Collecting Cyber-News from over 60 sources

Tag: theft

New Atroposia malware comes with a local vulnerability scanner

Oct 28, 2025 2:26 PM

Tags: access, cybercrime, data, malware, service, theft, vulnerability

A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
New Atroposia malware comes with a local vulnerability scanner

Oct 28, 2025 2:26 PM

Tags: access, cybercrime, data, malware, service, theft, vulnerability

A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
Back-Office Servicer Reports Data Theft Affects 10.5M

Oct 27, 2025 10:26 PM

Tags: business, data, hacking, office, theft

Humana, BCBS Montana Are Among Clients of Conduent Hack. Conduent Business Solutions LLC has told state regulators that a hacking incident discovered in January has affected more than 10.5 million patients. Clients affected include Blue Cross Blue Shield of Montana and Humana, as well as an undisclosed number of other organizations. First seen on govinfosecurity.com…
DomeWatch Leak Exposed Personal Data of Capitol Hill Applicants

Oct 27, 2025 5:26 PM

Tags: data, data-breach, finance, identity, leak, theft

Unsecured House Democrats’ resume bank (DomeWatch) exposed 7,000 records, including PII and “top secret” clearance status, raising identity theft fears. First seen on hackread.com Jump to article: hackread.com/domewatch-leak-capitol-hill-applicants-data/
New HyperRat Android Malware Sold as Ready-Made Spy Tool

Oct 27, 2025 3:26 PM

Tags: android, control, data, malware, phishing, service, spy, theft, tool

Researchers have uncovered HyperRat, a new Android malware sold as a service, giving attackers remote control, data theft tools, and mass phishing features. First seen on hackread.com Jump to article: hackread.com/hyperrat-android-malware-sold-spy-tool/
Ransomware, extortion groups adapt as payment rates reach historic lows

Oct 27, 2025 2:26 PM

Tags: data, encryption, extortion, group, ransom, ransomware, theft

Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no encryption, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/27/ransomware-extortion-payment-q3-2025/
Ransomware, extortion groups adapt as payment rates reach historic lows

Oct 27, 2025 2:26 PM

Tags: data, encryption, extortion, group, ransom, ransomware, theft

Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no encryption, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/27/ransomware-extortion-payment-q3-2025/
Critical CoPhish Exploit Uses Copilot Studio to Hijack OAuth Tokens

Oct 27, 2025 9:26 AM

Tags: attack, cyber, exploit, malicious, microsoft, phishing, theft

Security researchers at Datadog have uncovered a sophisticated phishing technique that weaponizes Microsoft Copilot Studio to conduct OAuth token theft attacks. Dubbed >>CoPhish,
DDoS, data theft, and malware are storming the gaming industry

Oct 27, 2025 7:26 AM

Tags: data, ddos, malware, phone, theft

When the pandemic kept people at home in 2020, millions turned to games for an escape. The surge turned every console, PC, and phone into part of a vast online network. More … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/27/gaming-industry-cyber-threats-risks/
DDoS, data theft, and malware are storming the gaming industry

Oct 27, 2025 7:26 AM

Tags: data, ddos, malware, phone, theft

When the pandemic kept people at home in 2020, millions turned to games for an escape. The surge turned every console, PC, and phone into part of a vast online network. More … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/27/gaming-industry-cyber-threats-risks/
Uncovering Qilin attack methods exposed through multiple cases

Oct 27, 2025 5:28 AM

Tags: attack, cisco, credentials, data, data-breach, group, ransomware, theft, tool

Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/
MPs urge government to stop Britain’s phone theft wave through tech

Oct 25, 2025 11:26 AM

Tags: apple, breach, google, government, phone, theft

Committee says Apple, Google, and Samsung could render stolen handsets worthless if compelled to act First seen on theregister.com Jump to article: www.theregister.com/2025/10/25/uk_committee_phone_theft/
Everest Ransomware Claims ATT Careers Breach with 576K Records

