Tag: credentials

Why application security must start at the load balancer

Feb 27, 2026 1:37 PM

Tags: application-security, attack, authentication, breach, business, compliance, control, credentials, defense, detection, encryption, exploit, finance, guide, healthcare, identity, incident response, infrastructure, Internet, nist, risk, service, technology, threat, tool, waf, zero-trust

Internet traffic hits the load balancerThe load balancer forwards traffic as fast as possibleSecurity happens laterThe problem is simple. If the first system doesn’t enforce trust, everything behind it is already compromised by design. Example 1: Financial services: The team invested heavily in downstream security tools. But the load balancer accepted weak TLS versions and…
How to make LLMs a defensive advantage without creating a new attack surface

Feb 27, 2026 12:37 PM

Tags: access, ai, api, attack, authentication, best-practice, business, control, credentials, cyber, cybersecurity, data, email, exploit, framework, fraud, governance, group, identity, infrastructure, injection, intelligence, international, LLM, login, malware, mitre, nist, phishing, radius, RedTeam, risk, risk-management, scam, spear-phishing, switch, technology, threat, tool, training, unauthorized, update, vulnerability

Alert triage summaries that turn raw telemetry into a short “what happened, why it matters and what I should check next” narrativeInvestigation copilots that generate a timeline from logs, tickets and chat transcripts, then highlight gaps and recommended pivotsDetection engineering assistance for drafting Sigma, YARA or query language snippets that an engineer can review and…
Ransomware activity peaks outside business hours

Feb 27, 2026 11:37 AM

Tags: access, business, credentials, incident response, ransomware, sophos

Intrusions continue to center on credential access and timed execution outside standard business hours. The Sophos Active Adversary Report 2026 analyzes 661 incident response … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/sophos-identity-driven-breaches-report/
12 Million exposed .env files reveal widespread security failures

Feb 27, 2026 10:36 AM

Tags: credentials, data-breach, vpn

Mysterium VPN found 12M IPs exposing .env files, leaking credentials and revealing widespread security misconfigurations worldwide. Configuration mistakes rarely trigger alarms. A forgotten deny rule, an overlooked server setting, or a full project folder uploaded to production can quietly expose a company’s most sensitive secrets. In many cases, those secrets live inside simple environment files…
Infostealers Drive Massive Brute-Force Attacks on Corporate SSO Gateways with Stolen Credentials

Feb 27, 2026 9:36 AM

Tags: attack, breach, corporate, credentials, cyber, cybercrime, cybersecurity, login

The cybersecurity community is witnessing a rise in credential”‘stuffing attacks targeting corporate Single Sign”‘On (SSO) systems, with recent campaigns focusing on F5 BIG”‘IP devices. To understand the source of the stolen logins, Defused Cyber analyzed a dataset of 70 unique email”‘password pairs used in the attack. When cross”‘referenced with Hudson Rock’s cybercrime database of Infostealer…
Preventing Breaches MFA on Remote Access to Linux, Unix, and Infrastructure Systems

Feb 26, 2026 9:36 PM

Tags: access, breach, credentials, infrastructure, linux, malware, mfa, password, zero-day

Most breaches don’t start with malware or zero-day exploits. They start with a login. An attacker gets hold of a password, maybe through phishing, reuse, or a leaked credential dump. They test it against a remote system. An SSH prompt appears. The credentials work. From there, everything unfolds quietly privilege escalation, lateral movement, persistence. By the time anyone notices, the damage is already done. ……
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
DarkCloud Infostealer Escalates as Major Enterprise Threat with Scalable Credential Theft

Feb 26, 2026 8:37 AM

Tags: access, breach, credentials, cyber, email, malware, software, theft, threat, tool

Infostealers continue to dominate the initial access landscape in 2026, driving breaches through scalable credential theft. Among these, DarkCloud has emerged as a major threat, illustrating how low-cost, commercialized malware is reshaping enterprise compromise dynamics worldwide. Despite being promoted as “surveillance software,” its real function is unmistakable highvolume credential harvesting across browsers, email clients, file transfer tools, and…
Steaelite RAT combines data theft and ransomware management capability in one tool

Feb 26, 2026 5:37 AM

Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windows

CSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
Marquis Sues SonicWall Over 2025 Firewall Data Breach

Feb 26, 2026 12:36 AM

Tags: attack, authentication, backup, breach, cloud, credentials, data, data-breach, firewall, flaw, ransomware, software

Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis. Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits. First seen…
The Real Initial Access Vector: Compromised Active Directory Credentials

Feb 25, 2026 4:37 PM

Tags: access, authentication, credentials, exploit

Compromised Active Directory credentials allow attackers to log in without exploits, driving modern authentication-based initial access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-real-initial-access-vector-compromised-active-directory-credentials/
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files 2025-59536 2026-21852

Feb 25, 2026 4:37 PM

Tags: api, credentials, cve, exploit, malicious, rce, remote-code-execution, vulnerability

y Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands…
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files 2025-59536 –

Feb 25, 2026 3:37 PM

Tags: api, credentials, cve, exploit, malicious, rce, remote-code-execution, vulnerability

y Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands…
Starkiller Phishing Framework Bypasses Defenses with Reverse Proxies, Takes an SaaS Approach

Feb 25, 2026 11:37 AM

Tags: browser, chrome, container, credentials, defense, framework, mfa, phishing, saas

Starkiller is a new SaaS-style phishing framework that runs real brand websites inside headless Chrome containers, acting as a live reverse proxy to steal credentials, session tokens, and MFA-protected accounts while evading traditional detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/starkiller-phishing-framework-bypasses-defenses-with-reverse-proxies-takes-an-saas-approach/
Multifaceted Phishing Scheme Deceives Bitpanda Customers

