Tag: credentials
-
Protests Don’t Impede Iranian Spying on Expats, Syrians, Israelis
Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-spies-expats-syrians-israelis
-
1.5 million AI agents are at risk of going rogue
The real issue is invisible AI, not rogue AI: Manish Jain, principal research director at Info-Tech Research Group, said that as the “exponential” speed of AI development continues, his firm, based on experiences with CIOs and CDOs, predicts that there will be more AI agents globally by the year 2028 than the number of human…
-
Why Moltbook Changes the Enterprise Security Conversation
For several years, enterprise security teams have concentrated on a well-established range of risks, including users clicking potentially harmful links, employees uploading data to SaaS applications, developers inadvertently disclosing credentials on platforms like GitHub, and chatbots revealing sensitive information. However, a notable shift is emerging”, one that operates independently of user actions. Artificial intelligence agents…
-
The Double-Edged Sword of Non-Human Identities
Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-double-edged-sword-of-non-human-identities/
-
New AI-Powered Threat Allows Hackers to Gain AWS Admin Access in Minutes
A highly sophisticated offensive cloud operation targeting an AWS environment.The attack was notable for its extreme speed taking less than 10 minutes to go from initial entry to full administrative control and its heavy reliance on AI automation. The threat actor initiated the attack by discovering valid credentials left exposed in public Simple Storage Service…
-
Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/two-critical-flaws-in-n8n-ai/
-
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes
Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach. First seen on hackread.com Jump to article: hackread.com/8-minute-takeover-ai-hijack-cloud-access/
-
Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments
Tags: access, attack, authentication, backup, breach, business, cloud, compliance, credentials, cybersecurity, data, endpoint, group, Hardware, identity, infrastructure, lessons-learned, network, password, phishing, phone, risk, service, technology, update, windows, zero-trustArchitecture decisions: Hybrid authentication flows and Windows Hello for Business: Once your prerequisites are in place, you face critical architectural decisions that will shape your deployment for years to come. The primary decision point is whether to use Windows Hello for Business, FIDO2 security keys or phone sign-in as your primary authentication mechanism.In my experience,…
-
ValleyRAT Masquerades as LINE Installer to Target Users and Harvest Login Credentials
A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have increasingly used fraudulent software installers to deliver malware. This campaign shares techniques with previously discovered LetsVPN-themed attacks, including task-scheduler persistence, PowerShell-based evasion, and C2 communications via Hong Kong servers. Cybereason GSOC performed…
-
Fake Dropbox Phishing Campaign Targets Users, Steals Login Credentials
A sophisticated phishing campaign that uses a multi-stage approach to bypass email filtering and content-scanning systems. The attack exploits trusted platforms, benign file formats, and layered redirection techniques to harvest user credentials from unsuspecting victims successfully. The attack chain begins with a professionally crafted phishing email containing a PDF attachment. The malicious payload leverages legitimate…
-
Rising Risk of Compromised Credentials in AD
Analysis of Enzoic AD Lite scans shows compromised and weak credentials increased, exposing over 1 in 5 Active Directory accounts to risk. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/rising-risk-of-compromised-credentials-in-ad/
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
8-Minute Access: AI Accelerates Breach of AWS Environment
The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/8-minute-access-ai-aws-environment-breach
-
Flare Report: Infostealers Are Fueling Enterprise Identity Attacks
Flare research shows infostealers are increasingly exposing enterprise identity credentials, driving higher-impact compromises. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/flare-report-infostealers-are-fueling-enterprise-identity-attacks/
-
From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain
Tags: access, ai, attack, ciso, cloud, credentials, detection, framework, group, iam, least-privilege, LLM, monitoring, trainingLateral movement, LLMjacking, and GPU abuse: Once administrative access was obtained, the attacker moved laterally across 19 distinct AWS principals, assuming multiple roles and creating new users to spread activity across identities. This approach enabled persistence and complicated detection, the researchers noted.The attackers then shifted focus to Amazon Bedrock, enumerating available models and confirming that…
-
Enabling and Securing Basic Authentication: A Comprehensive Guide
