Maryland-based security firm INKY Security tracked attack activity related to the vulnerability from mid-May through mid-July. The phishing attack relies on a known open redirect vulnerability (CWE-601) and popular brand recognition to deceive and harvest credentials from unsuspecting Google Workspace and Microsoft 365 users.
https://www.techspot.com/news/95546-hackers-target-unsecured-amex-snapchat-sites-steal-user.html?utm_source=dlvr.it&utm_medium=blogger
https://www.techspot.com/news/95546-hackers-target-unsecured-amex-snapchat-sites-steal-user.html?utm_source=dlvr.it&utm_medium=blogger