Feb 24, 2026 6:00 PM

Tags: attack, credentials, phishing

Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bitpanda-mfa-phishing-scheme/
Self-spreading npm malware targets developers in new supply chain attack

Feb 24, 2026 3:02 PM

Tags: attack, credentials, malware, supply-chain

Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/npm-worm-sandworm-mode-supply-cain-attack/
Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Feb 24, 2026 2:02 PM

Tags: ai, authentication, breach, cloud, control, credentials, data, identity, injection, malicious, malware, mfa, radius, tool, worm

Poisoning the AI developer interface: The campaign was specifically flagged for its direct targeting of AI coding assistants. The malware deploys a malicious Model Context Protocol (MCP) server and injects it into configurations of popular AI tools, embedding itself as a trusted component in the assistant’s environment.Once this is achieved, prompt-injection techniques can trick the…
How to Setup Credentials for Windows to Use DigiCert KeyLocker SMCTL?

Feb 24, 2026 1:02 PM

Tags: credentials, software, tool, windows

Before you can securely sign software or automate code signing in your Windows environment, you will need to configure your credentials for DigiCert® KeyLocker and the Signing Manager Command-Line Tool (SMCTL). Your credentials create a trusted connection between your local signing tools and DigiCert ONE to ensure that only authorized users are able to access”¦…
Malicious NuGet Packages Target ASP.NET Developers to Steal Login Credentials

Feb 24, 2026 1:02 PM

Tags: backdoor, credentials, cyber, identity, login, malicious

Malicious NuGet packages posing as legitimate developer utilities are targeting ASP.NET projects to steal identity credentials and silently backdoor applications through a localhost proxy. All four were published between August 1221, 2024, by a NuGet user named “hamzazaheer” and have collectively amassed a little over 4,500 downloads before takedown requests were submitted. The campaign’s core…
Romanian Cybercriminal Admits Guilt in Scheme Selling Oregon State Government Network Access

Feb 24, 2026 12:00 PM

Tags: access, credentials, cyber, cybercrime, government, network, office, unauthorized

A Romanian national has pleaded guilty to charges related to unauthorized access and sale of network credentials belonging to an Oregon state government office and multiple other U.S. victims, the U.S. Department of Justice announced on February 20, 2026. Catalin Dragomir, 45, formerly of Constanta, Romania, admitted to breaking into the Oregon state government office’s…
How Discord Can Expose Corporate Data

Feb 24, 2026 11:02 AM

Tags: corporate, credentials, data, risk

Discord improves collaboration, but a compromised account can expose credentials, customer data and internal plans. Learn the risks and how to reduce exposure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-discord-can-expose-corporate-data/
The rise of the evasive adversary

Feb 24, 2026 8:01 AM

Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-day

Big game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
ClickFix Infostealer Spreads via Fake CAPTCHA Traps, Targeting Unsuspecting Users

Feb 24, 2026 8:01 AM

Tags: captcha, credentials, cyber, detection, endpoint, threat

A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the ClickFix operation targeting restaurant reservation systems in July 2025, as highlighted in BlueVoyant’s earlier research. Further correlation with recent threat telemetry suggests that this campaign…
Hackers Exploit DeepSeek and Claude AI to Launch Global Attacks on FortiGate Devices

Feb 24, 2026 7:02 AM

Tags: ai, attack, breach, credentials, cyber, exploit, firewall, hacker

Hackers are using commercial AI models DeepSeek and Claude to automate attacks against FortiGate firewalls worldwide, turning basic misconfigurations into a high”‘volume intrusion campaign. In early February 2026, a misconfigured SimpleHTTP server running on 212.11.64[.]250:9999 was found exposing more than 1,400 files and 139 subdirectories, including stolen FortiGate configurations, Active Directory maps, credential dumps, exploit…
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon

Feb 24, 2026 6:01 AM

Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerability

Recommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
600+ FortiGate Devices Hacked by AI-Armed Amateur

Feb 24, 2026 1:01 AM

Tags: ai, backup, credentials, firewall, hacker, ransomware, russia

A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/600-fortigate-devices-hacked-ai-amateur
Cracks in the Bedrock: Bypassing SCP Enforcement with Long-Lived API Keys

Feb 23, 2026 6:01 PM

Tags: api, control, credentials, iam, service

Introduction Following the release of Amazon Bedrock Powered by AWS Mantle, I discovered a mechanism to bypass Service Control Policy (SCP) statements limiting the use of bedrock-mantle IAM permissions. By leveraging long-lived API keys backed by Service Specific Credentials, I was able to successfully leverage bedrock-mantle:CreateInference despite an SCP statement denying that action. SCPs are……
1.2 Million Accounts Exposed in French Bank Registry Breach

Feb 23, 2026 4:00 PM

Tags: access, breach, credentials, data, data-breach, finance, government

Stolen government credentials were used to access France’s FICOBA registry, exposing data tied to roughly 1.2 million bank accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/1-2-million-accounts-exposed-in-french-bank-registry-breach/
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

Feb 23, 2026 2:00 PM

Tags: credentials, data, detection, exploit, theft, vpn

The stealer employs a broad data-theft toolkit: The researchers noted that the Python implementation acts as a wide-net data harvester. It collects system information, extracts browser-stored data, and pulls details from communication platforms, including Telegram and Discord. Additional modules target VPN configurations, retrieve selected files from the host, and can deliver other payloads, suggesting the…