Tag: credentials
-
US shuts down phisherfolk’s $14.6M password-hoarding platform
Crooks used platform to scoop up and store banking credentials for big-money thefts First seen on theregister.com Jump to article: www.theregister.com/2025/12/24/us_shutters_phishermens_146m_passwordhording/
-
Webrat turns GitHub PoCs into a malware trap
The malicious payload and behavior: Beneath the polished README, the attackers dumped a password-protected ZIP linked in the repository. The archive password was hidden in file names, something easily missable by unsuspecting eyes. Inside, the key components include a decoy DLL, a batch file to launch the malware, and the primary executable (like rasmanesc.exe) capable…
-
Operation PCPcat Exploits Next.js and React, Impacting 59,000+ Servers
Tags: access, authentication, control, credentials, cyber, data, exploit, framework, infrastructure, monitoring, vulnerabilityA sophisticated credential-stealing campaign named >>Operation PCPcat
-
How AI Will Reshape Health Data Breach, Attack Trends
Healthcare data breaches are becoming more frequent but smaller in scale, targeting smaller entities and high-value credentials and records – and AI is reshaping both the attack landscape and fraud patterns, said Jim Van Dyke, senior principal of innovation at TransUnion. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/how-ai-will-reshape-health-data-breach-attack-trends-i-5511
-
US disrupts multimillion-dollar bank account takeover operation targeting Americans
Crooks used fraudulent ads on major search engines to mimic banks and harvest people’s login credentials, netting at least $14.6 million, the U.S. authorities said in announcing a takedown of the operation. First seen on therecord.media Jump to article: therecord.media/us-disrupts-bank-account-takeover-operation-web3adspanels
-
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials.The extensions are advertised as a “multi-location network speed test plug-in” for developers and foreign trade personnel. Both the browser add-ons are available for download as…
-
Amazon has stopped 1,800 job applications from North Korean agents
North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike reportHow not to hire a North Korean IT spyNorth Korean hackers impersonated recruiters to steal credentials from over 1,500 developer systemsNorth Korean fake IT workers up the ante in targeting tech firms First seen on csoonline.com Jump to article: www.csoonline.com/article/4111148/amazon-has-stopped-1800-job-applications-from-north-korean-agents.html
-
Malicious extensions in Chrome Web store steal user credentials
Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-extensions-in-chrome-web-store-steal-user-credentials/
-
Fake VPN Chrome Extensions Steal Credentials by Intercepting User Traffic
Socket’s Threat Research Team has exposed a sophisticated credential-harvesting campaign that has operated through malicious Chrome extensions since 2017. Two variants of an extension named Phantom Shuttle (幻影穿æ¢), published under the threat actor email theknewone.com@gmail.com, have compromised over 2,180 users by masquerading as legitimate network testing tools while executing complete traffic interception and credential theft. The extensions market…
-
Malicious NPM Package Hits 56K Downloads, Steals WhatsApp Messages
A sophisticated malware campaign has compromised the npm registry through a malicious package that perfectly mimics legitimate WhatsApp API functionality while silently exfiltrating authentication credentials, messages, contacts, and media files from unsuspecting developers. The lotusbail package, addressed over 56,000 times during its six-month presence on npm, represents a dangerous evolution in supply chain attacks where…
-
Passwd: A walkthrough of the Google Workspace Password Manager
Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature overload, aiming to provide a reliable system for teams that already rely First seen on…
-
A year of Keeper Security!
