Collecting Cyber-News from over 60 sources

Tag: password

Experts Warn: Passwords Still Winning Despite Passwordless Push

Jun 24, 2026 6:34 PM

Tags: awareness, computing, international, password

Today marks International Passwordless Day, an annual observance held on 23 June, the birthday of mathematician Alan Turing, whose foundational work in computing underpins the cryptographic principles that enable modern passwordless authentication. Created to raise awareness and accelerate the shift away from traditional passwords, the day arrives at a moment of genuine but uneven progress.…
New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector

Jun 24, 2026 5:35 PM

Tags: cyber, data, defense, group, hacking, password, ukraine

Researchers warn GhostShell is using fake drone documents to target Ukrainian defence teams, stealing passwords and sensitive data in a new cyber campaign. First seen on hackread.com Jump to article: hackread.com/ghostshell-hacking-group-ukraine-drone-defense-sector/
Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords

Jun 24, 2026 4:34 PM

Tags: browser, chrome, infection, malicious, password, rat, tool, windows

JFrog warns of malicious npm packages that mimic PostCSS tooling, drop a Windows RAT, and target Chrome-stored passwords through a staged infection setup route. First seen on hackread.com Jump to article: hackread.com/fake-npm-packages-postcss-tool-steal-chrome-password/
Securing the service desk: Why social engineering attacks keep succeeding

Jun 24, 2026 4:34 PM

Tags: access, attack, corporate, mfa, password, service, social-engineering, software

Service desks have become a favored target for attackers seeking password resets, MFA changes, and access to corporate accounts. Specops Software breaks down how service desk social engineering attacks work and how organizations can defend against them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/securing-the-service-desk-why-social-engineering-attacks-keep-succeeding/
He Thought He Was Secure; His Phone Number Was Stolen Anyway

Jun 24, 2026 4:34 PM

Tags: breach, password, phone, threat

Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-a-sim-swap-attack-led-to-a-near-account-takeover
KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials

Jun 24, 2026 3:34 PM

Tags: breach, credentials, email, password, service

Customers of the affected Japanese email services are “strongly advised” to change their email passwords First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/kddi-breach-japanese-telcos/
Google Workspace expands password reset alerts to all admins

Jun 24, 2026 11:34 AM

Tags: google, password

Google’s Alert Center, a dashboard in the Google Admin console that displays security and administrative alerts and helps administrators identify, investigate, and respond to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/24/google-workspace-admin-password-reset-alerts/
KDDI Data Breach May Have Exposed Up to 14.22 Million Email Accounts

Jun 24, 2026 10:35 AM

Tags: breach, cybersecurity, data, data-breach, email, infrastructure, Internet, password, service

Japanese telecommunications company KDDI has disclosed a major cybersecurity incident in which up to 14.22 million email addresses and passwords may have been exposed through systems used by multiple internet service providers. The KDDI data breach has now become one of the most recent security events involving shared ISP infrastructure in Japan. First seen on…
Neuer Schadsoftware-Loader OXLOADER nutzt Google-Anzeigen

Jun 24, 2026 9:34 AM

Tags: google, malware, password

Ein neuer Malware-Loader namens OXLOADER verbreitet den Passwort-Dieb CastleStealer über gefälschte Google Ads. Die Erkennungsrate ist bislang sehr gering. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/google-ads-schadsoftware-loader
Your AI agent can’t be authenticated by a password reset email

Jun 24, 2026 6:34 AM

Tags: ai, email, password

First seen on scworld.com Jump to article: www.scworld.com/perspective/your-ai-agent-cant-be-authenticated-by-a-password-reset-email
Majority of users still store passwords in browsers, survey finds

Jun 24, 2026 6:34 AM

Tags: password

First seen on scworld.com Jump to article: www.scworld.com/brief/majority-of-users-still-store-passwords-in-browsers-survey-finds
Password manager maker LastPass says hackers stole customer support case data during Klue breach

