Tag: password

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

Feb 12, 2026 8:58 PM

Tags: banking, breach, browser, chrome, control, credentials, credit-card, data, finance, google, infrastructure, malicious, marketplace, microsoft, office, password, phishing

outlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By…
Dutch police arrest 21-year-old for alleged involvement in JokerOTP password stealer

Feb 12, 2026 3:58 PM

Tags: authentication, cybercrime, mfa, password

The Dordrecht native was detained on Tuesday by police in East Brabant on accusations he distributed a bot called JokerOTP, which is used widely by cybercriminals to intercept the codes delivered by many platforms as part of multi-factor authentication sign-ins. First seen on therecord.media Jump to article: therecord.media/dutch-police-arrest-man-over-jokerotp-password-stealer
SSH Worm Exploit Detected by DShield Sensor Using Credential Stuffing and Multi-Stage Malware

Feb 12, 2026 2:58 PM

Tags: credentials, cyber, exploit, Internet, linux, malware, password, threat, worm

A DShield honeypot sensor recently recorded a complete compromise sequence involving a self-replicating SSH worm that exploits weak passwords to spread across Linux systems. The incident highlights how poor SSH hygiene and the use of default credentials remain among the most persistent threats to Internet-connected devices. Even in 2026, attackers continue leveraging automated credential stuffing…
Lehren aus dem Substack-Hack

Feb 12, 2026 1:58 PM

Tags: cyberattack, login, mail, password, phishing, smishing, social-engineering, spam

Anfang Februar machte die Meldung die Runde, dass die Newsletter-Plattform Substack einen Datenverlust vermelden musste. Zwar sind wohl keine Finanzdaten oder Login-Passwörter kompromittiert worden, dennoch sollte das Durchsickern von E-Mail-Adressen und Telefonnummern nicht unterschätzt werden. Diese Daten könnten für gezielte Social-Engineering-Angriffe, Spam-Kampagnen, Phishing-E-Mails und zunehmend auch für Smishing-Angriffe per SMS missbraucht werden. Social-Engineering-Taktiken haben sich…
SMS and OTP Bombing Campaigns Found Abusing API, SSL and Cross-Platform Automation

Feb 12, 2026 10:58 AM

Tags: api, authentication, automation, password, phone, tool

The modern authentication ecosystem runs on a fragile assumption: that requests for one-time passwords are genuine. That assumption is now under sustained pressure. What began in the early 2020s as loosely shared scripts for irritating phone numbers has evolved into a coordinated ecosystem of SMS and OTP bombing tools engineered for scale, speed, and persistence.…
SSHStalker botnet brute-forces its way onto 7,000 Linux machines

Feb 12, 2026 5:58 AM

Tags: attack, authentication, backdoor, botnet, business, control, credentials, cve, exploit, infosec, Internet, linux, login, malware, monitoring, network, password, threat, unauthorized, virus, vulnerability

cron/systemd integrity monitoring, especially for ‘runs every minute’ patterns.Finally, because SSHStalker looks for older Linux machines, admins should have a legacy Linux eradication plan prioritizing the unhooking of machines with any version of Linux kernel 2.6, because these servers are being targeted. How it was discovered: Discovery of SSHStalker came after Flare created an SSH…
Police arrest seller of JokerOTP MFA passcode capturing tool

Feb 11, 2026 8:58 PM

Tags: access, automation, mfa, password, tool

The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/
Police arrest seller of JokerOTP MFA passcode capturing tool

Feb 11, 2026 8:58 PM

Tags: access, automation, mfa, password, tool

The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/
Password guessing without AI: How attackers build targeted wordlists

Feb 9, 2026 5:14 PM

Tags: ai, password, tool

Attackers don’t need AI to crack passwords, they build targeted wordlists from an organization’s own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/password-guessing-without-ai-how-attackers-build-targeted-wordlists/
GoBruteforcer – Botnetz nutzt schwache Passwörter für Angriffe auf Webserver

Feb 9, 2026 5:14 PM

Tags: botnet, cyberattack, password

First seen on security-insider.de Jump to article: www.security-insider.de/gobruteforcer-botnetz-angriffe-linux-webserver-a-20f0c9bfd20c7b62612537e2a98d9199/
Passwortsicherheit – ‘Ihr Passwort bitte?” ‘kaffeetasse”

