Tag: credentials
-
Microsoft Shuts Down RaccoonO365 Phishing Ring, Seizes 338 Websites
Microsoft’s Digital Crimes Unit dismantled RaccoonO365, a major phishing service that stole thousands of user credentials and targeted US healthcare organisations. Discover how the operation worked and its global impact. First seen on hackread.com Jump to article: hackread.com/microsoft-shuts-down-raccoono365-phishing-seizes-sites/
-
Microsoft Disrupts RaccoonO365 Phishing Kit, Seizes 338 Malicious Sites
Microsoft revealed it has seized 338 websites associated with RaccoonO365, a phishing kit which has stolen at least 5000 Microsoft credentials worldwide First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-disrupts-phishing-kit/
-
Adtech Abused by Threat Actors to Spread Malicious Advertisements
Malicious advertising campaigns have surged in sophistication, with cybercriminals exploiting and even operating adtech firms to deliver malware, credential stealers and phishing schemes directly through mainstream ad networks. A cluster of interconnected companies”, run through shell corporations, hosted on compromised infrastructure, and registered en masse via a notorious registrar”, has enabled a prolific threat actor,…
-
Python-Based “XillenStealer” Campaign Targets Windows Users’ Sensitive Data
A sophisticated Python-based information stealer named XillenStealer has emerged as a significant threat to Windows users, designed to harvest sensitive system data, browser credentials, and cryptocurrency wallet information. XillenStealer operates through a comprehensive builder framework called >>XillenStealer Builder V3.0,
-
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024.”Using a court order granted by the Southern District…
-
RaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 Domains
Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024.”Using a court order granted by the Southern District…
-
Self-Replicating Worm Compromising Hundreds of NPM Packages
An ongoing supply chain attack dubbed “Shai-Hulud” has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that the attackers control. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/self-replicating-worm-compromising-hundreds-of-npm-packages/
-
Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national
Microsoft found that the group behind RaccoonO365 has been paid at least $100,000 in cryptocurrency from about 100 subscriptions. This is likely only a portion of the money earned from the tool, according to Microsoft. First seen on therecord.media Jump to article: therecord.media/microsoft-cloudflare-disrupt-raccoono365-credential-stealing-tool
-
Microsoft seizes hundreds of phishing sites tied to massive credential theft operation
The company acted on a court order and collaborated with Cloudflare to seize RaccoonO365’s infrastructure, which was used to steal credentials from organizations in 94 countries. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-seizes-phishing-sites-raccoono365/
-
Warning: Hackers have inserted credential-stealing code into some npm libraries
Tags: api, attack, authentication, ciso, cloud, credentials, github, google, hacker, Hardware, incident response, malware, mfa, monitoring, open-source, phishing, sans, software, supply-chain, threatMore than 40 packages affected: One of the researchers who found and flagged the hack Monday was French developer François Best, and it was also described in blogs from StepSecurity, Socket, ReversingLabs and Ox Security. These blogs contain a full list of compromised packages and indicators of compromise.Researchers at Israel-based Ox Security said there was a…
-
Self-Replicating ‘Shai-hulud’ Worm Targets NPM Packages
The newly emerged worm has spread across hundreds of open source software packages, stealing credentials and infecting other components without much direct attacker input. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/self-replicating-shai-hulud-worm-npm-packages
-
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.”The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling First seen on thehackernews.com…
-
40+ npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.”The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling First seen on thehackernews.com…
-
Anthropic Report Shows Bad Actors Abusing Claude in Attacks
A recent report from AI giant Anthropic outlined multiple instances where threat actors abused its Claude LLM in their nefarious activities, including one in which a hacker automated every aspect of a data extortion campaign, from initial reconnaissance to stealing credentials and penetrating networks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/anthropic-report-shows-bad-actors-abusing-claude-in-attacks/
-
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
Tags: ai, attack, control, credentials, detection, exploit, framework, governance, hacking, identity, incident response, intelligence, network, pypi, RedTeam, risk, supply-chain, threat, update, vulnerability, windowsSupply chain and detection risks: Villager’s presence on a trusted public repository like PyPI, where it was downloaded over 10,000 times over the last two months, introduces a new vector for supply chain compromise. Jason Soroko, senior fellow at Sectigo, advised that organizations “focus first on package provenance by mirroring PyPI, enforcing allow lists for…