Jun 23, 2026 5:33 PM

Tags: breach, data, data-breach, hacker, password

This is the second data breach to affect LastPass customers in recent years, after one of the password manager’s tech partners was recently breached. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/23/password-manager-maker-lastpass-says-hackers-stole-customer-support-case-data-during-klue-breach/
He Thought He Was Secure; His Phone Number Got Stolen Anyway

Jun 23, 2026 4:33 PM

Tags: breach, password, phone, threat

Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-a-sim-swap-attack-led-to-a-near-account-takeover
No Zero-Day Tied to 80,000 Harvested Fortinet Credentials

Jun 22, 2026 10:34 PM

Tags: credentials, data-breach, exploit, firewall, fortinet, password, vpn, zero-day

Researchers and Vendor Both Cite Previously Leaked Credentials, Brute-Force Attacks. The FortiBleed campaign harvesting and selling working credentials for 80,000 Fortinet firewalls and SSL-VPN gateways doesn’t appear to tie to a zero-day exploit, but rather attackers reusing leaked credentials or brute-forcing systems with weak password hygiene, the vendor and experts said. First seen on govinfosecurity.com…
Gestohlene Admin-Passwörter bedrohen über 21.000 Unternehmen – FortiBleed kompromittiert 75.000 Fortinet-Firewalls weltweit

Jun 22, 2026 7:34 AM

Tags: firewall, fortinet, password

First seen on security-insider.de Jump to article: www.security-insider.de/fortibleed-gestohlene-admin-passwoerter-fortinet-firewalls-a-945c4d02a95c2c7aa8639f34d6757af5/
Android-Trojaner Rokarolla stiehlt Passwörter und Krypto-Guthaben

Jun 20, 2026 9:34 AM

Tags: android, crypto, password

Der neue Android-Trojaner Rokarolla nimmt 217 Finanz-Apps ins Visier. Er stiehlt PINs, SMS-Codes und leitet Krypto-Zahlungen unbemerkt um. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/android-trojaner-rokarolla
24 Billion Stolen Credentials Exposed in Massive Data Leak

Jun 19, 2026 9:34 PM

Tags: breach, credentials, data, data-breach, email, leak, password

24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach collections, risking account takeovers. Cybernews researchers found an exposed Elasticsearch cluster on June 12th containing 24 billion records and more than 8.3 terabytes of data. They triple-checked the numbers.…
24B Records Exposed in Massive Leak of Emails, Passwords, and Login Data

Jun 19, 2026 9:34 PM

Tags: credentials, data, data-breach, email, leak, login, password, risk

Cybernews researchers found an exposed database with 24 billion credential records, raising fresh risks from password reuse and credential stuffing. The post 24B Records Exposed in Massive Leak of Emails, Passwords, and Login Data appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-24-billion-credential-records-exposed-database/
124M Passwords Exposed as Infostealer Malware Hits Millions of Devices

Jun 19, 2026 9:34 PM

Tags: data-breach, email, malware, password

Have I Been Pwned has added 124 million passwords and 56 million email addresses from infostealer logs tied to infected devices. The post 124M Passwords Exposed as Infostealer Malware Hits Millions of Devices appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-have-i-been-pwned-infostealer-passwords-124m/
Crime Gang Sells Access to 74,000 Fortinet Firewall Devices

Jun 18, 2026 9:34 PM

Tags: access, credentials, crime, cybercrime, firewall, fortinet, password, vpn

Ongoing Campaign May Be Grabbing Legacy Passwords From Fortinet FortiGate Devices. Cybercriminals are selling access to 75,000 Fortinet FortiGate devices with VPN and web management interfaces, and the admin credentials appear to be legitimate and recently harvested as part of a still-live campaign, security experts warned. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/crime-gang-sells-access-to-74000-fortinet-firewall-devices-a-32015
Malware erbeutet 124 Millionen Passwörter was du jetzt tun solltest

