Tag: theft
-
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
Tags: access, authentication, backdoor, credentials, cybersecurity, detection, linux, malicious, theftCybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year.”The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,” Nextron Systems researcher Pierre-Henri Pezier said.Pluggable Authentication Modules First seen on thehackernews.com Jump…
-
Threat Actors Impersonate Microsoft OAuth Apps to Steal Login Credentials
Tags: adobe, authentication, credentials, cyber, login, malicious, microsoft, phishing, theft, threatThreat actors are leveraging sophisticated phishing campaigns by creating fake Microsoft OAuth applications to impersonate legitimate enterprises, enabling credential theft while bypassing multifactor authentication (MFA). Proofpoint researchers have tracked this activity since early 2025, identifying over 50 impersonated applications, including those mimicking RingCentral, SharePoint, Adobe, and DocuSign. These malicious OAuth apps serve as initial lures,…
-
Staggering 800% Rise in Infostealer Credential Theft
Flashpoint data reveals an 800% increase in credentials stolen via infostealers in just six months First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/staggering-800-rise-infostealer/
-
Summer: Why cybersecurity must be strengthened as vacations abound
Tags: access, ai, attack, authentication, automation, awareness, backup, control, corporate, credentials, cybersecurity, data, detection, email, encryption, exploit, infrastructure, malicious, mfa, monitoring, network, office, password, resilience, risk, theft, threat, tool, training, update, usa, vpn, wifiGuillermo Fernandez, Sales Engineer for Southern Europe at WatchGuard Technologies. WatchGuard Technologies.Another important point is that, during the summer, attackers know that many IT and cybersecurity teams are operating with more limited resources or with staff on vacation. “They take advantage of this to launch phishing campaigns and other targeted attacks, aware that attention and vigilance often…
-
Ingram Micro Partners ‘Concerned’ About Claimed SafePay Data Theft
Solution providers tell CRN they fear their own company’s or their customers’ data could be made public in the wake of reports that the Safepay ransomware organization has stolen 3.5 terabytes of Ingram Micro data. First seen on crn.com Jump to article: www.crn.com/news/security/2025/ingram-micro-partners-concerned-about-claimed-safepay-data-theft
-
Ransomware Gangs Leverage TrickBot Malware to Steal US $724 Million in Cryptocurrency
Ransomware affiliates associated with groups like Ryuk, Conti, and Diavol have increasingly relied on the modular TrickBot malware to facilitate sophisticated extortion campaigns, resulting in over US$724 million in cryptocurrency theft. Originally emerging in 2016 as a banking Trojan, TrickBot has transformed into a versatile malware platform that supports initial access, credential theft, and lateral…
-
Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies
Exploits multiply as defenders play catch-up: Vulnerability disclosure rose by 246%, and publicly available exploits increased by 179%, with over 20000 vulnerabilities disclosed in the first half of 202535% of which already have exploit code.A backlog of 42000 vulnerabilities awaiting NVD analysis and delays in CVE enrichment leave organizations blind to many critical flaws, the…
-
Hacker Arrested for Data Theft Targeting Spanish Bank Customers
Spanish authorities have successfully apprehended a sophisticated cybercriminal who allegedly stole sensitive data from major financial institutions, educational organizations, and private companies across the country. The arrest represents a significant victory in the ongoing battle against cybercrime targeting Spanish citizens and businesses. A collaborative effort between the Mossos d’Esquadra (Catalan police) and Spain’s National Police…
-
Bangalore Techie Arrested for Alleged Role in $44 Million Cryptocurrency Theft
A Bangalore-based technology professional has been arrested in connection with a massive cryptocurrency theft worth approximately ₹379 crore ($44 million) from the popular Indian crypto exchange CoinDCX, according to law enforcement officials. The arrest represents one of the most significant cryptocurrency fraud cases in India’s rapidly evolving digital asset landscape. The suspect, whose identity has…
-
NOVABLIGHT Masquerades as Educational Tool to Steal Login Credentials and Compromise Crypto Wallets
A newly analyzed Malware-as-a-Service (MaaS) infostealer, NOVABLIGHT, has emerged as a significant cybersecurity threat, targeting unsuspecting users with advanced data theft capabilities. Developed and sold by the Sordeal Group, a threat actor demonstrating French-language proficiency, NOVABLIGHT is marketed as an >>educational tool
-
ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shinyhunters-behind-salesforce-data-theft-attacks-at-qantas-allianz-life-and-lvmh/
-
Nikesh Arora: Why Palo Alto Is Making a $25B Bet on Identity
