Leading data breach cross-checking service Have I Been Pwned has added about 71 million email addresses from "Naz.API," a new dataset circulating on the dark web that contains a massive collection of leaked credentials and plaintext passwords.
Guardicore discovered that the Microsoft Exchange server’s Autodiscover feature design flaw leaked credentials of 100,000 users by trying to authenticate on untrusted third-party servers.