-
Anthropic Report Shows Bad Actors Abusing Claude in Attacks
A recent report from AI giant Anthropic outlined multiple instances where threat actors abused its Claude LLM in their nefarious activities, including one in which a hacker automated every aspect of a data extortion campaign, from initial reconnaissance to stealing credentials and penetrating networks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/anthropic-report-shows-bad-actors-abusing-claude-in-attacks/
-
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
Tags: ai, attack, control, credentials, detection, exploit, framework, governance, hacking, identity, incident response, intelligence, network, pypi, RedTeam, risk, supply-chain, threat, update, vulnerability, windowsSupply chain and detection risks: Villager’s presence on a trusted public repository like PyPI, where it was downloaded over 10,000 times over the last two months, introduces a new vector for supply chain compromise. Jason Soroko, senior fellow at Sectigo, advised that organizations “focus first on package provenance by mirroring PyPI, enforcing allow lists for…
-
From prevention to rapid response: The new era of CISO strategy
Tags: access, attack, authentication, automation, awareness, breach, ciso, control, credentials, cybersecurity, data, finance, fintech, infrastructure, Intruder, malicious, monitoring, network, privacy, radius, resilience, service, strategy, threat, zero-trustBreaches will happen, so how do we deal with the fallout?CISOs are now spending less energy trying to keep every threat at bay. They know attackers will get in, but the question is, what’s next? The new mindset is about stopping intruders from moving around and escalating the damage.This shift means investing in sharper visibility,…
-
Threat Actors Exploit MCP Servers to Steal Sensitive Data
Unvetted Model Context Protocol (MCP) servers introduce a stealthy supply chain attack vector, enabling adversaries to harvest credentials, configuration files, and other secrets without deploying traditional malware. The Model Context Protocol (MCP)”, the new “plug-in bus” for AI assistants”, promises seamless integration of AI models with external tools and data sources. Yet this flexibility creates…
-
SmokeLoader Employs Optional Plugins to Steal Data and Launch DoS Attacks
Active since 2011, SmokeLoader (also known as Smoke or Dofoil) has cemented its reputation as a versatile malware loader engineered to deliver second-stage payloads, including trojans, ransomware, and information stealers. Over the years, it has evolved to evade detection and optimize payload delivery, extending its reach through an extensible plugin framework capable of credential harvesting,…
-
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.”The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling First seen on thehackernews.com…
-
Sidewinder Hackers Weaponize Nepal Protests to Spread Cross-Platform Malware
Sidewinder, a well-known advanced persistent threat (APT) group, has adapted its tactics to exploit the ongoing protests in Nepal, deploying a coordinated campaign of mobile and Windows malware alongside credential phishing. By masquerading as respected national institutions and figures, the group seeks to harvest sensitive data from users tracking the nation’s political turmoil. The protests,…
-
DarkCloud Stealer Targets Financial Firms via Weaponized RAR Files
August 2025 saw a dramatic surge in targeted attacks by the DarkCloud Stealer against financial institutions worldwide. CyberProof’s MDR analysts and threat hunters identified a wave of phishing emails bearing malicious RAR archives designed to prey on Windows users. Once executed, these archives unleashed a multi”stage payload engineered to siphon login credentials from email clients,…
-
Why Hybrid Windows Environments are Still a Security Blind Spot
5 min readHybrid Windows environments pose a security risk due to outdated identity controls. Relying on static credentials and fragmented visibility, these setups are vulnerable. Modernization with workload identity federation, conditional access, and centralized monitoring is crucial to close security gaps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/why-hybrid-windows-environments-are-still-a-security-blind-spot/
-
Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories
Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/leveraging-credentials-as-unique-identifiers-a-pragmatic-approach-to-nhi-inventories/
-
Stealthy AsyncRAT flees the disk for a fileless infection
Tags: access, best-practice, control, credentials, infection, malicious, malware, monitoring, phishing, powershell, rat, theft, threat, update, windowsRAT with evasion and persistence: Once AsyncRAT was loaded, the attackers took steps to disrupt Windows defenses. The report notes techniques such as disabling Anti-malware Scan Interface (AMSI) and tampering with Event Tracking for Windows (ETW), both critical features for runtime detection. To maintain persistence, they created a scheduled task disguised as “Skype Update,” ensuring…