Tag: credentials
-
Rogue Go Module Doubles as Fast SSH Brute-Forcer, Sends Stolen Passwords via Telegram
Socket’s Threat Research Team has uncovered a deceptive Go module named golang-random-ip-ssh-bruteforce, which masquerades as an efficient SSH brute-forcing tool but secretly exfiltrates stolen credentials to its creator. Published on June 24, 2022, this package remains active on the Go Module ecosystem and GitHub, despite efforts to petition for its removal and the suspension of…
-
Hackers Weaponize QR Codes With Malicious Links to Steal Sensitive Data
Quishing, a powerful form of phishing that uses malicious hyperlinks contained in QR codes to expose user credentials and sensitive data, has surfaced in the ever-changing field of cybersecurity threats. Unlike traditional phishing, which relies on clickable links or deceptive emails, quishing exploits the inherent opacity of QR codes, which are unreadable to the human…
-
AI Website Generators Repurposed by Adversaries for Malware Campaigns
Adversaries are using AI-powered website builders to expedite the development of harmful infrastructure in a quickly changing threat landscape, hence reducing the entry barriers for malware distribution and credential phishing. Platforms like Lovable, which enable users to generate fully functional websites via natural language prompts, have been observed in numerous campaigns since early 2025. These…
-
Warlock Ransomware Exploits SharePoint Flaws for Initial Access and Credential Theft
Tags: access, credentials, cyber, exploit, flaw, group, microsoft, network, ransomware, remote-code-execution, theft, vulnerabilityThe Warlock ransomware group has intensified its operations by targeting unpatched on-premises Microsoft SharePoint servers, leveraging critical vulnerabilities to achieve remote code execution and initial network access. This campaign, observed in mid-2025, involves sending crafted HTTP POST requests to upload web shells, facilitating reconnaissance, privilege escalation, and credential theft. Initial Exploitation Attackers exploit flaws like…
-
Threat Actors Weaponize PDF Editor Trojan to Convert Devices into Proxies
Researchers have discovered a complex campaign using trojanized software that uses authentic code-signing certificates to avoid detection and turn compromised machines into unintentional residential proxies, according to a recent threat intelligence notice from Expel Security. The operation begins with files bearing the code-signing signature of >>GLINT SOFTWARE SDN. BHD.,
-
Russian hackers exploit old Cisco flaw to target global enterprise networks
Six-year-old vulnerability still wreaking havoc: At the heart of this campaign lies CVE-2018-0171, a critical vulnerability that affected Cisco IOS software’s Smart Install feature and allowed unauthenticated remote attackers to execute arbitrary code or trigger denial-of-service conditions.Despite Cisco patching the flaw in 2018, Static Tundra continued exploiting unpatched devices, particularly those that reached end-of-life status,…
-
New SHAMOS Malware Targets macOS Through Fake Help Sites to Steal Login Credentials
Tags: credentials, crowdstrike, crypto, cyber, cybercrime, cybersecurity, data, group, login, macOS, malware, serviceCybersecurity researchers at CrowdStrike identified and thwarted a sophisticated malware campaign deploying SHAMOS, an advanced variant of the Atomic macOS Stealer (AMOS) malware, orchestrated by the cybercriminal group COOKIE SPIDER. Operating under a malware-as-a-service model, COOKIE SPIDER rents out this information stealer to affiliates who target victims to harvest sensitive data, including login credentials, cryptocurrency…
-
MITM6 + NTLM Relay Attack Enables Full Domain Compromise
Cybersecurity researchers are highlighting a dangerous attack technique that combines rogue IPv6 configuration with NTLM credential relay to achieve complete Active Directory domain compromise, exploiting default Windows configurations that most organizations leave unchanged. Attack Leverages Default Windows IPv6 Behavior The MITM6 + NTLM Relay attack exploits Windows systems’ automatic DHCPv6 requests, even in networks that…
-
New Campaign Uses Active Directory Federation Services to Steal M365 Credentials
Tags: attack, authentication, credentials, cyber, exploit, infrastructure, malware, microsoft, phishing, serviceResearchers at Push Security have discovered a new phishing campaign that targets Microsoft 365 (M365) systems and uses Active Directory Federation Services (ADFS) to enable credential theft. This attack vector exploits Microsoft’s authentication redirect mechanisms, effectively turning a legitimate service into a conduit for phishing operations. Sophisticated Phishing Infrastructure The campaign begins with malvertising lures…
-
Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025
As security professionals, it’s easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren’t from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security’s Blue Report 2025 shows that organizations continue to struggle with…
-
Enterprise passwords becoming even easier to steal and abuse
Tags: access, attack, authentication, breach, ceo, ciso, compliance, control, credentials, cyber, cybersecurity, data, detection, encryption, exploit, extortion, group, identity, leak, mfa, monitoring, passkey, password, phishing, ransomware, risk, strategy, threat, tool, zero-trustGrowing threat from stolen credentials: Attackers actively target user credentials because they offer the most direct route or foothold into a targeted organization’s network. Once inside, attackers can move laterally across systems, searching for other user accounts to compromise, or they attempt to escalate their privileges and gain administrative control.This hunt for credentials extends beyond…
-
DOM-Based Extension Clickjacking Exposes Millions of Password Manager Users to Credential Theft
A newly discovered technique, dubbed DOM-based extension clickjacking, has raised serious concerns about the security of browser-based password managers. Despite their role in protecting sensitive information, such as login credentials, credit card data, and TOTP codes (Time-based One-Time Passwords), this attack demonstrates how a single deceptive click can result in total data compromise. First seen…