Feb 9, 2026 1:13 PM

Tags: password

First seen on security-insider.de Jump to article: www.security-insider.de/ihr-passwort-bitte-kaffeetasse-a-858a6a6b41392cc23a2a117abfcbb73c/
UAE Cyber Security Council Warns Stolen Logins Fuel Majority of Financial Cyberattacks

Feb 9, 2026 10:14 AM

Tags: access, attack, breach, credentials, cyber, cyberattack, cybercrime, finance, fraud, identity, login, password, theft, threat, unauthorized

The UAE Cyber Security Council has issued a renewed warning about the growing threat of financial cybercrime, cautioning that stolen login credentials remain the most common entry point for attacks targeting individuals, companies, and institutions. According to the council, around 60% of financial cyberattacks begin with the theft of usernames and passwords, making compromised credentials…
New Telegram Phishing Scam Hijacks Login Flow to Steal Fully Authorized User Sessions

Feb 9, 2026 7:13 AM

Tags: api, authentication, credentials, cyber, login, malware, password, phishing, scam

A new and sophisticated Telegram phishing operation is active in the wild, targeting users globally by hijacking the platform’s legitimate authentication features. Unlike traditional phishing, which often relies on malware or cloning login pages to steal passwords, this campaign integrates directly with Telegram’s official infrastructure. The attackers register their own Telegram API credentials (api_id and api_hash) and…
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server

Feb 8, 2026 6:14 PM

Tags: attack, botnet, cybersecurity, password, russia, theft, windows

Cybersecurity firm eSentire’s TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics. First seen on hackread.com Jump to article: hackread.com/uk-construction-firm-prometei-botnet-windows-server/
Ten career-ending mistakes CISOs make and how to avoid them

Feb 6, 2026 2:14 PM

Tags: access, ai, attack, awareness, best-practice, breach, business, ciso, cloud, compliance, computing, conference, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, framework, GDPR, governance, guide, HIPAA, least-privilege, malicious, metric, monitoring, network, password, resilience, risk, social-engineering, strategy, technology, threat, tool, training, vulnerability, zero-trust

2. Poor communication with the board and C-suite: Technical expertise alone no longer suffices in the modern CISO role. Security leaders who fail to translate cyber risks into business impact quickly lose credibility with decision-makers who control budgets and strategic direction.When security leaders present endless technical details without connecting them to revenue loss, regulatory fines,…
macOS Users Hit by Python Infostealers Posing as AI Installers

Feb 5, 2026 4:14 PM

Tags: ai, crypto, google, macOS, microsoft, password, tool

Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces. First seen on hackread.com Jump to article: hackread.com/macos-users-python-infostealers-posing-ai-installers/
macOS Users Hit by Python Infostealers Posing as AI Installers

Feb 5, 2026 4:14 PM

Tags: ai, crypto, google, macOS, microsoft, password, tool

Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces. First seen on hackread.com Jump to article: hackread.com/macos-users-python-infostealers-posing-ai-installers/
Software supply chain risks join the OWASP top 10 list, access control still on top

Feb 5, 2026 9:13 AM

Tags: access, ai, attack, authentication, backdoor, backup, breach, cloud, computer, control, credentials, cybersecurity, data, data-breach, defense, encryption, flaw, governance, identity, injection, LLM, login, malicious, mfa, open-source, password, risk, software, sql, supply-chain, threat, unauthorized, update, vulnerability

1 Broken access control When applications fail to properly enforce restrictions on what authenticated users are allowed to do, allowing attackers to access unauthorized functionality or data. For example, an attacker might manipulate an URL parameter to access another user’s account information or escalate their privileges from a regular user to an administrator. This item…
Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments

Feb 4, 2026 12:14 PM

Tags: access, attack, authentication, backup, breach, business, cloud, compliance, credentials, cybersecurity, data, endpoint, group, Hardware, identity, infrastructure, lessons-learned, network, password, phishing, phone, risk, service, technology, update, windows, zero-trust

Architecture decisions: Hybrid authentication flows and Windows Hello for Business: Once your prerequisites are in place, you face critical architectural decisions that will shape your deployment for years to come. The primary decision point is whether to use Windows Hello for Business, FIDO2 security keys or phone sign-in as your primary authentication mechanism.In my experience,…
Hackers Exfiltrate NTDS.dit File, Gain Full Control of Active Directory Environments

Feb 4, 2026 11:13 AM

Tags: authentication, control, cyber, data, hacker, infrastructure, password, threat

