Tag: password

You probably can’t trust your password manager if it’s compromised

Feb 16, 2026 5:58 PM

Tags: password

Researchers demo weaknesses affecting some of the most popular options First seen on theregister.com Jump to article: www.theregister.com/2026/02/16/password_managers/
Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era

Feb 16, 2026 4:58 PM

Tags: authentication, control, ISO-27001, passkey, password, risk, risk-assessment

Password-based authentication is increasingly risky as organizations adopt passkeys to strengthen security and meet ISO/IEC 27001 requirements. Passwork explains how to align passwordless adoption with Annex A controls, risk assessments, and secure implementation practices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/passwords-to-passkeys-staying-iso-27001-compliant-in-a-passwordless-era/
10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons

Feb 16, 2026 8:58 AM

Tags: access, ai, application-security, attack, automation, backdoor, banking, ceo, cisco, ciso, compliance, control, credentials, crypto, cyber, cybercrime, cybersecurity, data-breach, defense, detection, endpoint, exploit, finance, fintech, firewall, framework, infrastructure, intelligence, international, malware, monitoring, network, north-korea, oracle, password, risk, service, software, theft, threat, tool, vulnerability

Security shortcomings: Adrian Cheek, senior cybercrime researcher at threat exposure management firm Flare, said the Bangladesh Bank heist was possible because of a number of security shortcomings, including a failure to air gap critical infrastructure.”The Bank of Bangladesh had four servers and the same number of desktops connected to SWIFT,” Cheek says. “This infrastructure, however,…
What future-proof methods do Agentic AIs use in data protection?

Feb 14, 2026 1:58 AM

Tags: ai, cloud, cybersecurity, data, password

How Secure Is Your Organization’s Cloud Environment? How secure is your organization’s cloud environment? With the digital transformation accelerates, gaps in security are becoming increasingly noticeable. Non-Human Identities (NHIs), representing machine identities, are pivotal in these frameworks. In cybersecurity, they are formed by integrating a ‘Secret’”, like an encrypted password or key”, and the permissions…
Odido CRM Data Breach Exposes 6.2M Customer Records

Feb 13, 2026 3:58 PM

Tags: breach, cyberattack, data, data-breach, password

A cyberattack on Odido’s CRM system exposed personal data from 6.2 million customers, though passwords and billing information were not affected. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/odido-crm-data-breach-exposes-6-2m-customer-records/
Top Dutch telco Odido admits 6.2M customers caught in contact system caper

Feb 13, 2026 1:58 PM

Tags: data, finance, password

Names, addresses, bank account numbers accessed but biz insists passwords and call data untouched First seen on theregister.com Jump to article: www.theregister.com/2026/02/13/odido_breach/
Top Dutch telco Odido admits 6.2M customers caught in contact system caper

Feb 13, 2026 1:58 PM

Tags: data, finance, password

Names, addresses, bank account numbers accessed but biz insists passwords and call data untouched First seen on theregister.com Jump to article: www.theregister.com/2026/02/13/odido_breach/
Top Dutch telco Odido admits 6.2M customers caught in contact system caper

Feb 13, 2026 1:58 PM

Tags: data, finance, password

Names, addresses, bank account numbers accessed but biz insists passwords and call data untouched First seen on theregister.com Jump to article: www.theregister.com/2026/02/13/odido_breach/
Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails

Feb 13, 2026 12:59 PM

Tags: ai, browser, chatgpt, chrome, cybersecurity, email, google, malicious, password, spy

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-ai-assistants-google-chrome/
GenAI-Nutzung kann aus ahnungslosen Mitarbeitern Insider-Bedrohungen machen

Feb 13, 2026 12:59 PM

Tags: ai, api, password, risk

Das Risiko steigt weiter, wenn Mitarbeiter unbeabsichtigt sensible Informationen wie API-Schlüssel oder Passwörter in GenAI-Plattformen offenlegen. Werden solche Daten von Angreifern abgefangen, dann können sich diese als vertrauenswürdige Nutzer ausgeben und unbemerkt auf Unternehmenssysteme zugreifen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/genai-nutzung-kann-aus-ahnungslosen-mitarbeitern-insider-bedrohungen-machen/a43686/
Police arrests distributor of JokerOTP password-stealing bot