Tags: access, ai, attack, credentials, cybersecurity, endpoint, infrastructure, passkey, password, software, zero-trustKeeper Security, the provider of zero-trust and zero-knowledge cybersecurity software protecting passwords and passkeys, infrastructure secrets, remote connections and endpoints, had reflected on 2025 as a year of meaningful growth. Amid an increase in credential-based attacks, rapid AI adoption and the operational demands of hybrid environments, Keeper strengthened its Privileged Access Management (PAM) platform, expanded…
-
Scammers use AI to make fake art seem real
Human-in-the-loop isn’t enough: New attack turns AI safeguards into exploitsAI startups leak sensitive credentials on GitHub, exposing models and training dataAI hallucinations lead to a new cyber threat: Slopsquatting First seen on csoonline.com Jump to article: www.csoonline.com/article/4110618/scammers-use-ai-to-make-fake-art-seem-real.html
-
NIS2 Compliance: Maintaining Credential Security
Strengthen NIS2 compliance by preventing weak and compromised passwords with Enzoic’s continuous credential protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/nis2-compliance-maintaining-credential-security/
-
Preventing This Week’s AWS Cryptomining Attacks: Why Detection Fails and Permissions Matter
The recent discovery of a cryptomining campaign targeting Amazon compute resources highlights a critical gap in traditional cloud defense. Attackers are bypassing perimeter defenses by leveraging compromised credentials to execute legitimate but privileged API calls like ec2:CreateLaunchTemplate, ecs:RegisterTaskDefinition, ec2:ModifyInstanceAttribute, and lambda:CreateFunctionUrlConfig. While detection tools identify anomalies after they occur, they do not prevent execution, lateral……
-
BlueDelta Hackers Target Users of Popular Ukrainian Webmail and News Service
Russian state-sponsored threat group BlueDelta has conducted a sustained credential-harvesting campaign targeting users of UKR.NET, one of Ukraine’s most popular webmail and news services, between June 2024 and April 2025. According to research by Recorded Future’s Insikt Group, the operation represents a significant escalation in the GRU-linked threat actor’s efforts to compromise Ukrainian user credentials…
-
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
Tags: attack, authentication, credentials, email, government, group, hacker, microsoft, phishing, russiaA suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks.The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare.The attacks involve using compromised email addresses belonging to government First seen on thehackernews.com…
-
Attackers bring their own passwords to Cisco and Palo Alto VPNs
Tags: authentication, cisco, credentials, data-breach, endpoint, infrastructure, login, malicious, mfa, password, threat, vpnBrute-forcing Cisco’s SSL VPN follows: Just a day after the GlobalProtect surge, the same actor infrastructure pivoted to Cisco’s SSL VPN endpoints, with the same TCP fingerprint and hosting provider IP space. GreyNoise saw the number of unique attacking IPs jump from a typical daily baseline of fewer than 200 to over 1200, signalling a…
-
Attackers bring their own passwords to Cisco and Palo Alto VPNs
Tags: authentication, cisco, credentials, data-breach, endpoint, infrastructure, login, malicious, mfa, password, threat, vpnBrute-forcing Cisco’s SSL VPN follows: Just a day after the GlobalProtect surge, the same actor infrastructure pivoted to Cisco’s SSL VPN endpoints, with the same TCP fingerprint and hosting provider IP space. GreyNoise saw the number of unique attacking IPs jump from a typical daily baseline of fewer than 200 to over 1200, signalling a…
-
Attackers bring their own passwords to Cisco and Palo Alto VPNs
Tags: authentication, cisco, credentials, data-breach, endpoint, infrastructure, login, malicious, mfa, password, threat, vpnBrute-forcing Cisco’s SSL VPN follows: Just a day after the GlobalProtect surge, the same actor infrastructure pivoted to Cisco’s SSL VPN endpoints, with the same TCP fingerprint and hosting provider IP space. GreyNoise saw the number of unique attacking IPs jump from a typical daily baseline of fewer than 200 to over 1200, signalling a…
-
Targeted Phishing Attack Strikes HubSpot Users
Evalian’s Security Operations Centre has uncovered an active, sophisticated phishing campaign targeting HubSpot customers, combining business email compromise (BEC) tactics with website compromise to distribute a credential-stealing malware to unsuspecting users. The multi-layered attack demonstrates how modern threat actors are evolving their techniques to bypass traditional email security controls. The phishing campaign employs a deceptive…
-
Identity risk is changing faster than most security teams expect
Security leaders are starting to see a shift in digital identity risk. Fraud activity is becoming coordinated, automated, and self-improving. Synthetic personas, credential … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/19/au10tix-automated-fraud-detection-report/
-
Identity risk is changing faster than most security teams expect
Security leaders are starting to see a shift in digital identity risk. Fraud activity is becoming coordinated, automated, and self-improving. Synthetic personas, credential … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/19/au10tix-automated-fraud-detection-report/