Avanan's research into hackers using Adobe Cloud to steal O365 and Gmail credentials was featured in Threatpost. Threat actors can create accounts within Adobe and send images and PDFs that appear legitimate, but are instead receptacles for credential harvesting attacks. allows hackers to easily send malicious links via the comment feature. As Threatpost writes:

When the user clicks on the link, he or she is redirected to an Adobe Document Cloud page that includes an “Access Document” button that supposedly leads them to the Adobe PDF. However, that link actually leads to “a classic” credential-harvesting page, which is hosted outside the Adobe suite, according to the report.


Read the rest of the article at Threatpost. And see additional coverage at HelpNet Security, SC Magazine, and TechRadar.