Collecting Cyber-News from over 60 sources

Tag: theft

Copilot ‘SearchLeak’ Attack Allows 1-Click Data Theft

Jun 16, 2026 12:01 AM

Tags: ai, attack, data, group, injection, theft

The critical, three-stage attack is now patched, but it’s part of a new group of AI prompt-injection issues that use hidden URLs and other variables. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/copilot-searchleak-attack-1-click-data-theft
Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn’t

Jun 15, 2026 4:01 PM

Tags: access, breach, cyberattack, cybersecurity, data, theft, threat, unauthorized

Novo Nordisk suffered a cyberattack where clinical trial data was copied. The breach is confirmed, but no threat actor has claimed responsibility. The Danish pharmaceutical giant Novo Nordisk disclosed a cybersecurity breach that resulted in unauthorized access to internal IT systems and the theft of personal data. The company sells some of the most in-demand…
New attack turned Microsoft 365 Copilot into 1-click data theft tool

Jun 15, 2026 4:01 PM

Tags: attack, data, microsoft, theft, tool, vulnerability

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target’s mailbox, OneDrive, or SharePoint account through a specially crafted URL. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/
Payroll Pirate Campaign Uses AiTM Session Hijacking to Bypass MFA and Redirect Salaries

Jun 15, 2026 4:01 PM

Tags: authentication, credentials, cyber, mfa, phishing, theft

A financially motivated campaign dubbed >>Payroll Pirate<< has emerged using advanced phishing and adversary-in-the-middle (AiTM) session hijacking to bypass multifactor authentication (MFA) and reroute payroll disbursements. This operation targets payroll and HR portals at mid-market and enterprise organizations, chaining credential theft, real-time session interception, and subtle profile changes to siphon funds without triggering conventional alarms.…
Infinite Campus data breach affects 137,000 school staff accounts

Jun 15, 2026 3:01 PM

Tags: attack, breach, data, data-breach, extortion, theft

The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data

Jun 15, 2026 12:01 PM

Tags: breach, cyber, cybersecurity, data, intelligence, monitoring, theft, threat

Threat intelligence sources have flagged a potential cybersecurity incident involving Nintendo after threat actor “SHADOWBYT3$” allegedly claimed responsibility for breaching internal systems and exfiltrating sensitive data. The claim surfaced on June 13, 2026, via underground monitoring channels and was later amplified by threat intelligence platform Hackmanac. At the time of writing, the incident remains unverified,…
APT37 Hackers Use NarwhalRAT Malware With MS-Themed Phishing and Dead-Drop C2

Jun 15, 2026 9:01 AM

Tags: backdoor, cyber, data, hacker, malicious, malware, microsoft, phishing, powershell, social-engineering, spear-phishing, theft

APT37 is using NarwhalRAT in a tightly engineered intrusion chain that starts with Microsoft-themed spear-phishing, pivots through malicious LNK files and PowerShell, and ends with a Python-based backdoor with dead-drop C2 via pCloud. The campaign is notable for its layered tradecraft: social engineering, LOLBin abuse, scheduled-task persistence, in-memory execution, and selective data theft are all…
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators

Jun 12, 2026 2:02 PM

Tags: blockchain, crypto, cyber, hacker, malicious, malware, open-source, theft

Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path for wallet theft, secret harvesting, and staged malware delivery. The campaign is especially dangerous because it blends familiar Ethereum and blockchain branding with postinstall and preinstall abuse, allowing malicious code to execute…
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

Jun 11, 2026 11:02 PM

Tags: attack, data, exploit, flaw, oracle, remote-code-execution, theft, vulnerability, zero-day

Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/
University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft

Jun 11, 2026 5:02 PM

Tags: china, cyber, data, group, incident, theft

According to the university’s statement, it is still working to understand what data has been accessed and said it had already directly contacted affected students and alumni, potentially including those in its foreign campuses in Malaysia and China as well as in Nottingham. First seen on therecord.media Jump to article: therecord.media/university-of-nottingham-cyber-incident-shiny-hunters
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft

Jun 11, 2026 5:02 PM

Tags: access, cybercrime, data, malware, service, theft

OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold as a subscription service: $250 per month for the standard build, $500 for the premium tier that includes HVNC, and $6,000 for an…
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems

Jun 11, 2026 1:02 PM

Tags: access, backdoor, cloud, cyber, data, encryption, framework, theft, windows

A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in mid-to-late March 2026 and suspected to target Israeli entities, BLUERABBIT implements a full-spectrum intrusion framework: remote access, system profiling, exfiltration to attacker-controlled cloud storage, file encryption that appends a .candy…
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims

Jun 11, 2026 1:02 PM

Tags: attack, breach, data, data-breach, extortion, ransomware, theft

Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/extortion-only-attacks-surge/
ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks

Jun 11, 2026 6:01 AM

Tags: attack, data, oracle, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/shinyhunters-gang-targets-oracle-peoplesoft-servers-in-data-theft-attacks
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Jun 9, 2026 6:42 PM

