Tag: login
-
New Python-Based Discord RAT Targets Users to Steal Login Credentials
A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community due to its innovative use of Discord’s API as a Command and Control (C2) server. This Python-based malware exploits Discord’s extensive user base to execute commands, steal sensitive information, and manipulate both local machines and Discord servers. Bot Initialization and Functionality…
-
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands.DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat.”The threat…
-
Signal-Gate-Skandal: Daten von US-Ministern online zugänglich
Tags: loginSignal-Gate-Skandal: Journalisten finden Login- und weitere persönliche Daten von Gabbard, Hegseth & Waltz im Netz. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/signal-gate-skandal-daten-von-us-ministern-online-zugaenglich-312457.html
-
Oracle customers confirm data stolen in alleged cloud breach is valid
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/
-
6 Best Password Managers (2025), Tested and Reviewed
Keep your logins locked down with our favorite password management apps for PC, Mac, Android, iPhone, and web browsers. First seen on wired.com Jump to article: www.wired.com/story/best-password-managers/
-
New Phishing Campaign Targets Mac Users to Steal Login Credentials
A sophisticated phishing campaign, recently identified by LayerX Labs, has shifted its focus from Windows users to Mac users in response to enhanced security measures implemented by major browsers. Initially, this campaign targeted Windows users by masquerading as Microsoft security alerts, aiming to steal login credentials by creating the illusion of a compromised computer. The…
-
Multistage Info-Stealer SnakeKeylogger Targets Individuals and Businesses to Steal Login Credentials
SnakeKeylogger, a sophisticated multistage malware, has emerged as a significant threat to both individuals and businesses by targeting sensitive login credentials. This malware campaign is characterized by its stealthy in-memory execution and multi-stage infection chain, making it challenging to detect. The attack begins with a malicious spam email containing a .img file attachment, which, when…
-
Browserthe-Browser attacks target CS2 players’ Steam accounts
A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam’s login page. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/browser-in-the-browser-attacks-target-cs2-players-steam-accounts/
-
New Phishing Attack Uses Browserthe-Browser Technique to Target Gamers
A sophisticated phishing campaign has been uncovered by Silent Push threat analysts, employing the browser-in-the-browser (BitB) technique to target gamers, particularly those playing Counter-Strike 2 on the Steam platform. This campaign involves creating fake but realistic browser pop-up windows that mimic legitimate login pages, aiming to deceive users into divulging their Steam account credentials. The…
-
Rilide Malware Poses as Browser Extension to Steal Login Credentials from Chrome and Edge Users
Rilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log passwords, and collect credentials for cryptocurrency wallets. It often disguises itself as a Google Drive…
-
Pocket Card Users Targeted in Sophisticated Phishing Campaign
A new phishing campaign targeting Japanese Pocket Card users has been uncovered by Symantec. The attackers are employing sophisticated tactics to deceive cardholders into divulging their login credentials, potentially compromising their financial accounts. Japanese Cardholders at Risk of Credential Theft The phishing operation begins with fraudulent emails masquerading as official notifications from Pocket Card’s online…
-
Oracle Cloud says it’s not true someone broke into its login servers and stole data
Despite evidence to the contrary as alleged pilfered info goes on sale First seen on theregister.com Jump to article: www.theregister.com/2025/03/23/oracle_cloud_customers_keys_credentials/
-
New Phishing Scam Uses Fake Instagram Chatbot to Hijack Accounts
New phishing scam targets Instagram business accounts using fake chatbots and support emails, tricking users into handing over login credentials. First seen on hackread.com Jump to article: hackread.com/phishing-scam-fake-instagram-chatbots-hijack-accounts/
-
Oracle denies breach after hacker claims theft of 6 million data records
Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company’s Oracle Cloud federated SSO login servers First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/
-
New Arcane Stealer Spreads via YouTube, Stealing VPN and Browser Login Credentials
