Tag: theft

PoisonSeed Threat Actor Strengthens Credential Theft Operations with New Domains

Sep 11, 2025 12:16 PM

Tags: captcha, credentials, cyber, email, theft, threat

Spoof the email delivery platform SendGrid and employ fake Cloudflare CAPTCHA interstitials to lend legitimacy before redirecting unsuspecting users to credential harvesting pages. Since June 1, 2025, DomainTools Investigations has identified 21 newly registered domains exhibiting hallmarks of the eCrime actor known as PoisonSeed. Although specific victims have not been confirmed, PoisonSeed’s historical focus on…
Ransomware insurance losses spike despite fewer claims: Resilience

Sep 10, 2025 6:22 PM

Tags: ai, attack, insurance, phishing, ransomware, resilience, tactics, theft

AI-powered phishing, “double extortion” tactics and insurance policy theft are fueling more destructive, costly ransomware attacks, the;cybersecurity firm said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ransomware-insurance-losses-spike-claims-resilience-ai-phishing/759626/
New Fileless Malware Attack Uses AsyncRAT for Credential Theft

Sep 10, 2025 6:22 PM

Tags: attack, credentials, malware, theft

LevelBlue Labs reports AsyncRAT delivered through a fileless attack chain using ScreenConnect, enabling credential theft and persistence. First seen on hackread.com Jump to article: hackread.com/fileless-malware-attack-asyncrat-credential-theft/
Jaguar Land Rover confirms data theft after recent cyberattack

Sep 10, 2025 6:02 PM

Tags: cyberattack, data, theft

Jaguar Land Rover (JLR) confirmed today that attackers also stole “some data” during a recent cyberattack that forced it to shut down systems and instruct staff not to report to work. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/jaguar-land-rover-jlr-confirms-data-theft-after-recent-cyberattack/
How to Protect Your Enterprise Against Account Takeover Attacks

Sep 10, 2025 5:16 PM

Tags: attack, breach, credentials, hacker, identity, login, theft

At this very moment, there are at least 16 billion recently stolen login credentials available to hackers in various dark corners of the internet. That is, according to the Cybernews researchers who uncovered the massive breach, “a blueprint for mass exploitation”¦. account takeover, identity theft, and highly targeted phishing.” While account takeover (ATO) attacks can……
6 hot cybersecurity trends

Sep 10, 2025 5:16 PM

Tags: access, ai, attack, automation, awareness, breach, ceo, chatgpt, cisco, ciso, cloud, compliance, credentials, crowdstrike, cyber, cybersecurity, data, data-breach, deep-fake, edr, email, endpoint, finance, firewall, google, group, hacker, ibm, identity, incident response, infrastructure, intelligence, jobs, law, LLM, malicious, mfa, monitoring, network, open-source, password, phishing, phone, radius, RedTeam, risk, risk-assessment, sans, skills, sophos, strategy, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability, zero-trust

2. Protecting AI from attacks: AI can help CISOs protect their IT infrastructure, but who’s protecting the AI?”While 2024 saw a surge in proof-of-concept (POC) projects for gen AI, many organizations are moving these projects into production without conducting comprehensive risk assessments,” IDC concludes in its 2025 Security and Trust FutureScape.”Companies may face significant vulnerabilities…
6 hot cybersecurity trends

Sep 10, 2025 5:16 PM

Tags: access, ai, attack, automation, awareness, breach, ceo, chatgpt, cisco, ciso, cloud, compliance, credentials, crowdstrike, cyber, cybersecurity, data, data-breach, deep-fake, edr, email, endpoint, finance, firewall, google, group, hacker, ibm, identity, incident response, infrastructure, intelligence, jobs, law, LLM, malicious, mfa, monitoring, network, open-source, password, phishing, phone, radius, RedTeam, risk, risk-assessment, sans, skills, sophos, strategy, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability, zero-trust