Feb 13, 2026 11:58 AM

Tags: cybercrime, password

The Dutch National Police arrested a 21-year-old man from Dordrecht as part of a cybercrime investigation by Team Cybercrime Oost-Brabant. The suspect is believed to have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/13/jokerotp-bot-netherlands-cybercrime-arrest/
Bitwarden introduces ‘Cupid Vault’ for secure password sharing

Feb 12, 2026 11:58 PM

Tags: email, password

Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitwarden-introduces-cupid-vault-for-secure-password-sharing/
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

Feb 12, 2026 8:58 PM

Tags: banking, breach, browser, chrome, control, credentials, credit-card, data, finance, google, infrastructure, malicious, marketplace, microsoft, office, password, phishing

outlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By…
Dutch police arrest 21-year-old for alleged involvement in JokerOTP password stealer

Feb 12, 2026 3:58 PM

Tags: authentication, cybercrime, mfa, password

The Dordrecht native was detained on Tuesday by police in East Brabant on accusations he distributed a bot called JokerOTP, which is used widely by cybercriminals to intercept the codes delivered by many platforms as part of multi-factor authentication sign-ins. First seen on therecord.media Jump to article: therecord.media/dutch-police-arrest-man-over-jokerotp-password-stealer
SSH Worm Exploit Detected by DShield Sensor Using Credential Stuffing and Multi-Stage Malware

Feb 12, 2026 2:58 PM

Tags: credentials, cyber, exploit, Internet, linux, malware, password, threat, worm

A DShield honeypot sensor recently recorded a complete compromise sequence involving a self-replicating SSH worm that exploits weak passwords to spread across Linux systems. The incident highlights how poor SSH hygiene and the use of default credentials remain among the most persistent threats to Internet-connected devices. Even in 2026, attackers continue leveraging automated credential stuffing…
Lehren aus dem Substack-Hack

Feb 12, 2026 1:58 PM

Tags: cyberattack, login, mail, password, phishing, smishing, social-engineering, spam

Anfang Februar machte die Meldung die Runde, dass die Newsletter-Plattform Substack einen Datenverlust vermelden musste. Zwar sind wohl keine Finanzdaten oder Login-Passwörter kompromittiert worden, dennoch sollte das Durchsickern von E-Mail-Adressen und Telefonnummern nicht unterschätzt werden. Diese Daten könnten für gezielte Social-Engineering-Angriffe, Spam-Kampagnen, Phishing-E-Mails und zunehmend auch für Smishing-Angriffe per SMS missbraucht werden. Social-Engineering-Taktiken haben sich…
SMS and OTP Bombing Campaigns Found Abusing API, SSL and Cross-Platform Automation

Feb 12, 2026 10:58 AM

Tags: api, authentication, automation, password, phone, tool

The modern authentication ecosystem runs on a fragile assumption: that requests for one-time passwords are genuine. That assumption is now under sustained pressure. What began in the early 2020s as loosely shared scripts for irritating phone numbers has evolved into a coordinated ecosystem of SMS and OTP bombing tools engineered for scale, speed, and persistence.…
SSHStalker botnet brute-forces its way onto 7,000 Linux machines

Feb 12, 2026 5:58 AM

Tags: attack, authentication, backdoor, botnet, business, control, credentials, cve, exploit, infosec, Internet, linux, login, malware, monitoring, network, password, threat, unauthorized, virus, vulnerability

cron/systemd integrity monitoring, especially for ‘runs every minute’ patterns.Finally, because SSHStalker looks for older Linux machines, admins should have a legacy Linux eradication plan prioritizing the unhooking of machines with any version of Linux kernel 2.6, because these servers are being targeted. How it was discovered: Discovery of SSHStalker came after Flare created an SSH…
Police arrest seller of JokerOTP MFA passcode capturing tool

Feb 11, 2026 8:58 PM

Tags: access, automation, mfa, password, tool

The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/
Police arrest seller of JokerOTP MFA passcode capturing tool

Feb 11, 2026 8:58 PM

Tags: access, automation, mfa, password, tool

The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/
Password guessing without AI: How attackers build targeted wordlists

