A Microsoft 365 credential harvesting campaign is exploiting CloudFlare's anti-bot and human verification features to evade detection. Learn how attackers use IP blocklists, user-agent filtering, and obfuscated scripts to bypass security scannersโand what it means for the industry.
@AAKL No.
We deserve an Internet free of #RogueISP|s like @cloudflare that are at best comitted to doing #MITM attacks and most of the time act maliciously by protecting #CSAM & #Malware hosters whilst #doxxing anyone who files an #AbuseReport with them towards the abuser in question!
It's not enough to #FuckCloudflare, we need to #EndCloudflare!
@badsamurai @cR0w @gayint @reverseics @da_667 @legacv @notsle it's called #ClownFlare and it's a #RogueISP!
It has been 0 days since I saw a threat actor depending on protection for their malicious activity from Cloudflare.
#threatintel #Cloudflare #FuckCloudflare
BEC phishing lure -> contiexpert[.]sg -> pub-cf549cc779d94e9ebb2f44e5579515a0.r2[.]dev/View-Pay-Details.html -> scrum.yiodrailoo[.]digital
Oh! Look! I'm looking at what the attackers called out to! Look at that! It's Cloudflare!
RE: https://infosec.exchange/@sparta/115978965426129270
Hear me out on this. What if the reason DDoS attacks are getting this way is because the cybersecurity industry at large is obsessed with big kills and pleaseing the investor class, and not actually making the online world better for everyone.
cR0w 
๐ดโโ ๏ธ
Kevin Karhan 
B'ad Samurai ๐๐บ๐ฆ
Ian Campbell ๐ด
Cybarbie
silverwizard
Robert [KJ5ELX] 