Tag: credentials

Microsoft seizes RedVDS infrastructure, disrupts fast-growing cybercrime marketplace

Jan 14, 2026 7:11 PM

Tags: attack, credentials, cybercrime, infrastructure, marketplace, microsoft, phishing, service, theft, tool

The service became a prolific tool for cybercriminals in the past year, as it facilitated thousands of attacks involving credential theft, account takeovers, mass phishing and payment diversion fraud. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-seizes-disrupts-redvds-cybercrime-marketplace/
North Korean Hackers Exploit Code Repositories in “Contagious Interview” Campaign

Jan 14, 2026 7:11 PM

Tags: access, credentials, crypto, cyber, exploit, hacker, malicious, north-korea, threat

A newly documented campaign dubbed “Contagious Interview” shows North Korean threat actors weaponising developer tooling and code-repository workflows to steal credentials, cryptocurrency wallets and establish remote access even when victims never “run” the code they are sent. In a recent case analysed by SEAL, a malicious Bitbucket repository (hxxps://bitbucket[.]org/0xmvptechlab/ctrading) was delivered as a take”‘home technical…
Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs

Jan 14, 2026 7:11 PM

Tags: attack, credentials, exploit, finance, hacker, monitoring, phishing, tool

Phishing attacks have been identified using fake PayPal alerts to exploit remote monitoring and management tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-fake-paypal-notices-deploy/
Lack of isolation in agentic browsers resurfaces old vulnerabilities

Jan 13, 2026 7:02 PM

Tags: access, ai, api, attack, authentication, control, corporate, credentials, data, data-breach, defense, dns, email, exploit, finance, flaw, framework, github, google, hacker, healthcare, injection, Internet, leak, linkedin, LLM, malicious, mitigation, network, nvidia, organized, privacy, programming, risk, service, side-channel, threat, tool, training, unauthorized, update, vulnerability, xss

With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks, which are functionally similar to cross-site scripting (XSS) and cross-site request forgery (CSRF), resurface decades-old patterns…
Multipurpose GoBruteforcer Botnet Targets 50K+ Linux Servers

Jan 13, 2026 6:02 PM

Tags: ai, botnet, credentials, linux

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/gobruteforcer-botnet-targets-50k-plus-linux-servers
Phishing Scams Exploit Browserthe-Browser Attacks to Steal Facebook Passwords

Jan 13, 2026 4:02 PM

Tags: attack, credentials, cybersecurity, exploit, login, password, phishing, scam

Cybersecurity researchers issue warning over a surge in attacks designed to trick Facebook users into handing over login credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-scams-exploit-browser/
Driving Passwordless Adoption with FIDO and Biometric Authentication

Jan 13, 2026 12:01 PM

Tags: access, attack, authentication, awareness, banking, breach, business, cloud, compliance, container, control, credentials, cyber, data, defense, fido, finance, fraud, government, Hardware, iam, identity, insurance, login, mobile, passkey, password, phishing, risk, service, technology, threat, training

Driving Passwordless Adoption with FIDO and Biometric Authentication madhav Tue, 01/13/2026 – 06:13 For decades, passwords have been the default mechanism for securing digital access. They are deeply embedded in enterprise systems and workflows, yet they were never designed to withstand today’s threat landscape. Cybersecurity Sarah Lefavrais – IAM Product Marketing Manager More About This…
Hackers Exploit Browserthe-Browser Trick to Hijack Facebook Accounts

Jan 13, 2026 9:01 AM

Tags: authentication, credentials, cyber, exploit, hacker, login, phishing, social-engineering, theft, windows

Facebook’s massive 3 billion active users make it an attractive target for sophisticated phishing campaigns. As attackers grow more inventive, a hazardous technique is gaining traction: the >>Browser-in-the-Browser<< (BitB) attack. This advanced social engineering method creates custom-built fake login pop-ups that are nearly indistinguishable from legitimate authentication windows, enabling credential theft on an unprecedented scale.…
Malicious Chrome Extension Steals Wallet Credentials, Enables Automated Trading Abuse

Jan 13, 2026 7:02 AM

Tags: api, browser, chrome, credentials, crypto, cyber, malicious, malware, threat, unauthorized

A sophisticated malware campaign targeting cryptocurrency traders has been uncovered by Socket’s Threat Research Team, revealing a malicious Chrome extension designed to steal MEXC exchange API credentials and enable unauthorized account control. The malicious extension operates by programmatically creating new MEXC API keys, enabling withdrawal permissions without user knowledge, and exfiltrating the resulting credentials to…
GoBruteforcer Botnet Targets 50K-plus Linux Servers