Feb 9, 2026 5:14 PM

Tags: ai, password, tool

Attackers don’t need AI to crack passwords, they build targeted wordlists from an organization’s own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/password-guessing-without-ai-how-attackers-build-targeted-wordlists/
GoBruteforcer – Botnetz nutzt schwache Passwörter für Angriffe auf Webserver

Feb 9, 2026 5:14 PM

Tags: botnet, cyberattack, password

First seen on security-insider.de Jump to article: www.security-insider.de/gobruteforcer-botnetz-angriffe-linux-webserver-a-20f0c9bfd20c7b62612537e2a98d9199/
Passwortsicherheit – ‘Ihr Passwort bitte?” ‘kaffeetasse”

Feb 9, 2026 1:13 PM

Tags: password

First seen on security-insider.de Jump to article: www.security-insider.de/ihr-passwort-bitte-kaffeetasse-a-858a6a6b41392cc23a2a117abfcbb73c/
UAE Cyber Security Council Warns Stolen Logins Fuel Majority of Financial Cyberattacks

Feb 9, 2026 10:14 AM

Tags: access, attack, breach, credentials, cyber, cyberattack, cybercrime, finance, fraud, identity, login, password, theft, threat, unauthorized

The UAE Cyber Security Council has issued a renewed warning about the growing threat of financial cybercrime, cautioning that stolen login credentials remain the most common entry point for attacks targeting individuals, companies, and institutions. According to the council, around 60% of financial cyberattacks begin with the theft of usernames and passwords, making compromised credentials…
New Telegram Phishing Scam Hijacks Login Flow to Steal Fully Authorized User Sessions

Feb 9, 2026 7:13 AM

Tags: api, authentication, credentials, cyber, login, malware, password, phishing, scam

A new and sophisticated Telegram phishing operation is active in the wild, targeting users globally by hijacking the platform’s legitimate authentication features. Unlike traditional phishing, which often relies on malware or cloning login pages to steal passwords, this campaign integrates directly with Telegram’s official infrastructure. The attackers register their own Telegram API credentials (api_id and api_hash) and…
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server

Feb 8, 2026 6:14 PM

Tags: attack, botnet, cybersecurity, password, russia, theft, windows

Cybersecurity firm eSentire’s TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics. First seen on hackread.com Jump to article: hackread.com/uk-construction-firm-prometei-botnet-windows-server/
Ten career-ending mistakes CISOs make and how to avoid them

Feb 6, 2026 2:14 PM

Tags: access, ai, attack, awareness, best-practice, breach, business, ciso, cloud, compliance, computing, conference, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, framework, GDPR, governance, guide, HIPAA, least-privilege, malicious, metric, monitoring, network, password, resilience, risk, social-engineering, strategy, technology, threat, tool, training, vulnerability, zero-trust

2. Poor communication with the board and C-suite: Technical expertise alone no longer suffices in the modern CISO role. Security leaders who fail to translate cyber risks into business impact quickly lose credibility with decision-makers who control budgets and strategic direction.When security leaders present endless technical details without connecting them to revenue loss, regulatory fines,…
macOS Users Hit by Python Infostealers Posing as AI Installers

Feb 5, 2026 4:14 PM

Tags: ai, crypto, google, macOS, microsoft, password, tool

Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces. First seen on hackread.com Jump to article: hackread.com/macos-users-python-infostealers-posing-ai-installers/
macOS Users Hit by Python Infostealers Posing as AI Installers

Feb 5, 2026 4:14 PM

Tags: ai, crypto, google, macOS, microsoft, password, tool

Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces. First seen on hackread.com Jump to article: hackread.com/macos-users-python-infostealers-posing-ai-installers/
Software supply chain risks join the OWASP top 10 list, access control still on top

Feb 5, 2026 9:13 AM

Tags: access, ai, attack, authentication, backdoor, backup, breach, cloud, computer, control, credentials, cybersecurity, data, data-breach, defense, encryption, flaw, governance, identity, injection, LLM, login, malicious, mfa, open-source, password, risk, software, sql, supply-chain, threat, unauthorized, update, vulnerability

1 Broken access control When applications fail to properly enforce restrictions on what authenticated users are allowed to do, allowing attackers to access unauthorized functionality or data. For example, an attacker might manipulate an URL parameter to access another user’s account information or escalate their privileges from a regular user to an administrator. This item…