Tag: credentials
-
SideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail Logins
SideWinder is running an active credential”‘harvesting campaign that uses a fake Chrome PDF viewer and a pixel”‘perfect Zimbra clone on Cloudflare Workers to steal government webmail credentials from South Asian targets, including the Bangladesh Navy and Pakistan’s Ministry of Foreign Affairs. The campaign came to light after a Cloudflare Workers URL was spotted harvesting credentials…
-
Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects
The popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for any project created on the platform before November 2025. According to a detailed public disclosure by security researcher…
-
Your AI Agents Should Be Getting Their Credentials from a PAM Vault
The rise of AI agents has created a problem that most security teams have not yet fully reckoned with. Developers are building agents that automate tasks, retrieve information, and take action on behalf of users. Those agents need credentials to do their jobs. And right now, in countless organizations, those credentials are being hardcoded into……
-
A Token Flaw Turned Azure’s AI Agent Into a Spy
Outsiders Could Exploit Misconfig to Stream Commands, Credentials. A misconfiguration in Microsoft’s Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization’s agent conversations in real time, watching commands, outputs and credentials, leaving no trace. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/token-flaw-turned-azures-ai-agent-into-spy-a-31462
-
A Token Flaw Turned Azure’s AI Agent Into a Spy
Outsiders Could Exploit Misconfig to Stream Commands, Credentials. A misconfiguration in Microsoft’s Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization’s agent conversations in real time, watching commands, outputs and credentials, leaving no trace. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/token-flaw-turned-azures-ai-agent-into-spy-a-31462
-
Vercel Traces Customer Data Theft to Agentic AI Tool Breach
Attacker First Compromised AI Tool Used by Vercel Employee, Platform Provider Finds. Cloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party agentic artificial intelligence tool used by an employee, called Context.ai, and stealing from it credentials and OAuth tokens tied to multiple services and customers. First…
-
MiningDropper Spreads Infostealers, RATs, Banking Malware on Android
Hackers are abusing a modular Android framework called MiningDropper to mine cryptocurrency and silently install infostealers, remote access trojans (RATs), and banking malware on infected devices. MiningDropper is a multi-stage Android dropper that combines crypto-mining with the delivery of additional malware payloads, including banking trojans, RATs such as BTMOB, and credential-stealing spyware. A recent variant is built…
-
Next.js developer Vercel warns of customer credential compromise
Tags: credentialsBlames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/vercel_context_ai_security_incident/
-
Why Dark Web Monitoring Is No Longer Enough (And What Comes Next)
The problem with how we monitor identity risk today For years, dark web monitoring has been positioned as the frontline defense against compromised credentials and identity exposure. If your data showed up on the dark web, you got an alert. If it didn’t, you assumed you were safe. That model no longer reflects reality. The……
-
QEMU Hijacked as Stealth Backdoor for Credential Theft, Ransomware
Attackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allows running full operating systems as virtual machines on a host. Threat actors are weaponizing this capability by running their…
-
[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAuth grants. When projects end or employees leave,…
-
Man who hacked US Supreme Court filing system sentenced to probation
Nicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims’ personal data on Instagram under the handle @ihackedthegovernment. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/17/man-who-hacked-us-supreme-court-filing-system-sentenced-to-probation/
-
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings. He continued selling stolen login data online even after pleading…
-
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings. He continued selling stolen login data online even after pleading…
-
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings. He continued selling stolen login data online even after pleading…
-
TP-Link Routers Hit by Mirai in CVE-2023-33538 Attacks
Hackers are actively scanning for vulnerable TP-Link home routers to push Mirai-style malware, abusing CVE-2023-33538 in a new wave of automated attacks. While the current exploit attempts are technically flawed, researchers warn that the underlying bug is real and dangerous when combined with default credentials and end”‘of”‘life firmware. It affects TL”‘WR940N v2/v4, TL”‘WR740N v1/v2 and…
-
CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability
CVE-2026-34197: ActiveMQ Jolokia flaw enables authenticated RCE, exposing sensitive data, credentials, and integrated systems across enterprise environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/cve-2026-34197-apache-activemq-jolokia-rce-vulnerability/
-
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Tags: backdoor, blockchain, credentials, cve, cyber, exploit, infection, rce, remote-code-execution, theftAttackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high”‘value infection points. The campaign combines pre-auth RCE, credential theft, lateral movement to PostgreSQL and Redis, and a blockchain-based C2 channel that is difficult to monitor or…
-
Hackers Deploy ATHR for Scalable AI-Driven Vishing and Credential Theft
Tags: ai, attack, automation, credentials, cyber, cybercrime, email, hacker, malicious, phishing, theftHackers are increasingly turning to telephone-oriented attack delivery (TOAD) to bypass traditional email security, and a new cybercrime platform called ATHR is accelerating this trend with AI-driven automation and integrated phishing capabilities. TOAD attacks rely on a simple but effective tactic: instead of embedding malicious links or attachments, attackers send benign-looking emails containing only a…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers – all reporting back to the same central point. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/malicious-chrome-extensions-steal-google-telegram-data
-
Cybersecurity Risks of Hiring a Virtual Assistant and How to Protect Your Business
Virtual assistants boost productivity but add cybersecurity risks. Poor access control, weak devices, and credential sharing can expose sensitive business data. First seen on hackread.com Jump to article: hackread.com/cybersecurity-risks-hiring-virtual-assistant-business/
-
North Korea Uses ClickFix to Target macOS Users’ Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/north-korea-clickfix-target-macos-users-data
-
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…