Jan 12, 2026 11:01 PM

Tags: ai, botnet, credentials, linux

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/gobruteforcer-botnet-targets-50k-plus-linux-servers
Account Takeover (ATO) Attacks Explained: Detection, Prevention Mitigation

Jan 12, 2026 8:02 PM

Tags: attack, credentials, detection, guide, mfa, mitigation

Learn how to detect and prevent Account Takeover (ATO) attacks. Expert guide for CTOs on credential stuffing, MFA bypass, and enterprise single sign-on security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/account-takeover-ato-attacks-explained-detection-prevention-mitigation/
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

Jan 12, 2026 2:02 PM

Tags: ai, attack, blockchain, botnet, credentials, crypto, exploit, linux, mfa, password, service

A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that’s capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers.”The current wave of campaigns is driven by two factors: the mass reuse of AI-generated server deployment examples…
Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

Jan 12, 2026 12:02 PM

Tags: attack, credentials, cyberespionage, group, russia

Russia-linked cyberespionage group APT28 targets energy, nuclear, and policy staff in Turkey, Europe, North Macedonia, and Uzbekistan with credential-harvesting attacks. Between February and September 2025, Recorded Future’s Insikt Group observed Russia-linked group APT28 (aka UAC-0001, Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) running credential-harvesting campaigns. Targets included Turkish energy and nuclear agency staff, European think tank personnel, and organizations…
Keeper Security Launches JetBrains Extension

Jan 9, 2026 7:02 PM

Tags: credentials, data

This week, Keeper Security the launch of its JetBrains extension, offering JetBrains Integrated Development Environment (IDE) users a secure and seamless way to manage secrets within their development workflows. By integrating directly with the Keeper Vault, developers can replace hardcoded secrets with vault references and execute commands using injected credentials, ensuring sensitive data remains protected…
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials

Jan 9, 2026 7:02 PM

Tags: access, attack, credentials, cyber, encryption, exploit, incident response, ransomware, tactics, tool, vpn, vulnerability

Arctic Wolf Labs has uncovered a new ransomware variant dubbed >>Fog<< striking US organizations, primarily in education and recreation, through hijacked VPN access. First spotted on May 2, 2024, the attacks highlight vulnerabilities in remote access tools and the rapid encryption tactics used to exploit them."‹ Arctic Wolf's Incident Response team investigated multiple cases starting…
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials

Jan 9, 2026 7:02 PM

Tags: access, attack, credentials, cyber, encryption, exploit, incident response, ransomware, tactics, tool, vpn, vulnerability

Arctic Wolf Labs has uncovered a new ransomware variant dubbed >>Fog<< striking US organizations, primarily in education and recreation, through hijacked VPN access. First spotted on May 2, 2024, the attacks highlight vulnerabilities in remote access tools and the rapid encryption tactics used to exploit them."‹ Arctic Wolf's Incident Response team investigated multiple cases starting…
Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Jan 9, 2026 6:01 PM

Tags: attack, credentials, russia, threat

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan.The activity has been attributed to APT28 (aka BlueDelta), which was attributed to…
Notorious Russian APT Nabs Credentials From Global Targets

Jan 9, 2026 4:01 PM

Tags: apt, credentials, malware, russia

Fancy Bear relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-apt-credentials-global-targets
Credential Stuffing: So gefährlich ist die Mehrfachnutzung von Passwörtern (immer noch)

Jan 9, 2026 12:01 PM

Tags: credentials, cybercrime, password

Passwörter wiederzuverwenden ist ein wenig, wie über eine rote Ampel zu gehen: In 90 Prozent der Fälle passiert nichts, aber wenn es schiefgeht, dann richtig. Wir zeigen die neuesten Coups aus der Cybercrime-Szene und warum individuelle Passwörter Pflicht und keine Kür sind. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/tipps-ratgeber/credential-stuffing-so-gefahrlich-ist-die-mehrfachnutzung-von-passwortern-immer-noch/
Enterprises still aren’t getting IAM right

Jan 9, 2026 6:01 AM

Tags: access, ai, api, authentication, automation, cloud, control, credentials, cybersecurity, data, email, governance, iam, identity, incident response, infrastructure, least-privilege, password, risk, saas, service, tool

Just 1% have fully implemented a modern just-in-time (JIT) privileged access model;91% say at least half of their privileged access is always-on (standard privilege), providing unrestricted, persistent access to sensitive systems;45% apply the same privileged access controls to human and AI identities;33% lack clear AI access policies.The research also revealed a growing issue with “shadow…
Cisco identifies vulnerability in ISE network access control devices