2. Protecting AI from attacks: AI can help CISOs protect their IT infrastructure, but who’s protecting the AI?”While 2024 saw a surge in proof-of-concept (POC) projects for gen AI, many organizations are moving these projects into production without conducting comprehensive risk assessments,” IDC concludes in its 2025 Security and Trust FutureScape.”Companies may face significant vulnerabilities…
European crypto platform SwissBorg to reimburse users after $41 million theft

Sep 10, 2025 5:16 PM

Tags: breach, crypto, theft

Nearly 200,000 Solana coins were stolen from SwissBorg, or about 2% of its assets, according to the platform’s CEO. The company pledged to pay users back. First seen on therecord.media Jump to article: therecord.media/swissborg-platform-solana-cryptocurrency-stolen
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads

Sep 9, 2025 3:09 PM

Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerability

Financial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads

Sep 9, 2025 3:09 PM

Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerability

Financial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
SessionReaper Vulnerability Puts Magento Adobe Commerce Sites in Hacker Crosshairs

Sep 9, 2025 2:08 PM

Tags: adobe, api, cve, cyber, data, hacker, open-source, theft, update, vulnerability

Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data theft, and fraudulent orders without requiring valid session tokens. Adobe will release an emergency fix…
SessionReaper Vulnerability Puts Magento Adobe Commerce Sites in Hacker Crosshairs

Sep 9, 2025 2:08 PM

Tags: adobe, api, cve, cyber, data, hacker, open-source, theft, update, vulnerability

Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data theft, and fraudulent orders without requiring valid session tokens. Adobe will release an emergency fix…
Salesloft Drift Hack Claims New Victims in Tenable, Qualys

Sep 9, 2025 12:08 AM

Tags: access, attack, authentication, cybersecurity, github, hacker, service, software, theft, tool

Salesloft Says Hackers Broke Into Its GitHub Repository. Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft. First seen on govinfosecurity.com Jump to article:…
Salesloft Drift Hack Claims New Victims in Tenable, Qualys

Sep 9, 2025 12:08 AM

Tags: access, attack, authentication, cybersecurity, github, hacker, service, software, theft, tool

Salesloft Says Hackers Broke Into Its GitHub Repository. Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft. First seen on govinfosecurity.com Jump to article:…
Hackers breached Salesloft ‘s GitHub in March, and used stole tokens in a mass attack

Sep 8, 2025 10:09 PM

Tags: attack, authentication, data, github, hacker, theft, threat

Hackers breached Salesloft’s GitHub in March, stole tokens, and used them in a mass attack on several major tech customers. Salesloft revealed that the threat actor UNC6395 breached its GitHub account in March, stealing authentication tokens that were later used in a large-scale attack against several major tech customers. Salesforce data theft attacks impacted major…
Salesloft says Drift customer data thefts linked to March GitHub account hack

Sep 8, 2025 8:09 PM

Tags: breach, data, github, theft

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/08/salesloft-says-drift-customer-data-thefts-linked-to-march-github-account-hack/
Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Sep 8, 2025 6:08 PM

Tags: attack, breach, data, github, theft

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/salesloft-march-github-repo-breach-led-to-salesforce-data-theft-attacks/
Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Sep 8, 2025 6:08 PM

Tags: attack, breach, data, github, theft

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/salesloft-march-github-repo-breach-led-to-salesforce-data-theft-attacks/
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
macOS Under Attack: Atomic Stealer Hidden in Pirated Software

Sep 8, 2025 11:08 AM

Tags: apple, attack, cyber, cybercrime, cybersecurity, data, macOS, malware, software, theft, threat

The cybersecurity landscape for macOS users has taken a dangerous turn as cybercriminals increasingly target Apple’s ecosystem with sophisticated malware campaigns. Atomic macOS Stealer (AMOS), a specialized data-theft malware, has emerged as one of the most significant threats to Mac users, particularly those seeking cracked software applications. While macOS has historically maintained a reputation as…
Tenable Data Breach Confirmed -Customer Contact Details Compromised

