Tag: login
-
New Shuyal Stealer Targets 17 Web Browsers for Login Data and Discord Tokens
Researchers warn of Shuyal Stealer, malware that gathers browser logins, system details, and Discord tokens, then erases evidence via Telegram. First seen on hackread.com Jump to article: hackread.com/shuyal-stealer-web-browsers-login-data-discord-tokens/
-
Shuyal Stealer Malware Exploits 19 Browsers to Steal Logins
Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 different browsers, making it far more versatile and dangerous in its data-harvesting capabilities. Beyond the usual theft of browser-stored…
-
Massive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPs
Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase from the approximately 1,300 IPs initially observed on October 3, demonstrating the rapidly evolving nature…
-
Massive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPs
Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase from the approximately 1,300 IPs initially observed on October 3, demonstrating the rapidly evolving nature…
-
Massive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPs
Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase from the approximately 1,300 IPs initially observed on October 3, demonstrating the rapidly evolving nature…
-
Massive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPs
Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase from the approximately 1,300 IPs initially observed on October 3, demonstrating the rapidly evolving nature…
-
Kaseya Buys Inky to Expand Email Threat Detection for MSPs
Email Security Acquisition Aims to Bring Cross-Platform Data to Phishing Defense. Kaseya’s acquisition of Inky reflects the need for broader platform integration in email security. With phishing attacks becoming more subtle, founder and CEO Dave Baggett says access to login data and other platform signals is critical for threat detection. First seen on govinfosecurity.com Jump…
-
Phishers turn 1Password’s Watchtower into a blind spot
Vault keys at stake: Those who clicked on the phishing link earlier had too much to lose. The cloned landing page reportedly asked users for their 1Password login details, potentially giving attackers access to entire password vaults. With that single breach, everything from social accounts to banking credentials could be compromised.Malwarebytes urged users to remain…
-
Phishers turn 1Password’s Watchtower into a blind spot
Vault keys at stake: Those who clicked on the phishing link earlier had too much to lose. The cloned landing page reportedly asked users for their 1Password login details, potentially giving attackers access to entire password vaults. With that single breach, everything from social accounts to banking credentials could be compromised.Malwarebytes urged users to remain…
-
Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login
WatchTowr finds a serious flaw in Dell UnityVSA (CVE-2025-36604) letting attackers run commands without login. Dell issues patch 5.5.1 – update now. First seen on hackread.com Jump to article: hackread.com/dell-unityvsa-flaw-command-execution-without-login/
-
Security-Fall: Massenhaft Login-Daten von Schulministerium NRW im Netz
Tags: loginHeute noch ein Vorfall, der mich bereits vor einigen Tagen beschäftigte. Ein Leser hatte mir berichtet, dass er im Netz massenhaft Zugangsdaten für einen Server des Schulministeriums von Nordrhein-Westfalen gefunden habe. Ich habe die Verantwortlichen kontaktiert glücklicherweise stellte es … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/05/security-fall-massenhaft-login-von-schulministerium-nrw-im-netz/
-
Security-Fall: Massenhaft Login von Schulministerium NRW im Netz
Tags: loginHeute noch ein Vorfall, der mich bereits vor einigen Tagen beschäftigte. Ein Leser hatte mir berichtet, dass er im Netz massenhaft Zugangsdaten für einen Server des Schulministeriums von Nordrhein-Westfalen gefunden habe. Ich habe die Verantwortlichen kontaktiert glücklicherweise stellte es … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/05/security-fall-massenhaft-login-von-schulministerium-nrw-im-netz/
-
GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals
GreyNoise saw a 500% spike in scans on Palo Alto Networks login portals on Oct. 3, 2025, the highest in three months. Cybersecurity firm GreyNoise reported a 500% surge in scans targeting Palo Alto Networks login portals on October 3, 2025, marking the highest activity in three months. On October 3, the researchers observed that…
-
Massive surge in scans targeting Palo Alto Networks login portals
A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses, researchers warn. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/massive-surge-in-scans-targeting-palo-alto-networks-login-portals/
-
Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals.The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the…
-
SideWinder Hacker Group Targets Users with Fake Outlook/Zimbra Portals to Steal Login Credentials
Tags: apt, credentials, cyber, defense, government, group, hacker, infrastructure, login, malicious, phishingThe notorious SideWinder APT group has intensified its credential harvesting operations across South Asia, deploying sophisticated phishing campaigns that target government, defense, and critical infrastructure organizations through fake webmail portals. The campaign represents a significant escalation from the group’s August 2024 activities, which initially focused on 14 malicious webpages hosted on Netlify and pages.dev platforms.…