Oct 24, 2025 8:26 PM

Tags: breach, group, password, ransomware, theft

Everest ransomware group claims a breach of ATT Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing. First seen on hackread.com Jump to article: hackread.com/everest-ransomware-att-careers-breach/
Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems

Oct 24, 2025 7:26 PM

Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, chatgpt, china, ciso, cloud, computing, container, control, credentials, crime, cve, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, extortion, finance, flaw, framework, fraud, google, governance, government, group, guide, hacker, hacking, healthcare, iam, identity, incident response, intelligence, LLM, malicious, malware, mitigation, monitoring, network, open-source, openai, organized, phishing, ransom, risk, risk-management, russia, sans, scam, service, skills, soc, strategy, supply-chain, technology, theft, threat, tool, training, vulnerability, zero-trust

As organizations eagerly adopt AI, cybersecurity teams are racing to protect these new systems. In this special edition of the Cybersecurity Snapshot, we round up some of the best recent guidance on how to fend off AI attacks, and on how to safeguard your AI systems. Key takeaways Developers are getting new playbooks from groups…
Lazarus group targets European drone makers in new espionage campaign

Oct 24, 2025 3:26 PM

Tags: attack, data, defense, detection, espionage, github, group, injection, intelligence, korea, lazarus, mitre, north-korea, software, supply-chain, theft

Drone-component theft meets geopolitical ambition: The targeting of firms linked to UAV design and manufacture is no coincidence. At least two of the companies compromised were tied to critical drone component supply chains and software systems.”The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat…
AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars

Oct 24, 2025 6:26 AM

Tags: ai, attack, credentials, cyber, malicious, password, theft

SquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces, which is used to trick users into executing dangerous commands that can lead to credential theft, device hijacking, and password exfiltration. The research demonstrates how attackers can…
Montana Officials Looking Into BCBS Breach Tied to Vendor

Oct 23, 2025 11:26 PM

Tags: breach, data, service, theft

Regulators Want to Know If Insurer Delayed Notifying 462,000 Affected Members. Montana regulators are investigating a breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the insurer’s service providers. The vendor, Conduent, in April notified the SEC that the data theft affected numerous clients and a significant number of people. First…
Microsoft disables File Explorer preview for downloads to block attacks

Oct 23, 2025 6:26 PM

Tags: attack, credentials, Internet, malicious, microsoft, theft, windows

Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/
Jingle Thief Hackers Exploit the Festive Season with Weaponized Gift Card Scams

Oct 23, 2025 2:26 PM

Tags: credentials, cyber, cybersecurity, exploit, finance, fraud, hacker, scam, service, theft, threat, vulnerability

Cybersecurity researchers have uncovered a sophisticated campaign targeting global retail and consumer services organizations through credential theft and gift card fraud. Dubbed >>Jingle Thief,
Jingle Thief Hackers Exploit the Festive Season with Weaponized Gift Card Scams

Oct 23, 2025 2:26 PM

Tags: credentials, cyber, cybersecurity, exploit, finance, fraud, hacker, scam, service, theft, threat, vulnerability

Cybersecurity researchers have uncovered a sophisticated campaign targeting global retail and consumer services organizations through credential theft and gift card fraud. Dubbed >>Jingle Thief,
Radiology Practice to Pay $3.4M-Plus to Settle Hack Lawsuit

Oct 22, 2025 11:26 PM

Tags: data, hacking, theft

2023 Data Theft Affected Nearly 887,000 Patients. A radiology practice that has been serving patients in North Carolina for about 70 years agreed to pay more than $3.4 million to settle proposed class action litigation filed in the wake of a 2023 hacking incident that compromised the sensitive information of nearly 887,000 individuals. First seen…
Rival Hackers Dox Alleged Operators of Lumma Stealer

Oct 22, 2025 6:26 PM

Tags: data, hacker, leak, malware, theft

Rival hackers expose the alleged operators behind Lumma Stealer, a major data-theft malware, causing leaks and internal chaos that have slowed its growth. First seen on hackread.com Jump to article: hackread.com/rival-hackers-dox-lumma-stealer-operators/
Phishing Scams Weaponize Common Apps to Fool Users