Tags: cve, cyberespionage, data, flaw, government, military, russia, theft, ukraine

Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/russian-groups-winrar-flaw-ukrainian-orgs
Identity Scams Evolve Into Multi-Stage Attacks

Jun 9, 2026 3:42 PM

Tags: ai, attack, fraud, identity, phishing, scam, theft

Victims Increasingly Face Multiple Compromises From a Single Incident. Identity theft scams are increasingly unfolding as coordinated, AI-assisted attack chains that begin with phishing or impersonation escalate into account takeovers, device compromise and broader fraud, according to the Identity Theft Resource Center. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/identity-scams-evolve-into-multi-stage-attacks-a-31918
NFCShare Android Malware Spreads via Weaponized Banking Apps

Jun 9, 2026 9:42 AM

Tags: android, banking, cyber, data, malicious, malware, nfc, phishing, theft

A renewed and operationally refined wave of the NFCShare Android banking trojan that delivers NFC card-data theft by masquerading as legitimate banking applications. First documented in January 2026, NFCShare continues to rely on a social”‘engineering phishing flow that coerces victims into sideloading malicious APKs; since 14 May 2026 the campaign has pivoted to Italian and…
Weedhack MaaS Targets Minecraft Players to Steal Credentials and Hijack Accounts

Jun 9, 2026 9:42 AM

Tags: access, credentials, crypto, cyber, malware, service, tactics, theft

Weedhack, a Malware-as-a-Service (MaaS) operation specifically engineered to prey on Minecraft players, that has been active since at least January 2026. The service packages credential theft, cryptocurrency wallet extraction, account hijacking and full remote-access capabilities into a low-cost, subscription-based offering marketed through SEO poisoning,YouTube promotion and counterfeit Minecraft mod websites. By combining polished distribution tactics…
Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites

Jun 8, 2026 4:42 PM

Tags: botnet, cybersecurity, data, group, law, leak, ransom, theft

Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing. First seen on hackread.com Jump to article: hackread.com/silent-ransom-group-fast-flux-botnet-leak-sites/
OpenAI Unveils ChatGPT Account Security Controls

Jun 8, 2026 4:42 PM

Tags: chatgpt, control, data, injection, openai, theft

OpenAI brings Lockdown Mode and Active Sessions to ChatGPT to curb prompt injection data theft First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chatgpt-lockdown-mode-active/
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload

Jun 8, 2026 3:44 PM

Tags: ai, credentials, email, login, malware, phishing, soc, theft

Phishing has always been a numbers game. AI has turned it into a volume machine.Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance.As the queue…
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens

Jun 8, 2026 12:42 PM

Tags: credentials, crypto, cyber, rat, theft

A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is not a simple packed executable but a Lucid-branded information stealer and RAT wrapped inside a legitimate Node.js Single Executable Application (SEA). Static analysis recovered an embedded JavaScript loader and decrypted core…
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

Jun 8, 2026 11:42 AM

Tags: cybersecurity, data, extortion, finance, google, group, intelligence, mandiant, service, theft, threat

Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026.The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also…
OpenAI is locking down parts of ChatGPT to reduce data theft risks

Jun 8, 2026 10:42 AM

Tags: access, chatgpt, data, openai, risk, theft

OpenAI has started rolling out Lockdown Mode for ChatGPT, an optional security setting that restricts access to external resources and several product capabilities. It is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/openai-lockdown-mode-available/
Silent Ransom Group targets law firms with fake IT support calls

Jun 7, 2026 4:42 PM

Tags: attack, cybersecurity, data, extortion, group, law, ransom, service, social-engineering, theft

The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/silent-ransom-group-targets-law-firms-with-fake-it-support-calls/
Magecart campaign exploits Stripe API for credit card theft

Jun 6, 2026 5:42 AM

Tags: api, credit-card, exploit, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/magecart-campaign-exploits-stripe-api-for-credit-card-theft
What 2026 DBIR Confirms: Attacks Are Living in the Browser

Jun 5, 2026 4:43 PM

Tags: ai, attack, credentials, malicious, phishing, theft

Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/
Thieves can pull off keyless car theft in under a minute and here’s how to stop them

Jun 5, 2026 8:42 AM

Tags: breach, theft

A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough. No broken … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/05/keyless-car-theft-protection/
Credit card theft campaign abuses Stripe to host stolen payment info

Jun 4, 2026 11:44 PM

Tags: api, breach, credit-card, data, infrastructure, theft

A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/credit-card-theft-campaign-abuses-stripe-to-host-stolen-payment-info/
iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil

Jun 4, 2026 7:43 PM

Tags: breach, data, data-breach, hacker, theft

iFood confirms a data breach affecting 1.2 million customers in Brazil, while hackers on BreachForums claim the actual theft is much larger. First seen on hackread.com Jump to article: hackread.com/ifood-confirms-data-breach-brazil-users/