Sep 8, 2025 10:08 AM

Tags: attack, breach, cyber, cybersecurity, data, data-breach, theft

Tenable, a well-known cybersecurity company, has confirmed that it was affected by a recent large-scale data theft campaign. The attack targeted Salesforce and Salesloft Drift integrations, and Tenable was one of the organizations caught up in the incident. The company stressed that while customer contact details were accessed, Tenable products and the data inside those…
Securing AI Models Against Adversarial Attacks in Financial Applications

Sep 6, 2025 2:20 PM

Tags: ai, attack, cyber, cyberattack, data, finance, intelligence, theft, threat, training

The rapid adoption of artificial intelligence (AI) agents across industries has brought significant benefits but also increased exposure to cyber threats, particularly adversarial attacks. According to the Deloitte Threat Report, nearly 30% of all AI cyberattacks now involve adversarial techniques such as training data poisoning, model theft, and adversarial sample manipulation, which can cause AI……
Cybersecurity Snapshot: Expert Advice for Securing Critical Infrastructure’s OT and Industrial Control Systems, IoT Devices and Network Infrastructure

Sep 5, 2025 6:20 PM

Tags: access, advisory, apt, attack, authentication, breach, china, cisa, cisco, cloud, compliance, computer, computing, control, credentials, cryptography, cve, cyber, cybersecurity, data, defense, detection, espionage, exploit, firmware, framework, google, government, guide, hacker, Hardware, incident response, infrastructure, international, Internet, iot, login, mfa, military, mitigation, monitoring, network, nist, organized, password, phishing, ransomware, regulation, risk, russia, sans, service, software, technology, theft, threat, tool, update, vulnerability, zero-trust

Destructive cyber attacks against critical infrastructure have unfortunately become increasingly frequent. Just last week, multinational government agencies blared the alarm about a global cyber espionage campaign targeting critical infrastructure networks. With this type of cyber threat in the spotlight, we’re rounding up recent cyber advice for securing critical infrastructure. In case you missed it, here…
NightshadeC2 Botnet Exploits ‘UAC Prompt Bombing’ to Evade Windows Defender

Sep 5, 2025 9:19 AM

Tags: access, botnet, credentials, cyber, endpoint, exploit, malware, theft, threat, windows

A sophisticated new botnet called NightshadeC2 that employs an innovative >>UAC Prompt Bombing
Pressure on CISOs to stay silent about security incidents growing

Sep 4, 2025 10:20 AM

Tags: access, breach, business, cio, ciso, corporate, credentials, credit-card, crowdstrike, cybersecurity, data, data-breach, email, finance, framework, group, hacker, iam, identity, incident response, insurance, law, mfa, ransomware, sap, security-incident, software, theft, threat, training

‘Intense pressure’ to keep quiet about security incidents: CSO spoke to two other former CISOs who reported pressures to stay silent about suspected security incidents. Both CISOs requested to remain anonymous due to end-of-contract confidentiality agreements made with previous employers.”While working inside a Fortune Global 500 company in Europe, I witnessed this multiple times,” one…
New ‘NotDoor’ Malware Targets Outlook Users for Data Theft and System Compromise

Sep 4, 2025 8:20 AM

Tags: backdoor, control, cyber, data, espionage, group, hacker, malware, microsoft, russia, theft, threat

Russian state-sponsored hackers have developed a sophisticated new backdoor malware called >>NotDoor
MystRodX: Weaponizing DNS and ICMP for Data Theft

Sep 3, 2025 1:19 PM

Tags: backdoor, cyber, data, dns, exploit, network, theft

A sophisticated backdoor, MystRodX, that exploits DNS and ICMP protocols to stealthily activate and exfiltrate data from compromised systems. Deployed via a dropper disguised as a Mirai variant, MystRodX remained undetected for over 20 months by hiding its activation logic within network packet payloads. Security researchers have uncovered a MystRodX supports both active and passive…
Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

Sep 3, 2025 11:19 AM

Tags: attack, cyberattack, data, theft

Jaguar Land Rover shut down systems after a cyberattack, disrupting production and retail, but says customer data likely remains safe. Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack occurred over the weekend, and it also impacted systems at the Solihull production plant. UK dealers reported…