Tag: marketplace
-
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys.”Every plugin poses as an AI coding assistant built on DeepSeek and other large language models, offering chat, commit messages, code review, bug finding, and unit tests,”…
-
Fifteen JetBrains Marketplace Plugins Found Stealing API Keys
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fifteen-jetbrains-marketplace/
-
JetBrains Plugin Security Alert: 70,000+ Installs Linked to AI Key Theft
A coordinated supply chain attack targeting JetBrains IDE users has exposed over 70,000 developers to silent credential theft. The campaign involves at least 15 malicious plugins distributed via the JetBrains Marketplace, masquerading as AI-powered coding assistants built on models such as DeepSeek. While these plugins function as advertised, offering features like code review, chat, and…
-
Malicious JetBrains Marketplace plugins steal AI API keys from developers
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-jetbrains-marketplace-plugins-steal-ai-api-keys-from-developers/
-
Securebasierter Workspace für KMUs
Island und Pax8, der globale KI- und Cloud-Marketplace für kleine und mittlere Unternehmen (KMU), haben <> im Pax8-Marketplace eingeführt. Damit steht Island nun Managed-Service-Provider (MSP) -Partnern und deren KMU-Kunden weltweit zur Verfügung. Die Zusammenarbeit vereint zwei Unternehmen, die Technologie für den Mittelstand vereinfachen wollen. Island für KMU ist eine einheitliche, sichere, browserbasierte Plattform. […] First…
-
Securebasierter Workspace für KMUs
Island und Pax8, der globale KI- und Cloud-Marketplace für kleine und mittlere Unternehmen (KMU), haben <> im Pax8-Marketplace eingeführt. Damit steht Island nun Managed-Service-Provider (MSP) -Partnern und deren KMU-Kunden weltweit zur Verfügung. Die Zusammenarbeit vereint zwei Unternehmen, die Technologie für den Mittelstand vereinfachen wollen. Island für KMU ist eine einheitliche, sichere, browserbasierte Plattform. […] First…
-
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of criminal services. These platforms modeled explicitly on consumer escrow systems such as Alipay’s æ‹…ä¿äº¤æ˜“ (dÄnbÇŽo jiÄoyì) operate as third-party guarantors: the marketplace operator holds buyer funds in escrow, releases them only…
-
Fake document marketplace aiding migrant smuggling dismantled in Spain
Tags: marketplaceFirst seen on scworld.com Jump to article: www.scworld.com/brief/fake-document-marketplace-dismantled-in-spain-aiding-migrant-smuggling
-
Police dismantles fake ID marketplace used by migrant smugglers
French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-dismantles-fake-id-marketplace-used-by-migrant-smugglers/
-
OAuth marketplace apps keep access after publishers vanish
Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/04/oauth-marketplace-apps-audit/
-
GitHub Breach Traced to Malicious ‘Nx Console’ VS Code Extension
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/github-breach-nx-console-vs-code/
-
Most dark web activity revolves around a handful of topics
Dark web activity often becomes visible during marketplace seizures, major data leaks, or sudden spikes in criminal activity. Those events can create an impression of an … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/21/dark-web-activity-research/
-
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free
Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, not because of a law enforcement action or a system compromise, but…
-
Qualys erhält FedRAMP-Zulassung der Stufe ‘High” für <> und bietet nun Schutz von Cloud-Workloads für Behörden
Qualys gibt bekannt, dass seine <>-Lösung die FedRAMP-High-Zulassung erhalten hat, die von der US-Drogenbekämpfungsbehörde (DEA) gefördert wird. Dieser Meilenstein erweitert den FedRAMP-High-Status der Qualys-Government-Platform um die Cloud-Native-Application-Protection-Platform (CNAPP). Qualys-Totalcloud ist nun im FedRAMP-Marketplace gelistet, sodass Bundesbehörden, Lieferanten und stark regulierte Branchen die umfassenden Cloud-Sicherheitsfunktionen nutzen können. Die FedRAMP-High-Zulassung stellt die strengste Compliance-Stufe innerhalb des Federal-Risk…
-
Illicit Enterprise: An Anatomy of the Modern Underground Phishing Marketplace
Intel 471 analysts examined the evolving ecosystem of cybercriminal phishing marketplaces. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/illicit-enterprise-an-anatomy-of-the-modern-underground-phishing-marketplace/
-
Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/stolen-iphone-unlocking-tools-telegram-groups/
-
US charges suspected Dream Market admin arrested in Germany