-
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions.The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth, First seen on thehackernews.com Jump…
-
Major password managers can leak logins in clickjacking attacks
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/
-
AI Website Builder Lovable Abused for Phishing and Malware Scams
Scammers have been spotted abusing AI site builder Lovable to mimic trusted brands, steal credentials, drain crypto wallets,… First seen on hackread.com Jump to article: hackread.com/ai-website-builder-lovable-phishing-malware-scams/
-
New Salty 2FA PhaaS Platform Targets Microsoft 365 Users to Steal Login Credentials
The majority of events globally are caused by phishing, which continues to be the most common vector for cyberattacks in the constantly changing world of cyber threats. The proliferation of affordable Phishing-as-a-Service (PhaaS) platforms such as Tycoon2FA, EvilProxy, and Sneaky2FA has exacerbated this issue, enabling even novice attackers to deploy sophisticated campaigns. These services are…
-
ISACA launches AI security management certification
ISACA accredited security professionals can now pursue a new AI security management credential First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366629614/ISACA-launches-AI-security-management-certification
-
Mobile Phishers Target Brokerage Customers in ‘Ramp and Dump’ Cashout Scheme
Cybercriminal groups specializing in advanced mobile phishing kits have evolved their operations beyond stealing payment card data for mobile wallet enrollment, now pivoting to exploit brokerage accounts in sophisticated ‘ramp and dump’ schemes. This shift, as detailed in recent research by security experts, leverages compromised user credentials to manipulate foreign stock prices, circumventing traditional security…
-
Singapore issues critical alert on Dire Wolf ransomware targeting global tech and manufacturing firms
Tags: attack, authentication, backup, business, compliance, control, credentials, cyber, data, defense, email, endpoint, extortion, insurance, intelligence, leak, malicious, mfa, msp, network, phishing, ransom, ransomware, resilience, risk, supply-chain, threat, updateRipple effects on global enterprises: The global business fallout of Dire Wolf ransomware attacks is significant and poses a multi-layered, high-impact threat to global enterprises.”Its attacks directly disrupt operations and supply chains, particularly in manufacturing and tech, leading to production delays, revenue loss, and downstream customer impact,” said Manish Rawat, analyst at TechInsights. “Financial impact…
-
Microsoft Defender AI Can Detect Plaintext Credentials in Active Directory
Tags: ai, attack, credentials, cyber, cybersecurity, data-breach, intelligence, microsoft, vulnerabilityMicrosoft has unveiled a new AI-powered security capability that addresses one of cybersecurity’s most persistent vulnerabilities: plaintext credentials stored in Active Directory systems. The enhanced Microsoft Defender feature uses sophisticated artificial intelligence to detect exposed credentials with unprecedented precision, helping organizations eliminate a critical attack vector that has plagued enterprise environments. Widespread Credential Exposure Problem…
-
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed >>Solana-Scan>cryptohan
-
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed >>Solana-Scan>cryptohan
-
Hackers Exploit Cisco Secure Links to Evade Scanners and Bypass Filters
Tags: attack, cisco, credentials, cyber, cybercrime, detection, email, exploit, hacker, infrastructure, network, phishingCybercriminals have discovered a sophisticated new attack vector that weaponizes Cisco’s security infrastructure against users, according to recent research from Raven AI. The company’s context-aware detection systems uncovered a credential phishing campaign that exploits Cisco Safe Links to evade traditional email security scanners and bypass network filters, highlighting a dangerous trend of attackers turning trusted…
-
Threat Actors Exploit Telegram as the Communication Channel to Exfiltrate Stolen Data
tLab Technologies, a Kazakhstan-based company that specializes in advanced threat prevention, discovered one of the first known phishing attempts in the region that targeted public sector clients in a recent cybersecurity incident. The attack leveraged a professionally crafted fake login page to harvest user credentials, employing Telegram’s Bot API as a covert exfiltration channel. This…
-
New Ghost-Tapping Attacks Target Apple Pay and Google Pay Users’ Linked Cards
Chinese-speaking cybercriminals are using ghost-tapping techniques to take advantage of Near Field Communication (NFC) relay tactics in a sophisticated evolution of payment card fraud. They are mainly targeting mobile payment services such as Apple Pay and Google Pay. This attack vector involves relaying stolen payment card credentials from compromised devices to mules’ burner phones, enabling…
-
25% of security leaders replaced after ransomware attack
Tags: attack, breach, business, ceo, ciso, corporate, credentials, email, exploit, malicious, phishing, ransomware, risk, sophos, vulnerabilityA question of authority Dickson also argues that CISO authority should come into play. If decisions are made at the line-of-business (LOB) level, and potentially againstthe CISO’s advice, does it make corporate sense to blame the CISO?Some “presume that a ransomware attack is the fault of the CISO,” he says. “The CISO is a leader,…
-
Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials
A seller named Chucky_BF is offering 15.8M PayPal logins with emails, passwords, and URLs. The data may come… First seen on hackread.com Jump to article: hackread.com/threat-actor-selling-plain-text-paypal-credentials/
-
Police & Government Email Access for Sale on Dark Web
Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentially, a higher success rate than ever. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/government-email-sale-dark-web