Tag: theft
-
New XWorm RAT Campaign Leverages Phishing and CVE-2018-0802 Excel Exploit to Bypass Detection
Tags: attack, control, cve, cyber, cybercrime, data, ddos, detection, exploit, marketplace, phishing, ransomware, rat, theft, windowsXWorm, a multi-functional .NET”‘based RAT first observed in 2022, remains actively traded across cybercrime marketplaces and continues to attract both low-skilled and advanced operators thanks to its rich feature set and plugin-based architecture. Once deployed, it enables full remote control of compromised Windows systems, including data theft, remote desktop control, DDoS attacks, and ransomware execution.…
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
A New Data Theft Gang for the Health Sector to Lose Sleep Over
Newcomer ‘Insomnia’ Appears to Favor US Healthcare-Related Entities. A new cybercriminal gang, Insomnia, appears to have its eyes wide open for potential healthcare-related targets. Since surfacing on the darkweb in recent weeks, the apparent data theft group has chalked up 18 alleged victims on its data leak site, with more than half having ties to…
-
North Korean hackers use new macOS malware in crypto-theft attacks
North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-macos-malware-in-crypto-theft-attacks/
-
ZeroDayRAT spyware grants attackers total access to mobile devices
ZeroDayRAT is a commercial mobile spyware that grants full remote access to Android and iOS devices for spying and data theft. ZeroDayRAT is a newly discovered commercial mobile spyware toolkit that gives attackers full control over Android and iOS devices. It supports live camera access, keylogging, and theft of banking and crypto data. First spotted…
-
FIIG Securities Fined AU$2.5 Million Following Prolonged Cybersecurity Failures
Australian fixed-income firm FIIG Securities has been fined AU$2.5 million after the Federal Court found it failed to adequately protect client data from cybersecurity threats over a period exceeding four years. The penalty follows a major FIIG cyberattack in 2023 that resulted in the theft and exposure of highly sensitive personal and financial information belonging to thousands of clients. First seen on thecyberexpress.com…
-
Ivanti Zero-Days Likely Deployed in EU and Dutch Hacks
Ivanti’s Endpoint Manager Mobile Flaws Under Active Exploitation. The European Commission fell victim to a cyberattack that could have allowed the theft of some staff personal information. The European Union’s executive body said Friday it detected on Jan. 30 an attack on its central infrastructure managing mobile devices. First seen on govinfosecurity.com Jump to article:…
-
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/voidlink-malware-multi-cloud-ai/
-
Over 5 Million Misconfigured Git Web Servers Found Exposing Secrets Online
A massive widespread vulnerability in web server configurations has left millions of websites open to data theft and unauthorised takeover. A new 2026 study conducted by the Mysterium VPN research team reveals that nearly 5 million web servers worldwide are publicly exposing their .git repository metadata. The Scale of the Leak The research scanned the internet for…
-
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server
Cybersecurity firm eSentire’s TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics. First seen on hackread.com Jump to article: hackread.com/uk-construction-firm-prometei-botnet-windows-server/
-
Illinois man pleads guilty to hacking hundreds of Snapchat accounts to steal nude photos
Kyle Svara of Oswego, Illinois is facing decades in prison after pleading guilty to aggravated identity theft, wire fraud, computer fraud, conspiracy to commit computer fraud and false statements related to child pornography. First seen on therecord.media Jump to article: therecord.media/illinois-man-pleads-guilty-snapchat-nude-photo-hacks
-
17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware
Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000… First seen on hackread.com Jump to article: hackread.com/openclaw-add-ons-crypto-theft-macos-malware/
-
Romania’s oil pipeline operator confirms cyberattack as hackers claim data theft
Romania’s national oil pipeline operator Conpet said a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier this week, adding that oil transport operations were not affected. First seen on therecord.media Jump to article: therecord.media/romania-conpet-oil-pipeline-ransomware-attack
-
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.The compromised versions of the two packages are listed below -@dydxprotocol/v4-client-js (npm) – 3.4.1, 1.22.1, 1.15.2, 1.0.31& First…
-
Hacker claims theft of data from 700,000 Substack users; Company confirms breach
Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including email addresses and phone numbers. Substack is an online platform for publishing email”‘based newsletters and blogs, with built”‘in paid subscriptions and basic analytics. It’s free to start; creators pay a fee on paid plans. In 2026 it’s estimated to serve…
-
OpenClaw AI Agent Sparks Global Security Alarm
Open-Source Tool Security ‘Dumpster Fire,’ Experts Warn. An open-source AI assistant that exploded in popularity over the past month is exposing users to data theft, malicious code and runaway costs. Users can add functions called skills that connect assistants with different services – and hackers have been quick to add malicious examples. First seen on…
-
DragonForce Ransomware Targets Critical Businesses to Exfiltrate Sensitive Data
DragonForce is a ransomware group that emerged in late 2023 and has grown into a serious threat to businesses by combining data theft with file encryption. The group uses dual extortion: it steals sensitive data, encrypts systems, and then threatens to publish the stolen information on dark web leak sites if victims do not pay.”‹…
-
APT28 Hackers Exploit Microsoft Office Vulnerability to Target Government Agencies
Tags: attack, cyber, cyberattack, espionage, exploit, government, hacker, microsoft, military, office, phishing, russia, spear-phishing, theft, vulnerabilityRussian state-sponsored hackers, known as APT28 or Fancy Bear, have launched a new wave of cyberattacks targeting government and military organizations across Europe. This sophisticated espionage campaign, observed in late January 2026, targets the theft on secrets from maritime and transport agencies in countries such as Poland, Greece, and Ukraine. The attacks start with spear-phishing…
-
Victims Are Rebuffing Ransomware Mass Data Theft Campaigns
Revenue From Supply-Chain Attacks by Clop Group Sharply Fell, Report Investigators. Once lucrative steal-and-leak campaigns pioneered by Russian ransomware group Clop look set to go the way of the dinosaurs. While an estimated 25% of victims paid a ransom in the inaugural campaign five years ago, the number of victims that paid fell to zero…
-
Chinese Money Laundering Jargon via Google’s Gemini
After having a short discussion with Gemini about Chinese Money Laundering, I could tell we weren’t quite connecting on my Mandarin-assistance requests, so I shared an example post from a Telegram “Crime-as-a-Service” group that was part of a Chinese Guarantee Syndicate. For context, these posts were made in the Tudou Guarantee Syndicate’s group dedicated to…
-
Step Finance says compromised execs’ devices led to $40M crypto theft
Step Finance announced that it lost $40 million worth of digital assets after hackers compromised devices belonging to the company’s team of executives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/step-finance-says-compromised-execs-devices-led-to-40m-crypto-theft/
-
Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems
Everest ransomware claims a breach involving legacy Polycom systems later acquired by HP Inc., alleging the theft of 90GB of internal data. First seen on hackread.com Jump to article: hackread.com/everest-ransomware-data-theft-legacy-polycom-system/
-
GhostChat Malware Locks Victims’ Devices, Demands Passcodes for Restoration
A new Android spyware campaign that uses romance scams and fake chat profiles to spy on users in Pakistan. The malicious app, named GhostChat and detected as Android/Spy.GhostChat.A, disguises itself as a dating chat platform but is actually built for data theft and surveillance. Instead of being listed on Google Play, it is distributed as…
-
Transparency in Decline as Data Breaches Hit New High
ITRC Report: 2025 Breach Notices Lack Critical Details as AI-Based Attacks Surge. The Identity Theft Resource Center tracked a record 3,322 U.S. data breaches in 2025, more than any previous year. Yet, only 30% of breach notices included actionable details that other defenders need. ITRC’s James Lee warns that this lack of transparency puts people…
-
Capital Health to Pay $4.5M in LockBit Breach Settlement
Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000. Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees. First seen on…
-
Ex-Google Engineer Convicted of Stealing AI Data for China
Linwei Ding Faces Decades in Prison for Trade Secret Theft, Espionage. A federal jury in San Francisco convicted a former Google software engineer of stealing thousands of pages of confidential AI data and transferring it to Chinese technology companies. Linwei Ding is guilty of seven counts of economic espionage and seven counts of trade secret…