Learn how to enable and secure basic authentication for enterprise systems. Guide covers tls encryption, credential hygiene, and sso migration for ctos. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/enabling-and-securing-basic-authentication-a-comprehensive-guide/
-
New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials
Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/password-stealing-phishing-pdf/
-
Think agentic AI is hard to secure today? Just wait a few months
Cost effective fix: Do nothing: Kodezi’s Khan offers an interesting fix for that foundational problem: Don’t even try. He argues it’s a money pit that will never be fully resolved. Instead, he suggests pouring resources into creating a strict identity strategy for every NHI going forward. “Aim for containment rather than for perfection. You can’t really govern…
-
Shai-Hulud & Co.: The software supply chain as Achilles’ heel
Tags: access, ai, application-security, attack, backdoor, ciso, cloud, credentials, cyber, github, Hardware, identity, infrastructure, kritis, kubernetes, malicious, network, nis-2, programming, risk, rust, sbom, software, strategy, supply-chain, threat, tool, vulnerability, wormThe polyglot supply chain attack: The most frightening prospect, however, is the convergence of these threats in a polyglot supply chain attack. Currently, security teams operate in isolation. AppSec monitors the code, CloudSec monitors the cloud, NetworkSec monitors the perimeter. A polyglot attack is designed to seamlessly break through these silos.This happens as follows: A…
-
New GlassWorm attack targets macOS via compromised OpenVSX extensions
A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-glassworm-attack-targets-macos-via-compromised-openvsx-extensions/
-
Attackers Harvest Dropbox Logins Via Fake PDF Lures
A malware-free phishing campaign targets corporate inboxes and asks employees to view request orders, ultimately leading to Dropbox credential theft. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/attackers-harvest-dropbox-logins-fake-pdf-lures
-
Cybercrime Enters a New Era as Autonomous AI Agents Take Center Stage
As of February 2026, enterprise defenders are no longer just battling human-operated ransomware groups or credential thieves. The frontline has shifted to a new class of threat: autonomous AI agents that plan, execute, adapt, and even reinvest their own criminal profits without direct human oversight. The convergence of OpenClaw (local runtime), Moltbook (agent collaboration network),…
-
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data
Several threat clusters are using vishing in extortion campaigns that include tactics that are consistent with those used by high-profile threat group ShinyHunters. They are stealing SSO and MFA credentials to access companies’ environments and steal data from cloud applications, according to Mandiant researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/shinyhunters-leads-surge-in-vishing-attacks-to-steal-saas-data/
-
How risk culture turns cyber teams predictive
Tags: access, compliance, control, credentials, cyber, cybersecurity, data-breach, detection, identity, intelligence, jobs, ransomware, resilience, risk, serviceRisk culture: What it is when you strip the slogans: People talk about culture like it’s soft. Posters. Values. A town hall with applause on cue.Culture is harder. Culture is what people do when nobody is watching, and when the clock is loud. Culture is what gets you the truth at 4 p.m., not at…
-
Why non-human identities are your biggest security blind spot in 2026
Tags: access, api, breach, cloud, control, credentials, data-breach, github, google, governance, identity, least-privilege, password, service, threat, toolThe three blind spots I keep finding: After years working in cloud security and identity management, certain patterns show up everywhere I look. Three problems in particular appear in nearly every environment I assess. Secrets where they should never be. I still find API keys hardcoded in source files. Still. In 2026. Last year, GitGuardian…
-
Researchers Uncover Moltbook AI Flaw Exposing API Keys and Login Credentials
A critical vulnerability in Moltbook, the AI agent social network launched in late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for registered entities. The flaw impacts the platform’s claimed 1.5 million users, though security researchers revealed the inflated user count stems from unchecked bot registrations rather than…
-
Google Uncovers Major Expansion in ShinyHunters Threat Activity Using New Tactics
Tags: authentication, corporate, credentials, cyber, cybercrime, extortion, google, identity, mfa, phishing, service, software, tactics, threatA substantial expansion in cybercrime operations using tactics consistent with ShinyHunters-branded extortion campaigns. These sophisticated operations employ advanced voice phishing (vishing) and victim-branded credential harvesting websites to compromise corporate environments by stealing single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. While the methodology of targeting identity providers and Software-as-a-Service (SaaS) platforms remains consistent with…