Tag: password
-
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linux-kernel-ptrace-flaw-ssh-keys/
-
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours. First seen on hackread.com Jump to article: hackread.com/verizon-dbir-ai-hackers-exploit-vulnerabilities-breaches/
-
Passwörter auf Github geleakt: Peinliche Datenpanne bei US-Cyberbehörde Cisa
Forscher haben in einem öffentlichen Github-Repo interne Daten der Cisa gefunden. Sie hielten den Fund zunächst für einen Streich, doch es war keiner. First seen on golem.de Jump to article: www.golem.de/news/passwoerter-auf-github-geleakt-peinliche-datenpanne-bei-us-cyberbehoerde-cisa-2605-208857.html
-
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-reaper-shub-malware-mac-users/
-
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-reaper-shub-malware-mac-users/
-
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-self-service-password-reset-abused-in-azure-data-theft-attacks/
-
In stunning display of stupid, secret CISA credentials found in public GitHub repo
SSH keys, plaintext passwords, other sensitive data had been up since November 2025. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/05/in-stunning-display-of-stupid-secret-cisa-credentials-found-in-public-github-repo/
-
US cyber agency CISA exposed reams of passwords and cloud keys to the open web
The federal cybersecurity agency left plaintext passwords in a spreadsheet uploaded to a public GitHub repository, per a report by independent journalist Brian Krebs. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/us-cyber-agency-cisa-exposed-reams-of-passwords-and-cloud-keys-to-the-open-web/
-
6 Milliarden gestohlene Passwörter Warum Unternehmen 2026 noch immer dieselben Fehler machen
Trotz jahrelanger Security-Awareness-Kampagnen, komplexer Passwortregeln und wachsender MFA-Verbreitung bleibt eine der ältesten Schwachstellen der IT erschreckend aktuell: schwache und wiederverwendete Passwörter. Der aktuelle ‘2026 Breached Password Report” von Specops Software analysiert mehr als sechs Milliarden durch Malware gestohlene Zugangsdaten und zeichnet ein alarmierendes Bild moderner Identitätssicherheit. Die zentrale Erkenntnis: Nicht Brute-Force-Angriffe sind heute das […]…
-
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/19/shub-reaper-macos-infostealer-apple-google-microsoft/
-
Microsoft Edge Enhances Security by Preventing Password Loading at Startup
Microsoft is rolling out a key security change in its Edge browser to stop saved passwords from being loaded into memory as soon as the browser starts. The move comes after a security researcher showed that Edge was decrypting and keeping all stored passwords in cleartext in process memory during startup, even when users were…
-
Nach 11 Jahren: Claude knackt Passwort einer Bitcoin-Wallet mit 400.000 Dollar
Tags: passwordFirst seen on t3n.de Jump to article: t3n.de/news/nach-11-jahren-claude-knackt-passwort-einer-bitcoin-wallet-mit-400-000-dollar-1742871/
-
The 6 Best Enterprise Password Managers You’ll Actually Trust in 2026
Tags: passwordSee our top picks for the best enterprise password managers in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/best-password-managers/
-
The 6 Best Enterprise Password Managers You’ll Actually Trust in 2026
Tags: passwordSee our top picks for the best enterprise password managers in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/best-password-managers/
-
New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords
The newly discovered Reaper malware bypasses Apple’s macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor. First seen on hackread.com Jump to article: hackread.com/reaper-malware-fake-microsoft-domain-macos-passwords/
-
The 6 Best Enterprise Password Managers You’ll Actually Trust in 2026
Tags: passwordSee our top picks for the best enterprise password managers in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/best-password-managers/
-
Erstmals seit Jahren: Anzahl der pro Person verwalteten Passwörter sinkt laut NordPass-Studie
Tags: passwordFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/anzahl-person-passwoerter-abnahme-nordpass-studie
-
Expired domain leads to supply chain attack on node-ipc npm package
require(‘node-ipc’). The trojanized versions were designed to remain fully functional to avoid immediate detection, which together with other decisions attackers took, such as data exfiltration via DNS TXT, suggest stealthiness was a top priority.Once executed, the malicious code collects information about the host system, including operating system version, hostname, and environment variables. It then starts…
-
Microsoft backpedals: Edge to stop loading passwords into memory
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was “by design.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-edge-to-stop-loading-cleartext-passwords-in-memory-on-startup/
-
EU’s Cyber Resiliency Act will put IT leaders to the test
Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerabilityProduct safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
-
EU’s Cyber Resiliency Act will put IT leaders to the test
Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerabilityProduct safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
-
Meet Fragnesia, the third Linux kernel vulnerability in a month
Tags: access, control, exploit, framework, least-privilege, linux, mfa, mitigation, monitoring, password, service, switch, update, vulnerabilityCSO. “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by root’, or ‘file is read-only’) to allow manipulation without touching the disk.”Similar to Dirty Frag, Fragnesia (CVE-2026-46300) is a local privilege escalation hole that exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write…
-
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
Tags: ai, api, attack, breach, cloud, credentials, data, data-breach, exploit, github, kubernetes, malicious, malware, network, open-source, password, router, service, software, supply-chain, switch, vulnerabilitypull_request_target. This allows third-party workflows to run automatically, a way of avoiding maintainer approval fatigue, but means that the maintainer’s short-lived OIDC tokens become vulnerable to scraping.Armed with these tokens, the attacker were able to compromise the packages by injecting the malicious Mini Shai-Hulud malware, which propagated to other projects.The purpose is to steal developer…
-
Fake Claude Code Installer Targets Developers With Browser Credential Stealer
Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies. First seen on hackread.com Jump to article: hackread.com/fake-claude-code-installer-devs-browser-credential-stealer/
-
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
Part of a broader AI supply chain targeting: HiddenLayer, in its advisory, said that it identified six additional Hugging Face repositories uploaded under a separate account that used nearly identical loader logic and shared infrastructure with the campaign.The researchers also linked elements of the operation to earlier software supply-chain attacks involving npm typosquatting campaigns and…
-
Why Changing Passwords Doesn’t End an Active Directory Breach
Resetting a password doesn’t always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep attackers authenticated after a reset. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-changing-passwords-doesnt-end-an-active-directory-breach/
-
OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden. The archive contains a 130MB Rust executable padded with fake documentation to evade antivirus file-size scanning limits and many automated sandbox upload thresholds. The PE…
-
Breach Roundup: Microsoft Edge Turns Passwords Into Targets
Tags: attack, breach, data, data-breach, ddos, government, ivanti, microsoft, north-korea, password, scamAlso, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail Sentence. This week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another…
-
World Password Day 2026: Why Strong Passwords Alone Are No Longer Enough
World Password Day 2026 highlights the shift toward passkeys, passwordless authentication, and Zero Trust security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/world-password-day-2026-why-strong-passwords-alone-are-no-longer-enough/