Tag: credentials
-
Russian APT group pivots to network edge device misconfigurations
Tags: apt, attack, authentication, breach, cloud, credentials, detection, group, infrastructure, intelligence, mfa, mssp, network, russia, service, technology, theft, threatCredential harvesting: The researchers also observed credential replay attacks against victims’ other online services using stolen domain credentials following network edge device compromises. This indicates that the attackers are likely harvesting credentials by leveraging the traffic capturing and analysis capabilities of the compromised devices.”Time gap between device compromise and authentication attempts against victim services suggests…
-
SantaStealer stuffs credentials, crypto wallets into a brand new bag
All I want for Christmas “¦ is all of your data First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/santastealer_stuffs_users_credentials_crypto/
-
SantaStealer Joins the Naughty List of New Infostealers
SantaStealer is a new malware-as-a-service infostealer that steals credentials and data using largely in-memory techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/santastealer-joins-the-naughty-list-of-new-infostealers/
-
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining.The activity, first detected by Amazon’s GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper First seen on thehackernews.com Jump…
-
SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
Cybersecurity researchers at Rapid7 Labs have uncovered a sophisticated new threat: SantaStealer, a malware-as-a-service information stealer actively promoted on Telegram channels and underground hacker forums. The malware, which recently rebranded from >>BluelineStealer,
-
SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
Cybersecurity researchers at Rapid7 Labs have uncovered a sophisticated new threat: SantaStealer, a malware-as-a-service information stealer actively promoted on Telegram channels and underground hacker forums. The malware, which recently rebranded from >>BluelineStealer,
-
Android Users at Risk as Malware Poses as mParivahan and e-Challan Apps
A sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal credentials and carry out large-scale financial fraud. The operation combines phishing, malware, and surveillance capabilities. It is being distributed via malicious APKs hosted on GitHub and clusters of phishing domains that…
-
Identity Risk Is Now the Front Door to Enterprise Breaches (and How Digital Risk Protection Stops It Early)
Most enterprise breaches no longer begin with a firewall failure or a missed patch. They begin with an exposed identity. Credentials harvested from infostealers. Employee logins are sold on criminal forums. Executive personas impersonated to trigger wire fraud. Customer identities stitched together from scattered exposures. The modern breach path is identity-first, and that shift… First…
-
What types of compliance should your password manager support?
Lost credentials and weak authentication controls still sit at the center of many security incidents. IT leaders and CISOs know this problem well. They also know that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/15/password-manager-compliance-types/
-
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto
A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google search results and redirecting victims to legitimate-looking LLM-generated chat sessions that contain obfuscated malicious commands, effectively bypassing platform-level safety mechanisms. The attack begins when users search for common macOS troubleshooting…
-
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto
A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google search results and redirecting victims to legitimate-looking LLM-generated chat sessions that contain obfuscated malicious commands, effectively bypassing platform-level safety mechanisms. The attack begins when users search for common macOS troubleshooting…
-
New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera
Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC. First seen on hackread.com Jump to article: hackread.com/droidlock-android-malware-users-spy-camera/
-
Hidden .NET HTTP proxy behavior can open RCE flaws in apps, a security issue Microsoft won’t fix
Tags: api, control, credentials, cve, endpoint, exploit, flaw, framework, ivanti, leak, microsoft, monitoring, ntlm, powershell, programming, rce, remote-code-execution, service, vulnerabilityServiceDescriptionImporter class,” he said. “That mechanism alone enabled successful exploitation in products from Barracuda, Ivanti, Microsoft and Umbraco, and it took only a few days of review to find working cases.” The .NET Framework and ASP.NET are among the most popular programming languages for enterprise applications. When a developer wants their application to communicate with…
-
2025 Year of Browser Bugs Recap:
Tags: access, ai, api, attack, authentication, awareness, browser, cctv, chrome, cloud, communications, computer, credentials, crypto, cyber, data, data-breach, detection, edr, email, endpoint, exploit, flaw, gartner, google, guide, identity, injection, leak, login, malicious, malware, network, openai, passkey, password, phishing, ransom, ransomware, risk, saas, service, threat, tool, update, vulnerability, windows, xss, zero-dayAt the beginning of this year, we launched the Year of Browser Bugs (YOBB) project, a commitment to research and share critical architectural vulnerabilities in the browser. Inspired by the iconic Months of Bugs tradition in the 2000s, YOBB was started with a similar purpose”Š”, “Što drive awareness and discussion around key security gaps and…
-
Securing MCP: How to Build Trustworthy Agent Integrations
Model Context Protocol (MCP) is quickly becoming the backbone of how AI agents interact with the outside world. It gives agents a standardized way to discover tools, trigger actions, and pull data. MCP dramatically simplifies integration work. In short, MCP servers act as the adapter that grants access to services, manages credentials and permissions, and..…
-
Securing MCP: How to Build Trustworthy Agent Integrations
Model Context Protocol (MCP) is quickly becoming the backbone of how AI agents interact with the outside world. It gives agents a standardized way to discover tools, trigger actions, and pull data. MCP dramatically simplifies integration work. In short, MCP servers act as the adapter that grants access to services, manages credentials and permissions, and..…
-
Microsoft Releases New Guidance to Combat the Shai-Hulud 2.0 Supply Chain Threat
Tags: attack, cloud, credentials, cyber, exploit, microsoft, programming, software, supply-chain, threatMicrosoft has published comprehensive guidance addressing the Shai-Hulud 2.0 supply chain attack, one of the most significant cloud-native ecosystem compromises observed in recent months. The campaign represents a sophisticated threat that exploits the trust inherent in modern software development workflows by targeting developer environments, CI/CD pipelines, and cloud-connected workloads to harvest sensitive credentials and configuration…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments
Tags: access, api, authentication, awareness, cloud, credentials, data-breach, detection, exploit, github, infrastructure, malicious, mfa, monitoring, security-incident, strategy, threat, trainingEasily evading detection: Wiz found that a threat actor with basic read permissions via a PAT can use GitHub’s API code search to discover secret names embedded directly in a workflow’s yaml code, accessed via “${{ secrets.SECRET_NAME }}.”The danger is that this secret discovery method is difficult to monitor because search API calls are not…
-
GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments
Tags: access, api, authentication, awareness, cloud, credentials, data-breach, detection, exploit, github, infrastructure, malicious, mfa, monitoring, security-incident, strategy, threat, trainingEasily evading detection: Wiz found that a threat actor with basic read permissions via a PAT can use GitHub’s API code search to discover secret names embedded directly in a workflow’s yaml code, accessed via “${{ secrets.SECRET_NAME }}.”The danger is that this secret discovery method is difficult to monitor because search API calls are not…
-
GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments
Tags: access, api, authentication, awareness, cloud, credentials, data-breach, detection, exploit, github, infrastructure, malicious, mfa, monitoring, security-incident, strategy, threat, trainingEasily evading detection: Wiz found that a threat actor with basic read permissions via a PAT can use GitHub’s API code search to discover secret names embedded directly in a workflow’s yaml code, accessed via “${{ secrets.SECRET_NAME }}.”The danger is that this secret discovery method is difficult to monitor because search API calls are not…
-
Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft
Varonis threat analysts warn about Spiderman, a dangerous new kit that automates attacks against European banks and crypto customers, stealing a victim’s full identity profile. First seen on hackread.com Jump to article: hackread.com/spiderman-phishing-kit-european-banks-credential-theft/
-
Google Patches AI Flaw That Turned Gemini Into a Spy
Zero-Click Vulnerability Let Attackers Weaponize Enterprise AI Assistant. Google patched a vulnerability in Gemini Enterprise that allowed attackers to steal corporate data through a shared document, calendar invitation or email without any user action or security alerts. No malware was executed, no credentials were phished and no data left through approved channels. First seen on…
-
Exploitation Efforts Against Critical React2Shell Flaw Accelerate
The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and initial access to downloaders, crypto-mining, and the NoodleRat backdoor being executed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/exploitation-efforts-against-critical-react2shell-flaw-accelerate/