Tag: theft
-
Hackers Exploit Microsoft SharePoint Flaws in Global Breaches
Hackers are exploiting critical SharePoint flaws (CVE-2025-53770/53771) to breach global targets, including governments and corporations. Microsoft urges immediate action. Learn about the active attacks and how to protect your network from credential theft and backdoors. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-microsoft-sharepoint-flaws-breaches/
-
Silicon Valley Engineer Pleads Guilty in U.S. Missile Detection Data Theft Case
A Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights growing concerns about economic espionage and technology transfer to foreign adversaries. Engineer Admits to Massive Data Theft Chenguang…
-
Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate
Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign. The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge. It’s believed to be active since early 2021, indiscriminately targeting a wide…
-
Indian crypto exchange CoinDCX says $44 million stolen from reserves
The founders of Indian cryptocurrency exchange CoinDCX said no customer funds were affected in a more than $40 million theft from reserves. First seen on therecord.media Jump to article: therecord.media/indian-crypto-dcx-millions-stolen
-
Hackers Exploit FIDO MFA With Novel Phishing Technique
PoisonSeed Threat Actor Uses Cross-Device Login Feature and QR Code to Trick Users. Expel researchers have found a novel adversary-in-the-middle phishing technique used by PoisonSeed, a cybercrime group previously tied to large-scale cryptocurrency thefts, to sidestep one of the most secure forms of multifactor authentication – FIDO2 physical keys. First seen on govinfosecurity.com Jump to…
-
LameHug: first AI-Powered malware linked to Russia’s APT28
LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group. Ukrainian CERT-UA warns of a new malware strain dubbed LameHug that uses a large language model (LLM) to generate commands to be executed on compromised Windows systems. Ukrainian experts attribute the malware to the Russia-linked…
-
Signal App Clone Telemessage App Vulnerability Actively Exploited for Password Theft
A critical vulnerability in TeleMessageTM SGNL, an enterprise messaging platform modeled after Signal, is being actively exploited by threat actors to steal passwords and sensitive data from government agencies and enterprises. The flaw, tracked as CVE-2025-48927, was added to CISA’s Known Exploited Vulnerabilities catalog on July 14th, indicating widespread exploitation in the wild. Vulnerability Details…
-
Signal App Clone Vulnerability Actively Exploited for Password Theft
A critical vulnerability in TeleMessageTM SGNL, an enterprise messaging platform modeled after Signal, is being actively exploited by threat actors to steal passwords and sensitive data from government agencies and enterprises. The flaw, tracked as CVE-2025-48927, was added to CISA’s Known Exploited Vulnerabilities catalog on July 14th, indicating widespread exploitation in the wild. Vulnerability Details…
-
Golden dMSA Flaw Exposes Firms to Major Credential Theft
Semperis Warns of Flaw in Windows Server 2025 Delegated Managed Service Accounts. A critical cryptographic flaw in Windows Server 2025’s delegated Managed Service Accounts, or dMSAs, allows attackers to generate passwords for every managed service account across an Active Directory forest and create a backdoor, Semperis researchers found. First seen on govinfosecurity.com Jump to article:…
-
LameHug malware uses AI LLM to craft Windows data-theft commands in real-time
A novel malware family named LameHug is using a large language model (LLM) to generate commands to be executed on compromised Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lamehug-malware-uses-ai-llm-to-craft-windows-data-theft-commands-in-real-time/
-
Cryptohack Roundup: Abacus Market’s Suspected Exit Scam
Also: Scammer Gets 12-Year Sentence for Dodging Restitution. Abacus Market’s suspected exit scam, crypto scammer gets 12 years for dodging restitution, GMX exploiter returns funds, BigOne’s $27M hack, Arcadia Finance’s $3.5M theft, NZ woman’s trial for alleged murder and a DOJ crypto fraud filing’s potential unmasking of MoonPay victims. First seen on govinfosecurity.com Jump to…
-
North Korean hackers blamed for record spike in crypto thefts in 2025
Chainalysis said crypto thefts during the first half of 2025 were at record levels, thanks in large part to a single breach at a major crypto exchange. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/17/north-korean-hackers-blamed-for-record-spike-in-crypto-thefts-in-2025/
-
Topsy-Turvy Data Breach Reality: Incidents Up, Victims Down
Most Compromises Trace to Financial Services, Healthcare, Professional Services. Data breaches rage on. In the first half of this year, the Identity Theft Resource Center counted 1,732 total data breaches affecting 166 million people, marking a rise in data breaches but a decline in victims, likely due to a drop in mega-breaches. First seen on…
-
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks
The value of losses to crypto thefts has soared this year to more than $2 billion over the first six months, the blockchain analytics company Chainalysis found. First seen on therecord.media Jump to article: therecord.media/chainalysis-crypto-stolen-billions
-
UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations
UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit…
-
Co-op chief ‘incredibly sorry’ for theft of 6.5m members’ data
Co-op chief executive Shirine Khoury-Haq has revealed that all the personal data of all 6.5 million of its members was compromised in the April 2025 cyber attack on its systems. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627833/Co-op-chief-incredibly-sorry-for-theft-of-65m-members-data
-
Salt Typhoon hacked the US National Guard for 9 months, and accessed networks in every state
