Tag: credit-card
-
DOM-Based Extension Clickjacking Exposes Millions of Password Manager Users to Credential Theft
A newly discovered technique, dubbed DOM-based extension clickjacking, has raised serious concerns about the security of browser-based password managers. Despite their role in protecting sensitive information, such as login credentials, credit card data, and TOTP codes (Time-based One-Time Passwords), this attack demonstrates how a single deceptive click can result in total data compromise. First seen…
-
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions.The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth, First seen on thehackernews.com Jump…
-
Major password managers can leak logins in clickjacking attacks
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/
-
After researchers unmasked a prolific SMS scammer, a new operation has emerged in its wake
Security researchers are now sounding the alarm on a new SMS text message fraud operation, which is surging in popularity, and its ability to steal people’s credit cards, since the demise of its predecessor. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/10/after-researchers-unmasked-a-prolific-sms-scammer-a-new-operation-has-emerged-in-its-wake/
-
Air France, KLM Alert Authorities of Data Breach
While no sensitive financial data like credit card information was compromised, the threat actors were able to get away with names, email addresses, phone numbers, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/air-france-klm-data-breach
-
PXA Stealer Distributed via Telegram Harvests 200K Passwords and Credit Card Data
SentinelLABS and Beazley Security have uncovered a sophisticated infostealer campaign deploying the Python-based PXA Stealer, which has rapidly evolved since late 2024 to incorporate advanced anti-analysis techniques, decoy content, and hardened command-and-control (C2) infrastructure. This operation, linked to Vietnamese-speaking cybercriminal networks, leverages Telegram’s API for automated data exfiltration and monetization, feeding into underground marketplaces like…
-
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies
PXA Stealer pilfers data from nearly 40 browsers, including Chrome First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/pxa_stealer_4000_victims/
-
Unberechtigte Abbuchungen bei HypoVereinsbank-Kreditkarte: Datenabfluss?
Tags: credit-cardIch stelle mal ein Thema hier im Blog ein, was mir aus zwei Quellen zugegangen ist. Leser haben mir darüber informiert, dass plötzlich Kreditkarten Commerzbank und HypoVereinsbank unberechtigt belastet wurden und vermuten Datenlecks. Meine Vermutung auf Skimming in Online-Shops oder … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/27/unberechtigte-abbuchungen-bei-hypovereinsbank-kreditkarte-datenabfluss/
-
Dark Web Hackers Moonlight as Travel Agents
Hackers are using stolen goods such as credit cards and loyalty points to book travel for sometimes unsuspecting clients, and remote workers, SMBs, travel brands, and others are at risk. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/dark-web-hackers-moonlight-travel-agents
-
Malicious LNK File Posing as Credit Card Security Email Steals User Data
Tags: authentication, credit-card, cyber, data, email, exploit, finance, malicious, powershell, threatThreat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named >>card_detail_20250610.html.lnk,
-
Dark Web Travel Agencies Exploit Cheap Deals to Steal Credit Card Data
Dark web travel agencies have developed into highly skilled organizations operating in the murky corners of cybercrime, using hacked credit card information, compromised loyalty accounts, and faked identities to provide drastically reduced travel services. According to recent analysis by SpiderLabs, these operations exploit popular booking aggregators rather than targeting specific hotel chains or airlines, adapting…
-
How defenders use the dark web
Tags: access, antivirus, attack, breach, corporate, credit-card, crypto, cyber, cybercrime, dark-web, data, data-breach, email, extortion, finance, fraud, government, group, hacker, healthcare, identity, incident, insurance, intelligence, Internet, interpol, law, leak, lockbit, mail, malware, monitoring, network, phishing, ransom, ransomware, service, software, theft, threat, tool, usa, vpnAttributing attacks to threat actors: When organizations suffer from data breaches and cyber incidents, the dark web becomes a crucial tool for defenders, including the impacted businesses, their legal teams, and negotiators.Threat actors such as ransomware groups often attack organizations to encrypt and steal their data so they can extort them for money, in exchange…
-
New Phishing Attack Impersonates DWP to Steal Credit Card Information from Users
A sophisticated phishing campaign targeting UK residents has been active since late May 2025, with a significant surge in activity during the second half of June. This malicious operation impersonates the Department for Work and Pensions (DWP), a key UK government body responsible for welfare and pension services, by sending fraudulent SMS messages to unsuspecting…
