Tag: credentials
-
ownCloud Warns Users to Enable MFA After Credential Theft Incident
ownCloud has issued an urgent security advisory urging users to enable Multi-Factor Authentication (MFA) following a credential theft incident reported by threat intelligence firm Hudson Rock. The incident, discovered in January 2026, affected organizations using self-hosted file-sharing platforms, including some ownCloud Community Edition deployments. What Happened The incident did not result from any vulnerability or…
-
Passwords are where PCI DSS compliance often breaks down
Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/passwords-pci-dds-compliance/
-
Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files
Tags: access, backup, credentials, cve, cvss, cybersecurity, data, exploit, jobs, malicious, monitoring, password, ransomware, remote-code-execution, risk, risk-management, sans, threat, update, veeam, vulnerabilityCVE-2025-59470 (with a CVSS score of 9) allows a Backup or Tape Operator to perform remote code execution (RCE) as the Postgres user by sending a malicious interval or order parameter;CVE-2025-59469 (with a severity score of 7.2) allows a Backup or Tape Operator to write files as root;CVE-2025-55125 (with a severity score of 7.2) allows a Backup…
-
What innovations are shaping Agentic AI today?
How Does Agentic AI Transform NHI Management? Are cybersecurity professionals fully leveraging Agentic AI for Non-Human Identities (NHIs) and Secrets Security Management? With technology advances, the integration of Agentic AI into cybersecurity practices has become crucial, especially when dealing with NHIs. These machine identities, formed by combining encrypted credentials with access permissions, are paramount in……
-
NDSS 2025 A Multifaceted Study On The Use of TLS And Auto-detect In Email Ecosystems
Session 8A: Email Security Authors, Creators & Presenters: Ka Fun Tang (The Chinese University of Hong Kong), Che Wei Tu (The Chinese University of Hong Kong), Sui Ling Angela Mak (The Chinese University of Hong Kong), Sze Yiu Chau (The Chinese University of Hong Kong) PAPER A Multifaceted Study on the Use of TLS and…
-
Threat Actors Exploit Google Cloud Services to Steal Microsoft 365 Credentials
Tags: cloud, credentials, cyber, cybersecurity, email, exploit, google, infrastructure, malicious, microsoft, phishing, service, threatA sophisticated phishing campaign is exploiting Google Cloud infrastructure to bypass email security filters and steal Microsoft 365 credentials, demonstrating how attackers increasingly abuse trusted cloud platforms to lend legitimacy to their malicious activities. Cybersecurity researchers at Check Point have uncovered a large-scale operation targeting approximately 3,200 organizations, resulting in over 9,300 phishing emails over…
-
Critical RCE flaw allows full takeover of n8n AI workflow platform
Tags: ai, api, attack, authentication, cloud, credentials, data, email, exploit, flaw, leak, LLM, password, rce, remote-code-execution, threat, vulnerabilityformWebhook function used by n8n Form nodes to receive data doesn’t validate whether the Content-Type field of the POST request submitted by the user is set to multipart/form-data.Imagine a very common use case in which n8n has been used to build a chat interface that allows users to upload files to the system, for example,…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
NDSS 2025 Automatic Insecurity: Exploring Email Auto-configuration In The Wild
Tags: attack, conference, credentials, cyber, email, Internet, network, technology, threat, vulnerabilitySession 8A: Email Security Authors, Creators & Presenters: Shushang Wen (School of Cyber Science and Technology, University of Science and Technology of China), Yiming Zhang (Tsinghua University), Yuxiang Shen (School of Cyber Science and Technology, University of Science and Technology of China), Bingyu Li (School of Cyber Science and Technology, Beihang University), Haixin Duan (Tsinghua…
-
Lack of MFA is Common Thread in Vast Cloud Credential Heist
An emerging threat actor that goes by Zestix used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/lack-mfa-common-thread-vast-cloud-credential-heist
-
ownCloud urges users to enable MFA after credential theft reports
File-sharing platform ownCloud warned users today to enable multi-factor authentication (MFA) to block attackers using compromised credentials from stealing their data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/owncloud-urges-users-to-enable-mfa-after-credential-theft-reports/
-
10 Identity and Credential Risk Questions for 2026
Identity and credential risk drives account takeover and lateral movement. Discover 10 questions enterprises should ask to reduce exposure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/10-identity-and-credential-risk-questions-for-2026/
-
Missing MFA Strikes Again: Hacker Hits Collaboration Tools
Terabytes of Data Stolen From Cloud-Based Collaboration Tools, Researchers Warn. Dozens of organizations that use real-time content collaboration platforms appear to have lost not only credentials but also terabytes of hosted data to information-stealing malware being wielded by an initial access broker with a sideline in auctioning large volumes of stolen data. First seen on…
-
How generative AI accelerates identity attacks against Active Directory
Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-generative-ai-accelerates-identity-attacks-against-active-directory/
-