Jun 18, 2026 6:34 PM

Tags: malware, password

First seen on t3n.de Jump to article: t3n.de/news/haveibeenpwned-malware-erbeutet-124-millionen-nutzerdaten-was-du-jetzt-tun-solltest-1747930/
Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Jun 18, 2026 2:34 PM

Tags: ai, password, phishing

What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-472/
FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls

Jun 18, 2026 2:34 PM

Tags: credentials, email, firewall, fortinet, Internet, password, vpn

FortiBleed: Admin Passwords for 75,000 Fortinet Firewalls Are Out in the Wild. Half the Internet-Facing Fortinets on the Planet. Security researcher Bob Diachenko found a server sitting open on the internet containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for tens of thousands of organizations. He posted…
Google Adds New Android Controls for WhatsApp Backups, Password Transfers

Jun 18, 2026 2:34 PM

Tags: ai, android, backup, control, google, passkey, password, update

Google’s June 2026 Android system updates add WhatsApp backup controls, Play Protect checks, passkey portability, and Play Store AI search. The post Google Adds New Android Controls for WhatsApp Backups, Password Transfers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-june-2026-system-updates/
Modified OpenSSH Binaries Let Velvet Ant Steal Passwords, Log Commands, and Hide Activity

Jun 18, 2026 2:34 PM

Tags: authentication, backdoor, china, credentials, cyber, password

A long-running, stealthy campaign attributed to the China-nexus actor tracked as Velvet Ant has been found to include deeply engineered backdoors in the authentication stack: modified OpenSSH binaries and tampered PAM modules that exfiltrate credentials, record every executed command, and conceal attacker activity. The discovery, part of Sygnia’s Operation Highland investigation, reveals nearly a decade…
Riesige Angriffswelle: Hacker knacken Admin-Passwörter von 74.000 Firewalls

Jun 18, 2026 2:34 PM

Tags: firewall, hacker, password

Angreifer attackieren massenhaft Firewalls des Herstellers Fortinet. Sie sollen bereits Admin-Zugangsdaten für 74.000 Geräte erbeutet haben. First seen on golem.de Jump to article: www.golem.de/news/riesige-angriffswelle-hacker-knacken-admin-passwoerter-von-74-000-firewalls-2606-209916.html
Über 400 ArchPakete im AUR manipuliert

Jun 17, 2026 9:02 PM

Tags: hacker, linux, password

Hacker haben über 400 Community-Pakete im Arch User Repository manipuliert, um Passwörter zu stehlen und ein eBPF-Rootkit zu installieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-pakete-manipuliert
Über 400 ArchPakete im AUR manipuliert

Jun 17, 2026 9:02 PM

Tags: hacker, linux, password

Hacker haben über 400 Community-Pakete im Arch User Repository manipuliert, um Passwörter zu stehlen und ein eBPF-Rootkit zu installieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-pakete-manipuliert
Modular Phishing Kit Uses GitHub Pages to Steal Payment Card Details and Passwords

Jun 17, 2026 4:02 PM

Tags: banking, credentials, cyber, data, github, password, phishing

A sophisticated, long-running phishing operation has evolved into a serverless, modular campaign that weaponizes GitHub Pages to harvest payment card data, credentials, and customer identifiers from banking customers in Mexico. The campaign’s architecture centers on a phishing kit containing a selector panel that operators use to generate institution-specific landing pages. Those landing pages impersonate at…
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass

Jun 17, 2026 11:02 AM

Tags: authentication, cyber, flaw, network, password, unauthorized, vulnerability

A significant authentication flaw has been discovered in the PPP stack of OpenBSD, allowing attackers to bypass the Password Authentication Protocol (PAP) validation and gain unauthorized network access. Although this vulnerability was patched in June 2026, it originated from legacy code dating back to 1999, making it one of the longest-standing authentication bypass issues in…