A new malware campaign has been uncovered, involving a sophisticated stealer known as Arcane, which is distributed through YouTube videos promoting game cheats. This campaign highlights the evolving tactics of cybercriminals, who continue to exploit popular platforms to spread malware. The Arcane stealer is notable for its extensive data collection capabilities, targeting a wide range…
-
The State of Digital Trust in 2025 Consumers Still Shoulder the Responsibility
Tags: access, ai, authentication, banking, breach, captcha, cloud, compliance, control, cyber, data, deep-fake, encryption, finance, fintech, framework, GDPR, government, healthcare, identity, india, insurance, law, login, malicious, metric, mfa, mitigation, password, privacy, regulation, resilience, risk, service, software, strategy, switch, technology, threat, toolThe State of Digital Trust in 2025 – Consumers Still Shoulder the Responsibility madhav Thu, 03/20/2025 – 04:52 Trust remains the cornerstone of digital interactions, yet its foundations are increasingly fragile in an era of sophisticated cyber threats and evolving consumer expectations. The 2024 Digital Trust Index gave us extremely important insights into the expectations…
-
Cloudflare warnt: Die Hälfte aller Logins erfolgt mit geleakten Passwörtern
Tags: loginLaut Cloudflare meldet sich ein Großteil aller Nutzer mit geleakten Passwörtern bei Webdiensten an. Selbst ohne Bots liegt der Anteil bei 41 Prozent. First seen on golem.de Jump to article: www.golem.de/news/cloudflare-warnt-die-haelfte-aller-logins-erfolgt-mit-geleakten-passwoertern-2503-194409.html
-
GitHub accounts targeted with fake security alerts
Possible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
Attackers attempted hijacking 12,000 GitHub accounts with click-fix alerts
Possible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
Android Malware Disguised as DeepSeek Steals Users’ Login Credentials
A recent cybersecurity threat has emerged in the form of Android malware masquerading as the DeepSeek AI application. This malicious software is designed to deceive users into downloading a fake version of the DeepSeek app, which then compromises their device’s security by stealing sensitive information such as login credentials. Malware Propagation and Installation The malware…
-
Remote Access Infra Remains Riskiest Corp. Attack Surface
Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface
-
GitLab Identifies Security Vulnerabilities Enabling Attacker Logins as Valid Users
GitLab announced the release of versions 17.9.2, 17.8.5, and 17.7.7 for both its Community Edition (CE) and Enterprise Edition (EE). These updates include crucial bug and security fixes, urging all self-managed installations to upgrade promptly to protect against several critical vulnerabilities. Impact of the Vulnerabilities Two significant security issues identified in third-party gems used by…
-
DCRat Malware Spreading via YouTube to Steal Login Credentials
Cybersecurity researchers have identified a renewed wave of attacks involving the Dark Crystal RAT (DCRat), a dangerous remote access Trojan that has resurfaced through a Malware-as-a-Service (MaaS) model. Attackers are actively targeting gamers by distributing malicious software disguised as gaming cheats and cracks, primarily through YouTube. Malware Distribution Exploits YouTube Platform The attackers behind DCRat…
-
AI-Generated Fake GitHub Repositories Steal Login Credentials
Tags: ai, credentials, cyber, cybercrime, cybersecurity, exploit, github, login, malicious, malware, tactics, threatA concerning cybersecurity threat has emerged with the discovery of AI-generated fake GitHub repositories designed to distribute malware, including the notorious SmartLoader and Lumma Stealer. These malicious repositories, crafted to appear legitimate, exploit GitHub’s trusted reputation to deceive users into downloading ZIP files containing malicious code. The campaign highlights the evolving tactics cybercriminals employ to…
-
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials
North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded over 330 times. These packages mimic the names of widely trusted libraries, employing a typosquatting…
-
Texas Developer Convicted After Kill Switch Sabotage Plot
Software developer Davis Lu cost his employer hundreds of thousands after deploying malware that caused crashes and failed logins First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/texas-dev-convicted-kill-switch/
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
Malware stole login credentials, cryptocurrency, and more from infected machines. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/03/nearly-1-million-windows-devices-targeted-in-advanced-malvertising-spree/