-
Cl0p-linked threat actors target Oracle E-Business Suite in extortion campaign
Execs: Don’t ‘engage rashly’: There are no common vulnerabilities and exposures (CVEs) for this attack; the issue “stems from configuration and default business logic abuse rather than a specific vulnerability,” according to Halcyon.The firm advises organizations to check if EBS portals are publicly accessible (via /OA_HTML/AppsLocalLogin.jsp#) and if so, immediately restrict exposure. It is also…
-
Fake Google Careers Recruiters Target Gmail Users in Phishing Scam
Phishing emails posing as Google recruiters steal Gmail logins, exploiting Salesforce spoofing and Cloudflare to bypass defenses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/google-careers-phishing-scheme/
-
Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details
An emerging phishing campaign is targeting job seekers by masquerading as Google Careers recruiters, delivering seemingly legitimate emails that lead victims to malicious sites designed to harvest Gmail credentials. Security researchers have uncovered a sophisticated multi-stage attack that leverages Salesforce infrastructure, Cloudflare protection and WebSocket command-and-control to manipulate victims into surrendering sensitive information. The phishing…
-
APT35 Hackers Targeting Government and Military to Steal Login Credentials
Tags: credentials, cyber, government, hacker, intelligence, login, malicious, military, phishing, threatStormshield CTI researchers have identified two active phishing servers linked to APT35, revealing ongoing credential-stealing operations targeting government and military entities. In an active threat-hunting operation, Stormshield’s Cyber Threat Intelligence (CTI) team discovered two malicious servers exhibiting hallmark characteristics of APT35 infrastructure. These servers, mirroring footprints documented by Check Point, are hosting phishing pages designed…
-
Lunar Spider Infected Windows Machine in Single Click and Harvested Login Credentials
A sophisticated cybercriminal group known as Lunar Spider successfully compromised a Windows machine through a single malicious click, establishing a foothold that allowed them to harvest credentials and maintain persistent access for nearly two months. The intrusion, which began in May 2024, demonstrates the evolving threat landscape where initial access can rapidly escalate to full…
-
Akira ransomware: From SonicWall VPN login to encryption in under four hours
Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/akira-ransomware-sonicwall-vpn/
-
How to Use a Password Manager to Share Your Logins After You Die (2025)
Your logins will live on after you pass on. Make sure they end up in the right hands. First seen on wired.com Jump to article: www.wired.com/story/how-to-use-a-password-manager-to-share-your-logins-after-you-die/
-
Cybercriminals Target SonicWall Firewalls to Deploy Akira Ransomware via Malicious Login Attempts
Security teams face a rapidly evolving campaign that abuses compromised SonicWall SSL VPN credentials to deliver Akira ransomware in under four hours”, dwell times among the shortest ever recorded for this type of threat. Within minutes of successful authentication”, often originating from hosting-related ASNs”, threat actors initiated port scans, leveraged Impacket SMB tools for discovery,…
-
How to Use a Password Manager to Share Your Logins After You Die (2025)
Your logins will live on after you pass on. Make sure they end up in the right hands. First seen on wired.com Jump to article: www.wired.com/story/how-to-use-a-password-manager-to-share-your-logins-after-you-die/
-
Cybercriminals Target SonicWall Firewalls to Deploy Akira Ransomware via Malicious Login Attempts
Security teams face a rapidly evolving campaign that abuses compromised SonicWall SSL VPN credentials to deliver Akira ransomware in under four hours”, dwell times among the shortest ever recorded for this type of threat. Within minutes of successful authentication”, often originating from hosting-related ASNs”, threat actors initiated port scans, leveraged Impacket SMB tools for discovery,…
-
Akira Ransomware bypasses MFA on SonicWall VPNs
Akira ransomware is targeting SonicWall SSL VPNs, bypassing OTP MFA on accounts, likely using stolen OTP seeds. Since July 2025, Akira ransomware has exploited SonicWall SSL VPNs, likely using credentials obtained from the exploitation of the CVE-2024-40766 vulnerability, bypassing OTP MFA. Attacks spread quickly across sectors, with rapid post-login activity and short dwell times, making…
-
Meet LockBit 5.0: Faster ESXi drive encryption, better at evading detection
the Windows binary uses heavy obfuscation and packing: it loads its payload through DLL reflection while implementing anti-analysis techniques like Event Tracing for Windows (ETW) patching and terminating security services;the Linux variant maintains similar functionality with command-line options for targeting specific directories and file types;the ESXi variant specifically targets VMware virtualization environments, and is designed…
-
Phishing Campaign Targets PyPI Maintainers with Fake Login Site
Fake PyPI login site phishing campaign threatens developer credentials and the open-source supply chain. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phishing-campaign-targets-pypi-maintainers-with-fake-login-site/