fraud and hackers abusing a popular authentication technology. Alongside the warnings, Microsoft said it recently used a ...
1 year ago Therecord.media
Cloudflare Unveils AI Labyrinth: A New Approach to Exhaust AI Crawlers - By turning AI against itself, Cloudflare has developed an innovative solution that protects website content and demonstrates its dedication to safeguarding original content creators from unauthorized data scraping. As AI-generated content continues ...
3 weeks ago Cybersecuritynews.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
2 weeks ago Cybersecuritynews.com
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)