Tag: theft
-
Google Warns Ransomware Groups Shift to Data Theft as Profits Decline
Google is warning that ransomware gangs are reinventing their business model as traditional encryption”‘for”‘ransom attacks become less profitable and data”‘theft extortion surges.”‹ Better cybersecurity controls, improved backup strategies, and stronger recovery capabilities mean more victims can restore their systems without paying, directly eroding criminal revenue. Public reporting also shows that both ransom payment rates and average demand…
-
FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft
FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026. First seen on hackread.com Jump to article: hackread.com/fbi-investigate-steam-games-malware-crypto-theft/
-
Telus Digital confirms hack as ShinyHunters claims credit for massive data theft
The Canadian business-process outsourcer, which counts many major businesses among its customers, still isn’t sure what the hackers stole. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/telus-digital-cyberattack-shinyhunters/814817/
-
ShinyHunters Claims 1 Petabyte Data Theft from Telecom Giant Telus
ShinyHunters claims it stole up to 1 petabyte of data from Telus Digital, including support recordings, code, and employee records after a breach. First seen on hackread.com Jump to article: hackread.com/shinyhunters-1-petabyte-data-breach-telus-digital/
-
Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine…
-
IRONSCALES Winter ’26 Release: Preemptive Email Security
<div cla A few months ago, I wrote about the Phishing Renaissance and how AI hasn’t invented new attack types so much as perfected the classics. Credential theft, vendor impersonation, executive fraud. Same playbook, exponentially better execution. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/ironscales-winter-26-release-preemptive-email-security/
-
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques.”The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients First seen on thehackernews.com…
-
Storm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise Credentials
A financially motivated threat actor tracked as Storm-2561 is running a credential theft campaign that abuses SEO poisoning and fake, signed VPN installers to steal enterprise VPN credentials. Active since May 2025, Storm-2561 continues to exploit user trust in search results, known VPN brands, and code-signing certificates to distribute malware disguised as legitimate remote access…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Iran War Bait Fuels TA453, TA473 Phishing Campaigns
Tags: cloud, credentials, cyber, espionage, exploit, government, iran, malware, middle-east, phishing, service, theft, threatTA453, TA473, and several emerging threat clusters are exploiting breaking news about the Iran war to run highly targeted phishing campaigns against governments and policy organizations across the Middle East and beyond. These operations blend traditional espionage with opportunistic credential theft and malware delivery, often abusing compromised government accounts and trusted cloud services to increase…
-
PsExec and Renamed Backup Tools Enabled Data Theft Before INC Ransomware Attack
A ransomware intrusion in which attackers used legitimate Windows tools and a renamed backup utility to quietly stage and exfiltrate sensitive data before deploying INC ransomware. The incident highlights how threat actors increasingly rely on “living off the land” techniques to evade detection and operate within compromised environments. Investigators later determined that the threat actor…
-
New Critical MediaTek Vulnerability Exposes Android Phone PINs to Theft in 45 seconds
A newly discovered hardware vulnerability in the MediaTek Dimensity 7300 chipset is putting millions of Android users at risk. By exploiting this flaw, physical attackers can bypass security layers to steal device PINs, decrypt storage, and extract cryptocurrency seed phrases in just 45 seconds. The vulnerability affects roughly 25% of the global Android market, causing…
-
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
Tags: access, attack, authentication, best-practice, ceo, computer, credentials, cyber, cyberattack, data, flaw, group, hacker, identity, infrastructure, intelligence, iran, jobs, mobile, phone, service, software, supply-chain, theft, threat, updateHandala claims credit: The Handala threat group quickly claimed responsibility for the attack. While the group’s involvement is just a claim for now, Stryker employees reportedly saw a version of the Handala logo a cartoon of a Palestinian boy with his back turned and hands crossed behind him on affected devices.Handala’s identity is hard to…
-
Cryptohack Roundup: Suspect Arrested in a $46M Theft Case
Also: Detainment in GainBitcoin Case, Solv Protocol and Gondi Hacks. This week, an arrest in a $46M U.S. Marshals theft, a detainment in the GainBitcoin case, exploits at Solv Protocol and Gondi, an Alibaba AI agent’s mining attempt, the SEC dropping claims against Justin Sun, Treasury weighing in on mixers, Bithumb facing suspension and a…
-
Telus Digital confirms breach after hacker claims 1 petabyte data theft
Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/telus-digital-confirms-breach-after-hacker-claims-1-petabyte-data-theft/
-
Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/apple/apple-patches-older-iphones-and-ipads-against-coruna-exploits/
-
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
Palo Alto Networks has issued a security advisory regarding a newly discovered vulnerability in its Cortex XDR Broker Virtual Machine (VM). Tracked as CVE-2026-0231, this medium-severity flaw could allow a threat actor to access and modify sensitive system information. Because the Broker VM acts as a critical bridge between on-premises network assets and the cloud-based…
-
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
Palo Alto Networks has issued a security advisory regarding a newly discovered vulnerability in its Cortex XDR Broker Virtual Machine (VM). Tracked as CVE-2026-0231, this medium-severity flaw could allow a threat actor to access and modify sensitive system information. Because the Broker VM acts as a critical bridge between on-premises network assets and the cloud-based…
-
Devs looking for OpenClaw get served a GhostClaw RAT
From password theft to persistence: The second stage malware, internally referred to as “GhostLoader,” is a large JavaScript bundle implementing both an infostealer and a remote access framework. Once launched, GhostLoader installs itself into a hidden directory disguised as an npm telemetry service and sets up persistence mechanisms which include shell configuration hooks that automatically…
-
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft
Tags: access, android, control, credentials, cyber, cybercrime, data, LLM, malware, phishing, ransomware, theftA new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware”‘as”‘a”‘service (MaaS) ecosystem. The malware, marketed under the SURXRAT V5 branding, enables cybercriminals to create customized Android malware builds capable of surveillance, credential theft, remote device control, and ransomware-style device locking. The malware appears…
-
ShinyHunters claims ongoing Salesforce Aura data theft attacks
Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/
-
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data.The extensions in question, both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon), are listed below -QuickLens – Search Screen with First…
-
FBI Arrests Suspect in $46M U.S. Marshals Crypto Theft
The FBI arrested a suspect accused of stealing $46 million in cryptocurrency from U.S. Marshals Service holdings. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fbi-arrests-suspect-in-46m-u-s-marshals-crypto-theft/
-
CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-apple-flaws-exploited-in-spyware-crypto-theft-attacks/