Tag: credentials

Fake CAPTCHA Attacks Exploit Key Entry Point for LummaStealer Malware

Feb 12, 2026 7:58 AM

Tags: attack, captcha, credentials, crypto, cyber, data, exploit, infection, law, malware

Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operators have rebuilt at scale and are again harvesting credentials, crypto wallets, and personal data worldwide. LummaStealer…
SSHStalker botnet brute-forces its way onto 7,000 Linux machines

Feb 12, 2026 5:58 AM

Tags: attack, authentication, backdoor, botnet, business, control, credentials, cve, exploit, infosec, Internet, linux, login, malware, monitoring, network, password, threat, unauthorized, virus, vulnerability

cron/systemd integrity monitoring, especially for ‘runs every minute’ patterns.Finally, because SSHStalker looks for older Linux machines, admins should have a legacy Linux eradication plan prioritizing the unhooking of machines with any version of Linux kernel 2.6, because these servers are being targeted. How it was discovered: Discovery of SSHStalker came after Flare created an SSH…
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Feb 12, 2026 1:58 AM

Tags: attack, credentials, cybersecurity, login, malicious, microsoft, supply-chain

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild.In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The…
VoidLink Linux C2 Uses LLM-Generated Malware with Kernel-Level Stealth

Feb 10, 2026 1:13 PM

Tags: access, ai, cloud, control, credentials, cyber, framework, google, linux, LLM, malware, microsoft

VoidLink represents a concerning evolution in malware development: a sophisticated Linux command-and-control framework that shows clear signs of being built with AI assistance. This Linux malware operates as a modular implant designed for long-term access to compromised systems. It doesn’t discriminate between cloud providers, actively harvesting credentials from AWS, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, and…
Someone’s attacking SolarWinds WHD to steal high”‘privilege credentials – but we don’t know who or how

Feb 10, 2026 12:13 AM

Tags: credentials, cve

So many CVEs, so little time First seen on theregister.com Jump to article: www.theregister.com/2026/02/09/solarwinds_mystery_whd_attack/
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code

Feb 9, 2026 5:14 PM

Tags: ai, cloud, credentials, data, framework, linux, malware, theft

VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/voidlink-malware-multi-cloud-ai/
Node.js LTX Stealer Emerges as New Threat to Login Credentials

Feb 9, 2026 3:14 PM

Tags: antivirus, cloud, credentials, cyber, framework, login, malware, service, software, threat, windows

A new, sophisticated malware campaign dubbed >>LTX Stealer.<< This malware represents a shift in attacker techniques, utilizing legitimate software frameworks and cloud services to hide its activities and steal sensitive user data. By mimicking standard Windows processes, LTX Stealer is designed to operate quietly, making it difficult for traditional antivirus systems to detect. The malware…
DKnife targets network gateways in long running AitM campaign

Feb 9, 2026 2:13 PM

Tags: antivirus, backdoor, china, control, credentials, data, detection, email, endpoint, framework, infrastructure, malware, mobile, network, service, threat, tool

Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
DKnife targets network gateways in long running AitM campaign

Feb 9, 2026 2:13 PM

Tags: antivirus, backdoor, china, control, credentials, data, detection, email, endpoint, framework, infrastructure, malware, mobile, network, service, threat, tool

Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
UAE Cyber Security Council Warns Stolen Logins Fuel Majority of Financial Cyberattacks

Feb 9, 2026 10:14 AM

Tags: access, attack, breach, credentials, cyber, cyberattack, cybercrime, finance, fraud, identity, login, password, theft, threat, unauthorized

The UAE Cyber Security Council has issued a renewed warning about the growing threat of financial cybercrime, cautioning that stolen login credentials remain the most common entry point for attacks targeting individuals, companies, and institutions. According to the council, around 60% of financial cyberattacks begin with the theft of usernames and passwords, making compromised credentials…
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
AI agents behave like users, but don’t follow the same rules

Feb 9, 2026 7:13 AM

Tags: ai, control, credentials, governance

Security and governance approaches to autonomous AI agents rely on static credentials, inconsistent controls, and limited visibility. Securing these agents requires the same … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/securing-autonomous-ai-agents-rules/
New Telegram Phishing Scam Hijacks Login Flow to Steal Fully Authorized User Sessions

