Tag: login
-
Phishing Campaign Exploits Ads to Breach Hotel Property Management Systems
A sophisticated malvertising campaign has emerged that specifically targets hoteliers and vacation rental operators by impersonating well-known service providers. Okta Threat Intelligence reports that attackers have used malicious search engine advertisements”, particularly sponsored ads on Google Search”, to lure unsuspecting hospitality professionals to counterfeit login portals. The ultimate goal: harvesting credentials for cloud-based property management…
-
Phishing as a Service 2.0: The Franchise Model of Cybercrime
The Golden Arches of Malice When you think of franchising, you probably picture McDonald’s, Starbucks, or Subway, not cybercriminals. But the uncomfortable truth is that modern cybercrime looks a lot less like “lone hacker in a hoodie” and a lot more like fast food chains. Instead of flipping burgers, they’re flipping login pages. Instead… First…
-
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia.”Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or…
-
New TamperedChef Attack Uses Weaponized PDF Editor to Steal Sensitive Data and Login Credentials
Cybersecurity researchers at Truesec have uncovered a sophisticated malware campaign distributing a weaponized PDF editor under the guise of >>AppSuite PDF Editor.
-
Who are you again? Infosec experiencing ‘Identity crisis’ amid rising login attacks
Vendor insists passkeys are the future, but getting workers on board is proving difficult First seen on theregister.com Jump to article: www.theregister.com/2025/08/27/ciscos_duo_identity_crisis/
-
Attackers steal data from Salesforce instances via compromised AI live chat tool
What Salesloft Drift users should do next: The GTIG report and the Salesloft advisories include indicators of compromise such as IP addresses used by the attackers and User-Agent strings for the tools they used to access the data. Mandiant advises companies to also search logs for any activity from known Tor exit nodes in addition…
-
ScreenConnect admins targeted with spoofed login alerts
ScreenConnect cloud administrators across all region and industries are being targeted with fake email alerts warning about a potentially suspicious login event. The goal of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/screenconnect-admins-targeted-with-spoofed-suspicious-login-alerts/
-
Multiple vtenext Flaws Allow Attackers to Bypass Authentication and Run Remote Code
Security researcher Mattia “0xbro” Brollo disclosed a trio of severe vulnerabilities in vtenext CRM (versions 25.02 and earlier) that enable unauthenticated attackers to completely bypass login controls and execute arbitrary code on affected installations. Although vtenext quietly patched one of these flaws in version 25.02.1, two equally dangerous vectors remain unaddressed”, placing countless small and…
-
Multiple vtenext Flaws Allow Attackers to Bypass Authentication and Run Remote Code
Security researcher Mattia “0xbro” Brollo disclosed a trio of severe vulnerabilities in vtenext CRM (versions 25.02 and earlier) that enable unauthenticated attackers to completely bypass login controls and execute arbitrary code on affected installations. Although vtenext quietly patched one of these flaws in version 25.02.1, two equally dangerous vectors remain unaddressed”, placing countless small and…
-
Hackers Exploit SendGrid to Steal User Login Credentials in Latest Attack
Tags: attack, cloud, communications, credentials, cyber, cybersecurity, defense, email, exploit, hacker, login, phishing, serviceCybersecurity researchers at the Cofense Phishing Defense Center (PDC) have uncovered a fresh surge in credential harvesting attacks that leverage the reputable cloud-based email service SendGrid to distribute phishing emails. Attackers are exploiting SendGrid’s trusted status, commonly used for transactional and marketing communications, to craft messages that evade standard email security gateways. By spoofing sender…
-
Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot
Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator.”On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor,” Socket researcher Kirill…
-
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts
Darktrace observed a coordinated campaign on customer SaaS accounts, all of which involved logins from IP addresses linked to VPS providers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-virtual-servers/
-
Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks
Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances.The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows -CVE-2025-57788 (CVSS score: 6.9) – A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user…
-
Keeper Security Launches Biometric Login with Passkeys
Keeper Security has announced the release of biometric login using FIDO2/WebAuthn passkeys on the Chrome/Edge browser extension and Keeper Commander CLI. This update, the first of its kind in the industry, enables users to securely access their Keeper Vault with passkeys protected by biometrics or PINs across multiple platforms, including Windows devices via Windows Hello and…
-
New SHAMOS Malware Targets macOS Through Fake Help Sites to Steal Login Credentials
Tags: credentials, crowdstrike, crypto, cyber, cybercrime, cybersecurity, data, group, login, macOS, malware, serviceCybersecurity researchers at CrowdStrike identified and thwarted a sophisticated malware campaign deploying SHAMOS, an advanced variant of the Atomic macOS Stealer (AMOS) malware, orchestrated by the cybercriminal group COOKIE SPIDER. Operating under a malware-as-a-service model, COOKIE SPIDER rents out this information stealer to affiliates who target victims to harvest sensitive data, including login credentials, cryptocurrency…
-
DOM-Based Extension Clickjacking Exposes Millions of Password Manager Users to Credential Theft
A newly discovered technique, dubbed DOM-based extension clickjacking, has raised serious concerns about the security of browser-based password managers. Despite their role in protecting sensitive information, such as login credentials, credit card data, and TOTP codes (Time-based One-Time Passwords), this attack demonstrates how a single deceptive click can result in total data compromise. First seen…
-
Enterprise SSO for Schools: Simplifying Staff and Student Access
Discover how Enterprise SSO simplifies digital access for students and staff, cuts login frustration, and reduces IT load without compromising security or usability First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/enterprise-sso-for-schools-simplifying-staff-and-student-access/
-
‘Limited’ data leak at Aussie telco turns out to be 280K customer details
iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed First seen on theregister.com Jump to article: www.theregister.com/2025/08/20/tpg_telecom_iinet_breach/
-
Hackers steal Microsoft logins using legitimate ADFS redirects
Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-steal-microsoft-logins-using-legitimate-adfs-redirects/
-
Major password managers can leak logins in clickjacking attacks
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/
-
Forscher entdeckt offenen Zugang zu Intel-Mitarbeiterdaten
Einem Sicherheitsforscher ist es gelungen, auf sensible Daten von Intel zu zugreifen.Der Sicherheitsforscher Eaton Zveare meldete kürzlich, dass mindestens vier interne Websysteme des Chip-Herstellers Intel nicht ausreichend abgesichert waren. Dem Experten zufolge ermöglichten mehrere Schwachstellen, das weltweite Mitarbeiterverzeichnis zu kopieren. In manchen Fällen konnten sogar Zugriffe über Admin-Rechte erlangt werden.Das erste von Zveare entdeckte Sicherheitsproblem…
-
New Salty 2FA PhaaS Platform Targets Microsoft 365 Users to Steal Login Credentials
The majority of events globally are caused by phishing, which continues to be the most common vector for cyberattacks in the constantly changing world of cyber threats. The proliferation of affordable Phishing-as-a-Service (PhaaS) platforms such as Tycoon2FA, EvilProxy, and Sneaky2FA has exacerbated this issue, enabling even novice attackers to deploy sophisticated campaigns. These services are…
-
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed >>Solana-Scan>cryptohan
-
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed >>Solana-Scan>cryptohan
-
Threat Actors Exploit Telegram as the Communication Channel to Exfiltrate Stolen Data
tLab Technologies, a Kazakhstan-based company that specializes in advanced threat prevention, discovered one of the first known phishing attempts in the region that targeted public sector clients in a recent cybersecurity incident. The attack leveraged a professionally crafted fake login page to harvest user credentials, employing Telegram’s Bot API as a covert exfiltration channel. This…
-
Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials
A seller named Chucky_BF is offering 15.8M PayPal logins with emails, passwords, and URLs. The data may come… First seen on hackread.com Jump to article: hackread.com/threat-actor-selling-plain-text-paypal-credentials/