One criminal, 50 hacked organizations, and all because MFA wasn’t turned on
Crim used infostealer to get cloud credentials First seen on theregister.com Jump to article: www.theregister.com/2026/01/06/50_global_orgs_hacked/
-
Why being proactive in NHI management is critical for security
Are You Guarding Your Machine Identities Effectively? The management of Non-Human Identities (NHIs) is a critical component of cybersecurity strategies for organizations operating in cloud environments. NHIs, essentially machine identities, represent a fusion of encrypted credentials, such as passwords or tokens, and their corresponding permissions. To draw an analogy, think of an NHI as a……
-
Ten thousand firewalls are vulnerable to old vulnerability
This news brief originally appeared on ComputerSweden.More Fortinet security news:FortiGate firewall credentials being stolen after vulnerabilities discoveredFortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipmentFortinet admins urged to update software to close FortiCloud SSO holes First seen on csoonline.com Jump to article: www.csoonline.com/article/4112857/ten-thousand-firewalls-are-vulnerable-to-old-vulnerability.html
-
VVS Stealer, a new python malware steals Discord credentials
VVS Stealer is a Python-based malware that steals Discord credentials and tokens and has been sold on Telegram since at least April 2025. Palo Alto Networks researchers uncovered VVS Stealer, a Python-based malware that steals Discord credentials and tokens and has been sold on Telegram since at least April 2025. VVS Stealer uses the source…
-
New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that’s capable of harvesting Discord credentials and tokens.The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42.”VVS stealer’s code…
-
Best of 2025: Google Gemini AI Flaw Could Lead to Gmail Compromise, Phishing
Researchers discovered a security flaw in Google’s Gemini AI chatbot that could put the 2 billion Gmail users in danger of being victims of an indirect prompt injection attack, which could lead to credentials being stolen or phishing attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/google-gemini-ai-flaw-could-lead-to-gmail-compromise-phishing-2/
-
Critical Apache StreamPipes Flaw Allows Attackers to Take Over Admin Accounts
Apache StreamPipes has released an urgent security advisory addressing CVE-2025-47411, a critical privilege escalation vulnerability affecting versions 0.69.0 through 0.97.0. The flaw allows attackers with legitimate non-administrator accounts to exploit the user ID creation mechanism and hijack administrator credentials, gaining full control over the streaming data platform. The Vulnerability The vulnerability stems from improper handling…
-
How to Prevent Credential Stuffing Attacks: Detection Protection Strategies
Learn how to stop credential stuffing attacks with advanced detection and protection strategies for Enterprise SSO and CIAM solutions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/how-to-prevent-credential-stuffing-attacks-detection-protection-strategies/
-
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft.The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical First seen…
-
Top 5 real-world AI security threats revealed in 2025
Tags: access, ai, api, attack, breach, chatgpt, cloud, control, credentials, cybercrime, data, data-breach, defense, email, exploit, flaw, framework, github, gitlab, google, injection, least-privilege, LLM, malicious, malware, microsoft, nvidia, open-source, openai, rce, remote-code-execution, risk, service, software, supply-chain, theft, threat, tool, vulnerabilityA critical remote code execution (RCE) in open-source AI agent framework Langflow that was also exploited in the wildAn RCE flaw in OpenAI’s Codex CLIVulnerabilities in NVIDIA Triton Inference ServerRCE vulnerabilities in major AI inference server frameworks, including those from Meta, Nvidia, Microsoft, and open-source projects such as vLLM and SGLangVulnerabilities in open-source compute framework…
-
Inside the Biggest Cyber Attacks of 2025
Tags: attack, breach, credentials, cyber, cybersecurity, finance, government, healthcare, incident, infrastructure, leak, saas, supply-chain2025 has emerged as one of the most disruptive years for cybersecurity, marked by unprecedented breach volumes, record-breaking credential leaks, and cascading supply-chain failures. Across just 12 months, cyber incidents have impacted governments, healthcare systems, financial institutions, SaaS providers, airlines, retailers, and critical infrastructure, proving that no industry or geography remains insulated. 2025 Global Cybersecurity……
-
NPM package with 56,000 downloads compromises WhatsApp accounts
An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp Web API library and fork of ‘Baileys’, has been stealing users’ credentials and data. The package has been available for six months and has had over 56,000…
-
FBI seized ‘web3adspanels.org’ hosting stolen logins
The U.S. seized the ‘web3adspanels.org’ domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybercriminals used it to store bank login credentials stolen from U.S. victims. A criminal group ran fake ads on Google and Bing that mimicked real bank advertisements. Victims…
-
FBI seizes domain storing bank credentials stolen from U.S. victims
The U.S. government has seized the ‘web3adspanels.org’ domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-domain-storing-bank-credentials-stolen-from-us-victims/