Feb 9, 2026 7:13 AM

Tags: api, authentication, credentials, cyber, login, malware, password, phishing, scam

A new and sophisticated Telegram phishing operation is active in the wild, targeting users globally by hijacking the platform’s legitimate authentication features. Unlike traditional phishing, which often relies on malware or cloning login pages to steal passwords, this campaign integrates directly with Telegram’s official infrastructure. The attackers register their own Telegram API credentials (api_id and api_hash) and…
Six more vulnerabilities found in n8n automation platform

Feb 6, 2026 11:13 PM

Tags: access, ai, attack, automation, business, cloud, control, credentials, cve, cvss, data, data-breach, exploit, flaw, identity, injection, malicious, network, radius, risk, vulnerability

CVE-2026-21893, a command injection hole in the community edition of n8n. An unauthenticated user with administration permission could execute arbitrary system commands on the n8n host.”The risk is amplified by the trust typically placed in community extensions,” Upwinds said in its commentary, “making this a high-impact attack path that directly bridges application-level functionality with host-level…
Ten career-ending mistakes CISOs make and how to avoid them

Feb 6, 2026 2:14 PM

Tags: access, ai, attack, awareness, best-practice, breach, business, ciso, cloud, compliance, computing, conference, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, framework, GDPR, governance, guide, HIPAA, least-privilege, malicious, metric, monitoring, network, password, resilience, risk, social-engineering, strategy, technology, threat, tool, training, vulnerability, zero-trust

2. Poor communication with the board and C-suite: Technical expertise alone no longer suffices in the modern CISO role. Security leaders who fail to translate cyber risks into business impact quickly lose credibility with decision-makers who control budgets and strategic direction.When security leaders present endless technical details without connecting them to revenue loss, regulatory fines,…
Nearly 5 Million Web Servers Found Exposing Git Metadata Study Reveals Widespread Risk of Code and Credential Leaks

Feb 6, 2026 12:14 PM

Tags: credentials, leak, risk, vpn

A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials via .git/config files. A new 2026 study by the Mysterium VPN research team reveals that nearly 5 million public web servers are exposing Git repository metadata, with over 250,000 of them exposing .git/config files containing deployment credentials. Such misconfigurations […]…
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Feb 6, 2026 11:13 AM

Tags: attack, credentials, cybersecurity, malicious, malware, pypi, rat, supply-chain, theft

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.The compromised versions of the two packages are listed below -@dydxprotocol/v4-client-js (npm) – 3.4.1, 1.22.1, 1.15.2, 1.0.31& First…
Why Attackers no Longer Need to Break in: The Rise of Identity-Based Attacks

Feb 6, 2026 10:13 AM

Tags: breach, credentials, iam, identity, least-privilege, phone, scam

In 2026 stolen credentials and unmanaged machine identities drive breaches”, small buys, phone scams, and weak IAM make identity the real perimeter; prioritize inventory, least privilege, and stronger auth. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/why-attackers-no-longer-need-to-break-in-the-rise-of-identity-based-attacks/
The silent security gap in enterprise AI adoption

Feb 5, 2026 1:24 PM

Tags: access, ai, api, backup, breach, business, cloud, compliance, computer, computing, control, credentials, cryptography, data, data-breach, encryption, exploit, finance, group, healthcare, infrastructure, malicious, risk, service, technology, threat, tool

InfoWorld explains in its analysis of why AI is all about inference now.This shift has happened quickly. In many organizations, AI systems have moved from pilot projects to core infrastructure in less than two years. Yet security architectures have not evolved at the same pace. The result is a widening gap between where sensitive data…
Software supply chain risks join the OWASP top 10 list, access control still on top

Feb 5, 2026 9:13 AM

Tags: access, ai, attack, authentication, backdoor, backup, breach, cloud, computer, control, credentials, cybersecurity, data, data-breach, defense, encryption, flaw, governance, identity, injection, LLM, login, malicious, mfa, open-source, password, risk, software, sql, supply-chain, threat, unauthorized, update, vulnerability