Jan 9, 2026 5:01 AM

Tags: access, advisory, breach, cisco, control, credentials, cvss, data, exploit, firewall, google, identity, malicious, network, sans, theft, vulnerability

rotate ISE credentials for those with existing and approved access;ensure only those who need access have credentials;reduce the number of devices that can access the ISE server;patch as soon as it’s possible to take the server offline.In its notice to customers, Cisco says a vulnerability [CVE-2026-20029] in the licensing features of ISE and Cisco ISE…
CrowdStrike Acquires SGNL for $740 Million to Thwart AI-Powered Cyber Threats

Jan 8, 2026 10:02 PM

Tags: ai, credentials, crowdstrike, cyber, cybersecurity, defense, exploit, hacker, identity, intelligence, startup, technology, threat

CrowdStrike Inc. said Thursday it will acquire identity security startup SGNL in a deal valued at $740 million the latest move by the cybersecurity giant to fortify its defenses against increasingly sophisticated artificial intelligence (AI)-powered cyberattacks. The acquisition centers on SGNL’s continuous identity technology, designed to prevent hackers from exploiting user credentials as entry.. First…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

Jan 8, 2026 5:05 PM

Tags: 5G, access, attack, authentication, breach, business, cio, compliance, control, credentials, cyber, cybersecurity, data, data-breach, defense, detection, firmware, framework, gartner, Hardware, HIPAA, identity, infrastructure, iot, leak, least-privilege, mitigation, monitoring, network, nist, password, risk, strategy, supply-chain, technology, theft, threat, unauthorized, update, vpn, vulnerability, zero-trust

Defense: Compromised devices can leak mission-critical data or disrupt tactical communications.Utilities: Operational paralysis halts power distribution or water treatment, impacting millions.Public safety: Emergency response systems fail during crises, endangering lives.According to Gartner, in 2023, IoT-related incidents in critical infrastructure surged 400% over the previous three years and the average cost of an OT breach exceeded…
Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

Jan 8, 2026 5:05 PM

Tags: 5G, access, attack, authentication, breach, business, cio, compliance, control, credentials, cyber, cybersecurity, data, data-breach, defense, detection, firmware, framework, gartner, Hardware, HIPAA, identity, infrastructure, iot, leak, least-privilege, mitigation, monitoring, network, nist, password, risk, strategy, supply-chain, technology, theft, threat, unauthorized, update, vpn, vulnerability, zero-trust

Defense: Compromised devices can leak mission-critical data or disrupt tactical communications.Utilities: Operational paralysis halts power distribution or water treatment, impacting millions.Public safety: Emergency response systems fail during crises, endangering lives.According to Gartner, in 2023, IoT-related incidents in critical infrastructure surged 400% over the previous three years and the average cost of an OT breach exceeded…
50,000 Servers Exposed as GoBruteforcer Scales Brute-Force Attacks

Jan 8, 2026 4:01 PM

Tags: attack, credentials, data-breach, exploit, linux

GoBruteforcer is exploiting weak credentials to compromise thousands of exposed Linux servers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/50000-servers-exposed-as-gobruteforcer-scales-brute-force-attacks/
BlueDelta Hackers Target Microsoft OWA, Google, and Sophos VPN to Steal Credentials

Jan 8, 2026 10:01 AM

Tags: credentials, cyber, google, group, hacker, infrastructure, microsoft, russia, sophos, theft, threat, vpn

A sophisticated credential-harvesting operation conducted by BlueDelta, a Russian state-sponsored threat group linked to the GRU’s Main Directorate, targeted critical infrastructure organizations and research institutions throughout 2025, according to a comprehensive investigation by Recorded Future’s Insikt Group. The campaign, spanning February through September 2025, represents a significant evolution in the group’s persistent credential-theft operations, with…
Three Malicious NPM Packages Target Developers’ Login Credentials

Jan 8, 2026 10:01 AM

Tags: access, attack, credentials, cyber, exploit, login, malicious

Security researchers at Zscaler ThreatLabz have uncovered three malicious npm packages designed to install a sophisticated remote access trojan (RAT) targeting JavaScript developers. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, collectively registered over 3,400 downloads before being removed from the npm registry in November 2025. The attack exploits developer trust in the legitimate BitcoinJS project…
ownCloud Warns Users to Enable MFA After Credential Theft Incident

Jan 8, 2026 10:01 AM

Tags: advisory, authentication, credentials, cyber, intelligence, mfa, theft, threat, vulnerability

ownCloud has issued an urgent security advisory urging users to enable Multi-Factor Authentication (MFA) following a credential theft incident reported by threat intelligence firm Hudson Rock. The incident, discovered in January 2026, affected organizations using self-hosted file-sharing platforms, including some ownCloud Community Edition deployments. What Happened The incident did not result from any vulnerability or…