Tags: access, ai, attack, ceo, credentials, cybersecurity, identity, network, ransomware, risk, theftCyberArk Deal Adds Privileged Access Capabilities to Palo Alto Networks’ Core Stack. With a $25 billion acquisition of CyberArk, Palo Alto Networks expands its cybersecurity platform to secure human, machine and AI identities. CEO Nikesh Arora said the move is timely as 88% of ransomware attacks now stem from credential theft, and agentic AI emerges…
-
2 Law Group Data Theft Hacks Affect 282,100 Patients
Firm Admits Paying Ransom in Exchange of Hacker’s Promise to Delete Stolen Info. Two Florida-based law firms with offices in other states are notifying 282,100 people whose healthcare and other information was potentially compromised in separate data theft incidents. One of the firms admitted to paying a ransom to prevent its data from being leaked…
-
TrickBot Behind More Than $724 Million in Crypto Theft and Extortion
Akamai’s latest Ransomware Report 2025 reveals “quadruple extortion,” new AI-driven tactics by groups like Black Basta, FunkSec, and TrickBot, and growing threats to non-profits. Learn about evolving cyber threats. First seen on hackread.com Jump to article: hackread.com/trickbot-behind-724-million-crypto-theft-extortion/
-
Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero
Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks.DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen…
-
GLOBAL GROUP Ransomware Claims Breach of Media Giant Albavisión
GLOBAL GROUP Ransomware targets media giant Albavisión, claims 400 GB data theft as it continues hitting global sectors with advanced extortion tactics. First seen on hackread.com Jump to article: hackread.com/global-group-ransomware-media-giant-albavision-breach/
-
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
Makers of the app for women called Tea are continuing to respond to an intrusion into a “legacy data storage system” that exposed photos of users, including images of driver’s licenses. First seen on therecord.media Jump to article: therecord.media/tea-app-data-breach-stolen-ids-leaked
-
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs. Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in prison for aiding North Korean IT workers in infiltrating 309 U.S. companies. She pleaded guilty to charges including aggravated identity theft, conspiracy to…
-
The role of the cybersecurity PM in incident-driven development
From PowerShell abuse to USB data theft, modern threats hit fast”, and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-role-of-the-cybersecurity-pm-in-incident-driven-development/
-
Hackers Exploit Google Forms to Trick Victims into Stealing Cryptocurrency
Cybercriminals are increasingly using Google Forms to plan cryptocurrency theft in a sophisticated evolution of phishing assaults, taking advantage of the platform’s built-in credibility and smooth integration with Google’s ecosystem. This tactic allows malicious actors to bypass traditional email security filters, delivering deceptive messages directly to victims’ inboxes. By masquerading as legitimate notifications from cryptocurrency…
-
Unbefugter Zugriff bei einer Fluggesellschaft aus Hongkong
Cathay Statement – Theft of Asia Miles Incident First seen on cathaypacific.com Jump to article: www.cathaypacific.com/cx/de_DE/prepare-trip/travel-advisories/cathay-statement.html
-
Most data breaches have unknown causes as transparency continues to fall
The Identity Theft Resource Center (ITRC) reports 1,732 publicly disclosed data breaches in H1 2025, marking a 5% increase over the same period in 2024. The ITRC could track a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/24/itrc-data-breaches-h1-2025/
-
Warning to feds: US infrastructure is under silent attack
Tags: attack, awareness, breach, business, ceo, cisa, control, cyber, cybersecurity, data, defense, exploit, government, Hardware, infrastructure, intelligence, risk, technology, theft, threat, vulnerabilityIT and OT are fundamentally different: Robert M. Lee, CEO and co-founder of cybersecurity company Dragos, Inc., also spoke at the hearing, pointing out that enterprises and regulators must “recognize and account for” the differences between information technology (IT) and OT systems.”IT and OT systems differ fundamentally in both purpose and operation,” he said. “While…
-
Silicon Valley engineer admits theft of US missile tech secrets
Used stolen info to pitch for Chinese tech talent program First seen on theregister.com Jump to article: www.theregister.com/2025/07/22/engineer_admits_trade_theft/
-
Hackers Exploit Microsoft SharePoint Flaws in Global Breaches
Hackers are exploiting critical SharePoint flaws (CVE-2025-53770/53771) to breach global targets, including governments and corporations. Microsoft urges immediate action. Learn about the active attacks and how to protect your network from credential theft and backdoors. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-microsoft-sharepoint-flaws-breaches/