1 Broken access control When applications fail to properly enforce restrictions on what authenticated users are allowed to do, allowing attackers to access unauthorized functionality or data. For example, an attacker might manipulate an URL parameter to access another user’s account information or escalate their privileges from a regular user to an administrator. This item…
Protests Don’t Impede Iranian Spying on Expats, Syrians, Israelis

Feb 5, 2026 9:13 AM

Tags: credentials, iran, middle-east, phishing, spear-phishing, threat

Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-spies-expats-syrians-israelis
1.5 million AI agents are at risk of going rogue

Feb 5, 2026 5:13 AM

Tags: access, ai, business, cio, credentials, governance, group, risk, tool

The real issue is invisible AI, not rogue AI: Manish Jain, principal research director at Info-Tech Research Group, said that as the “exponential” speed of AI development continues, his firm, based on experiences with CIOs and CDOs, predicts that there will be more AI agents globally by the year 2028 than the number of human…
Why Moltbook Changes the Enterprise Security Conversation

Feb 4, 2026 5:13 PM

Tags: ai, credentials, data, github, injection, intelligence, risk, saas

For several years, enterprise security teams have concentrated on a well-established range of risks, including users clicking potentially harmful links, employees uploading data to SaaS applications, developers inadvertently disclosing credentials on platforms like GitHub, and chatbots revealing sensitive information. However, a notable shift is emerging”, one that operates independently of user actions. Artificial intelligence agents…
The Double-Edged Sword of Non-Human Identities

Feb 4, 2026 5:13 PM

Tags: access, api, breach, cloud, credentials, data-breach

Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-double-edged-sword-of-non-human-identities/
Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover

Feb 4, 2026 3:13 PM

Tags: ai, attack, automation, credentials, flaw, supply-chain, vulnerability

Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/two-critical-flaws-in-n8n-ai/
New AI-Powered Threat Allows Hackers to Gain AWS Admin Access in Minutes

Feb 4, 2026 3:13 PM

Tags: access, ai, attack, cloud, control, credentials, cyber, data-breach, hacker, service, threat

A highly sophisticated offensive cloud operation targeting an AWS environment.The attack was notable for its extreme speed taking less than 10 minutes to go from initial entry to full administrative control and its heavy reliance on AI automation. The threat actor initiated the attack by discovering valid credentials left exposed in public Simple Storage Service…
Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments

Feb 4, 2026 12:14 PM

Tags: access, attack, authentication, backup, breach, business, cloud, compliance, credentials, cybersecurity, data, endpoint, group, Hardware, identity, infrastructure, lessons-learned, network, password, phishing, phone, risk, service, technology, update, windows, zero-trust

Architecture decisions: Hybrid authentication flows and Windows Hello for Business: Once your prerequisites are in place, you face critical architectural decisions that will shape your deployment for years to come. The primary decision point is whether to use Windows Hello for Business, FIDO2 security keys or phone sign-in as your primary authentication mechanism.In my experience,…
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes

Feb 4, 2026 12:14 PM

Tags: access, ai, attack, automation, breach, cloud, credentials, data-breach, Intruder

Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach. First seen on hackread.com Jump to article: hackread.com/8-minute-takeover-ai-hijack-cloud-access/
ValleyRAT Masquerades as LINE Installer to Target Users and Harvest Login Credentials

Feb 4, 2026 10:13 AM

Tags: communications, credentials, cyber, cybercrime, login, malware, powershell, software, threat

A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have increasingly used fraudulent software installers to deliver malware. This campaign shares techniques with previously discovered LetsVPN-themed attacks, including task-scheduler persistence, PowerShell-based evasion, and C2 communications via Hong Kong servers. Cybereason GSOC performed…
GlassWorm Infiltrates VSX Extensions With 22,000+ Downloads to Target Developers

Feb 3, 2026 11:14 PM

Tags: access, attack, breach, credentials, cyber, data-breach, supply-chain, unauthorized

A new GlassWorm-linked supply chain attack abusing the Open VSX Registry, this time via a suspected compromise of a legitimate publisher’s credentials rather than typosquatted packages. The Open VSX security team assessed the activity as consistent with leaked tokens or other unauthorized access to the publishing pipeline, underscoring how stolen developer credentials can be weaponized…