Active Directory serves as the central repository for an organization’s authentication infrastructure, making it a prime target for sophisticated threat actors. The NTDS.dit database, which stores encrypted password hashes and critical domain configuration data, is the crown jewel of enterprise security. Successful acquisition of this file can lead to complete organizational compromise, enabling attackers to…
From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent

Feb 4, 2026 6:13 AM

Tags: access, ai, api, attack, authentication, computer, container, control, crypto, cve, data, data-breach, detection, docker, email, flaw, github, group, Hardware, injection, Internet, leak, login, malicious, malware, open-source, password, privacy, remote-code-execution, risk, scam, skills, software, threat, tool, unauthorized, vulnerability

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users must prioritize to mitigate this enormous agentic AI security risk. Key takeaways Moltbot takes an…
How advanced Agentic AI helps you stay ahead in compliance

Feb 4, 2026 1:13 AM

Tags: ai, compliance, cybersecurity, password

Are Organizations Fully Equipped to Manage Their Non-Human Identities (NHIs) Efficiently? Ensuring robust management of Non-Human Identities (NHIs) is a top priority for organizations. NHIs, essentially machine identities, play a critical role in organizational cybersecurity strategies. They consist of two key elements: a “Secret” (an encrypted password, token, or key) and the permissions associated with……
New Microsoft Update Improves Windows Sign-In Experience

Feb 3, 2026 7:13 PM

Tags: microsoft, password, update, windows

Windows 11’s optional KB5074105 update fixes the missing password icon bug linked to August 29, 2025’s KB5064081 and delivers 32 improvements. The post New Microsoft Update Improves Windows Sign-In Experience appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-11-stability-patch/
New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials

Feb 3, 2026 1:13 PM

Tags: attack, business, corporate, credentials, detection, password, phishing

Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/password-stealing-phishing-pdf/
McDonald’s warnt: Bigmac ist kein sicheres Passwort

Feb 3, 2026 12:13 PM

Tags: password

McDonald’s hat untersucht, wie häufig der Bigmac und die McNuggets als Passwort herhalten und rät zum Ändere-dein-Passwort-Tag zum Wechsel. First seen on golem.de Jump to article: www.golem.de/news/mcdonald-s-warnt-bigmac-ist-kein-gutes-passwort-2602-204929.html
Nach Monaten gefixt: Verschwundener Passwortin unter Windows 11

Feb 3, 2026 10:13 AM

Tags: microsoft, password, windows

Schon seit August 2025 behindert ein nerviger Bug unter Windows 11 die Anmeldung mit einem Passwort. Einen Fix liefert Microsoft erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/nach-monaten-gefixt-windows-11-und-der-verschwundene-passwort-log-in-2602-204922.html
Was tun, wenn die Erpresser kommen?

Feb 3, 2026 8:13 AM

Tags: access, ai, backup, bsi, cio, cyberattack, cybercrime, data, encryption, hacker, infrastructure, Internet, mail, password, phishing, ransomware, service, supply-chain, update, vulnerability

Ruhe bewahren und keine übereilten Sachen machen, empfiehlt Podcast-Gast Joanna Lang-Recht. intersoft consulting services AGMontagmorgen, 8:00 Uhr. Die Mitarbeitenden können sich nicht einloggen. Die Produktionsbänder stehen still, und auf den Bildschirmen prangen digitale Erpresserschreiben. Der Albtraum eines jeden CIOs ist wahr geworden: Ein Ransomware-Angriff hat den Betrieb lahmgelegt. Jetzt endet der Regelbetrieb, und der Ausnahmezustand…
Product showcase: 2FAS Auth Free, open-source 2FA for iOS

Feb 3, 2026 7:13 AM

Tags: 2fa, authentication, mfa, open-source, password

Online accounts usually rely on a password, but passwords alone can be weak if they’re reused, easily guessed, or stolen. Two-factor authentication (2FA) adds a second layer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/product-showcase-2fas-auth-free-open-source-2fa-ios/
New GlassWorm attack targets macOS via compromised OpenVSX extensions

Feb 3, 2026 12:13 AM

Tags: attack, credentials, crypto, data, macOS, malware, password

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-glassworm-attack-targets-macos-via-compromised-openvsx-extensions/
MoltBot Skills exploited to distribute 400+ malware packages in days

Feb 3, 2026 12:13 AM

Tags: ai, crypto, exploit, github, malicious, malware, password, skills

Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…