-
Cyberattacks are draining millions from the hospitality industry
Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/hospitality-industry-cybersecurity-challenges/
-
Qantas Airlines Breached, Impacting 6M Customers
Tags: credit-cardPassengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/qantas-airlines-breached-6m-customers
-
China-linked hackers spoof big-name brand websites to steal shoppers’ payment info
The campaign uses thousands of phishing websites that mimic the design and product listings of retailers like Apple, Nordstrom and Hermes to trick people into entering their credit card information. First seen on therecord.media Jump to article: therecord.media/china-linked-hackers-website-phishing
-
Cyberangriff auf australische Fluggesellschaft Qantas
Die australische Fluggesellschaft Qantas ist Opfer einer Cyberattacke.Die australische Fluggesellschaft Qantas ist Opfer eines Cyberangriffs geworden. Hacker hätten sich Zugang zu wichtigen Daten von bis zu sechs Millionen Kundinnen und Kunden verschafft, darunter Namen, E-Mail-Adressen, Telefonnummern, Geburtsdaten und Vielfliegernummern, teilte die Airline mit. Betroffen war demnach eine Plattform eines Drittanbieters. Qantas erklärte, dass in dem…
-
Apple ID, credit card details targeted by CapCut phishing
First seen on scworld.com Jump to article: www.scworld.com/brief/apple-id-credit-card-details-targeted-by-capcut-phishing
-
Cybercriminals Exploit CapCut Popularity to Steal Apple ID Credentials and Credit Card Data
Threat actors have capitalized on the immense popularity of CapCut, the leading short-form video editing app, to orchestrate a highly deceptive phishing campaign. According to the Cofense Phishing Defense Center (PDC), attackers are deploying meticulously crafted fake invoices that impersonate CapCut’s branding to lure users into surrendering their Apple ID credentials and credit card information.…
-
New WordPress Malware Hides on Checkout Pages and Imitates Cloudflare
Wordfence exposes a sophisticated WordPress malware campaign using a rogue WordPress Core plugin. Active since 2023, it steals credit cards and credentials with advanced anti-detection. First seen on hackread.com Jump to article: hackread.com/wordpress-malware-checkout-pages-imitates-cloudflare/
-
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards
A long-running malware campaign targeting WordPress via a rogue plugin has been observed skimming data, stealing credentials and user profiling First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rogue-wordpress-plugin-skim-credit/
-
$17 Million Black Market Empire Crushed in Cybercrime Sting
The U.S. government has seized approximately 145 domains associated with the BidenCash marketplace and other criminal marketplaces, effectively dismantling one of the most notorious darknet operations for trafficking stolen credit card data and personal information. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/bidencash-marketplace-domains-seized/
-
BidenCash busted as Feds nuke stolen credit card bazaar
Dark web crime platform raked in $17M+ over three years of operation First seen on theregister.com Jump to article: www.theregister.com/2025/06/05/bidencash_busted/
-
What Links Hospital Outages, Crypto Botnets, and Sneaky Zip Files? A Ransomware Chaos
Listen to this article A massive nonprofit hospital network in Ohio, 14 medical centers strong, brought to its knees by cybercriminals”, likely the gang behind the Interlock ransomware. Elective surgeries were canceled. Outpatient appointments paused. And to make it worse? Scammers posing as hospital staff started calling patients asking for their credit card numbers. “Your…
-
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash.”The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information,” the DoJ…
-
Feds seize 145 domains associated with BidenCash cybercrime platform
The cybercrime marketplace was used by more than 117,000 customers and trafficked more than 15 million credit card numbers since March 2022, the Justice Department said. First seen on cyberscoop.com Jump to article: cyberscoop.com/bidencash-marketplace-domains-seized/
-
BidenCash carding market domains seized in international operation
Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bidencash-carding-market-domains-seized-in-international-operation/
-
New Formjacking Malware Targets E-Commerce Sites to Steal Credit Card Data
A disturbing new formjacking malware has emerged, specifically targeting WooCommerce-based e-commerce sites to steal sensitive credit card information, as recently uncovered by the Wordfence Threat Intelligence team. Unlike conventional card skimmers that overlay fake forms on checkout pages, this malware seamlessly integrates into the legitimate payment workflow of WooCommerce sites, mimicking their design and functionality…
-
FBI, Microsoft, international cops bust Lumma infostealer service
Credit card theft losses in 2023 alone totaled $36.5M First seen on theregister.com Jump to article: www.theregister.com/2025/05/21/lumma_infostealer_service_busted/