The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-charges-suspected-dream-market-admin-arrested-in-germany/
-
Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack
Supply chain campaign has now extended to Checkmarx’s Jenkins ecosystem, with attackers pushing a malicious Checkmarx Jenkins AST plugin to the official Jenkins Marketplace as part of the ongoing KICS/Trivy-linked compromise. The rogue release is identified as version 2026.5.09 and includes tampered plugin artifacts, while the last known-good Jenkins AST plugin build remains 2.0.13-829.vc72453fa_1c16, released…
-
Crimenetwork returns after takedown, dismantled again by German authorities
German police shut down a revived Crimenetwork marketplace with 22,000 users and 100+ sellers months after the original takedown. German police dismantled a resurrected version of the German-language cybercrime marketplace Crimenetwork, just months after the original platform was taken down. The second iteration of the site had already attracted more than 22,000 users and over…
-
Police take down relaunched criminal marketplace with 22,000 users, Euro3.6 million in revenue
Tags: marketplaceGerman authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/11/germany-crimenetwork-marketplace-shut-down/
-
Police shut down reboot of Crimenetwork marketplace, arrest admin
Tags: marketplaceGerman authorities have shut down a relaunch version of the criminal marketplace ‘Crimenetwork’ that generated more than 3.6 million euros, and arrested its operator. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-shut-down-reboot-of-crimenetwork-marketplace-arrest-admin/
-
Police Shut Relaunched Crimenetwork Dark Web Marketplace
Spanish police have arrested the suspected administrator of German dark web marketplace Crimenetwork First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/police-shut-crimenetwork-may-2025/
-
US government agency to safety test frontier AI models before release
Executive order ‘taking shape’: Following the announcement from CAISI, a published report on Wednesday indicated that the White House is on the verge of preparing an executive order that would see the creation of a vetting system for all new artificial intelligence models, key among them Anthropic’s Mythos.Bloomberg reported, “the directive is taking shape weeks…
-
US healthcare marketplaces shared citizenship and race data with ad tech giants
Virginia and Washington D.C. paused the data collection and sharing, after Bloomberg’s investigation found their health insurance marketplaces were sharing users’ information with advertisers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/04/us-healthcare-marketplaces-shared-citizenship-and-race-data-with-ad-tech-giants/
-
Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards
A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw. First seen on hackread.com Jump to article: hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/
-
Three Arrested for Hacking Over 610,000 Roblox Accounts
Suspects accused of distributing malware and selling access to stolen Roblox accounts on Russian marketplaces First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/three-arrested-over-roblox-hacking/
-
More fake extensions linked to GlassWorm found in Open VSX code marketplace
Tags: control, marketplace, monitoring, open-source, risk, software, supply-chain, tool, update, vulnerabilityAdvice for developers: Janca said developers who want to reduce their exposure to the GlassWorm campaign should start with the basics: install fewer extensions and treat each one as a dependency with real risk attached. Disable auto-update so you control when updates are applied, and carefully evaluate each one. Use a next-generation SCA tool that covers…
-
500,000 UK volunteers’ medical data listed for sale on Alibaba
Medical data from around 500,000 British volunteers in the health research project, the UK Biobank, was offered for purchase through the Chinese marketplace Alibaba, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/uk-biobank-data-leak-alibaba-marketplace/
-
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of how ransomware has become an organized marketplace, with sellers, buyers, brokers, and recruiters all playing different roles in the…
-
Todyl CEO On ‘Elevating The Capabilities’ Of MSPs With New Assurance Marketplace
Todyl is working with three other cyber firms to enable MSPs to better ‘demonstrate the security programs that they have in place,’ through the newly announced Todyl Assurance Marketplace, CEO John Nellen told CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/todyl-ceo-on-elevating-the-capabilities-of-msps-with-new-assurance-marketplace