Tags: access, attack, best-practice, breach, credentials, cve, cyber, cybersecurity, data, defense, exploit, government, group, hacking, infrastructure, Internet, malicious, military, network, service, theft, threat, vulnerabilitySensitive military data stolen: The attackers gained access to highly sensitive military and infrastructure information during the nine-month intrusion. The memo stated that “in 2024, Salt Typhoon used its access to a US state’s Army National Guard network to exfiltrate administrator credentials, network traffic diagrams, a map of geographic locations throughout the state, and PII…
-
21-year-old former US soldier pleads guilty to hacking, extorting telecoms
Cameron John Wagenius faces up to 27 years in prison after pleading guilty to wire fraud, extortion and aggravated identity theft in data breaches involving major corporations. First seen on therecord.media Jump to article: therecord.media/cameron-john-wagenius-former-us-soldier-guilty-plea-hacking
-
Dark Partners Hacker Group Drains Crypto Wallets Using Fake AI Tools and VPN Services
The financially driven organization known as Dark Partners has been planning massive cryptocurrency theft since at least May 2025, using a complex network of more than 250 malicious domains that pose as AI tools, VPN services, cryptocurrency wallets, and well-known software brands. This is part of a rapidly developing cybercrime operation. These fake websites, distributed…
-
Former U.S. Army Member Pleads Guilty in Telecom Hacking Case
A 21-year-old former U.S. Army soldier has pleaded guilty to participating in a sophisticated cybercrime operation that targeted telecommunications companies through hacking, data theft, and extortion schemes. Cameron John Wagenius, who was stationed in Texas during his military service, admitted to conspiring with others to breach protected computer networks and demand ransom payments from victim…
-
How defenders use the dark web
Tags: access, antivirus, attack, breach, corporate, credit-card, crypto, cyber, cybercrime, dark-web, data, data-breach, email, extortion, finance, fraud, government, group, hacker, healthcare, identity, incident, insurance, intelligence, Internet, interpol, law, leak, lockbit, mail, malware, monitoring, network, phishing, ransom, ransomware, service, software, theft, threat, tool, usa, vpnAttributing attacks to threat actors: When organizations suffer from data breaches and cyber incidents, the dark web becomes a crucial tool for defenders, including the impacted businesses, their legal teams, and negotiators.Threat actors such as ransomware groups often attack organizations to encrypt and steal their data so they can extort them for money, in exchange…
-
Malicious VSCode extension in Cursor IDE led to $500K crypto theft
A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-vscode-extension-in-cursor-ide-led-to-500k-crypto-theft/
-
Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment
The person behind a $42 million theft from the decentralized exchange GMX has returned the stolen cryptocurrency in exchange for a $5 million bounty. First seen on therecord.media Jump to article: therecord.media/hacker-returns-stolen-gmx-bounty
-
Arkana Ransomware Gang Claims Theft of 2.2 Million Customer Records
The Arkana ransomware group burst onto the cybercrime scene with a high-profile attack on WideOpenWest (WOW!), a prominent U.S. internet service provider, in late March. The group boldly claimed to have exfiltrated two massive databases containing approximately 403,000 and 2.2 million customer records, while also seizing control of critical backend systems such as WOW!’s AppianCloud…
-
Crypto Roundup: Malicious Firefox Extensions
Also: Winkle Abduction Sentencing and Crypto Theft Rising. This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee. First seen on govinfosecurity.com…
-
Exploit details released for Citrix Bleed 2 flaw affecting NetScaler
Tags: access, advisory, authentication, backdoor, backup, citrix, credentials, cve, data-breach, endpoint, exploit, flaw, leak, mitigation, password, theft, tool, vulnerability, zero-daySimilarities to the original Citrix Bleed: CVE-2025-5777 has been dubbed Citrix Bleed 2 due to its similarities to a zero-day information disclosure vulnerability fixed in October 2023 (CVE-2023-4966) that received the Citrix Bleed moniker because it enabled attackers to leak session tokens from memory, allowing for session takeover with multifactor authentication bypass.Similarly, CVE-2025-5777 can lead…
-
US Announces Arresting Chinese Hacker Linked to HAFNIUM Group
A Chinese state-sponsored hacker, Xu Zewei, 33, has been arrested for his alleged role in the widespread HAFNIUM cyber attacks and theft of COVID-19 research. Learn about the charges and China’s Ministry of State Security involvement. First seen on hackread.com Jump to article: hackread.com/us-arresting-chinese-hacker-linked-to-hafnium-group/
-
SparkKitty Malware Steals Photos from iOS and Android Devices
A sophisticated Trojan malware campaign has been targeting mobile device users across iOS and Android platforms since February 2024, with cybersecurity researchers identifying a significant escalation in photo theft capabilities that poses particular risks to cryptocurrency users and individuals storing sensitive information in their device galleries. SparkKitty represents a concerning evolution in mobile malware distribution,…
-
Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft
The US allege that the hacker stole critical COVID-19 research from universities at the behest of the Chinese government First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-state-hacker-charged-covid/
-
Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures
Browser hijacking and phishing risks: According to their research, the malicious code was embedded in each extension’s background service worker and used browser APIs to monitor tab activity. Captured data, including URLs and unique tracking IDs, was sent to attacker-controlled servers, which in turn provided redirect instructions.The setup enabled several attack scenarios, including redirection to…