Oct 22, 2025 2:26 PM

Tags: ai, attack, defense, fraud, identity, phishing, scam, tactics, theft

From fake PDFs to AI voice scams, phishing attacks are evolving fast. Learn key tactics and defenses to protect against fraud, identity theft, and account loss. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/phishing-scams-weaponize-common-apps-to-fool-users/
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools

Oct 22, 2025 2:26 PM

Tags: access, attack, authentication, awareness, captcha, ceo, communications, control, credentials, cyber, cybersecurity, data, defense, detection, edr, email, endpoint, espionage, exploit, group, hacker, incident response, least-privilege, login, malicious, malware, mfa, monitoring, network, phishing, powershell, russia, strategy, tactics, theft, threat, tool, training, update, vulnerability, vulnerability-management, zero-trust

Evolving tactics and strategies: Analysts said ColdRiver, which for years focused on credential theft and email account compromise, is shifting toward multi-stage intrusions that rely on users to execute malicious code.By using ClickFix pages that mimic CAPTCHA verification screens, the group can bypass email security filters and deliver malware directly to victims’ devices, increasing the…
From Firewalls to Zero Trust: 10 Best Practices for Next-Gen Business Data Security

Oct 22, 2025 11:26 AM

Tags: 2fa, access, attack, authentication, automation, best-practice, breach, business, compliance, control, corporate, credentials, cyber, cyberattack, cybersecurity, data, detection, endpoint, firewall, flaw, insurance, ISO-27001, least-privilege, mfa, mobile, monitoring, network, privacy, ransomware, regulation, risk, sql, strategy, theft, threat, tool, unauthorized, zero-trust

In today’s ever-evolving digital landscape, businesses must establish robust data security strategies to safeguard sensitive information from modern threats. The reality of escalating cyberattacks, such as the rise in ransomware and data breaches, has spotlighted the need for comprehensive, layered data security measures. Here are ten strategic steps to reinforce data security effectively: TABLE OF…
Vidar Stealer 2.0 adds multi-threaded data theft, better evasion

Oct 22, 2025 1:26 AM

Tags: data, malware, service, theft

The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vidar-stealer-20-adds-multi-threaded-data-theft-better-evasion/
New Luma Infostealer Malware Steals Browser Data, Cryptocurrency, and Remote Access Accounts

Oct 21, 2025 3:26 PM

Tags: access, breach, credentials, crypto, cyber, data, identity, malware, network, ransomware, service, theft, threat

Luma Infostealer, a malware-as-a-service (MaaS) offering, has emerged as a potent threat targeting high-value credentials such as web browser cookies, cryptocurrency wallets, and VPN/RDP account information. Beyond isolated theft, threat actors are employing Luma in the initial infiltration stages of complex campaigns”, ransomware deployment, account hijacking, and internal network compromise. The stolen data fuels identity…
Ransomware Protection: Source Code Stolen, Patients Exposed, and Utilities Breached

Oct 21, 2025 12:40 AM

Tags: breach, data-breach, exploit, healthcare, ransomware, theft, zero-day

In the first half of October 2025, we’ve seen zero-day exploits, source code theft, healthcare breaches, and attackers probing water utilities like they own the place. It’s a loud warning for defenders. Attackers are slipping past perimeters and moving laterally inside systems most people overlook, like medical devices, Salesforce environments, and engineering consoles. In this……
Beyond Bot Management: Why Reverse Proxy Phishing Demands a New Defense Strategy

Oct 20, 2025 1:40 PM

Tags: credentials, defense, government, phishing, strategy, theft

The scale of credential theft through phishing has reached alarming proportions. Recent analysis of the LabHost phishing operation reveals that nearly 990,000 Canadians were directly victimized, with attackers primarily targeting private sector enterprises (76%) over government agencies (24%). The operation generated over 1.2 million total incidents across Canada, resulting in hundreds of millions of dollars……
Foreign hackers breached a US nuclear weapons plant via SharePoint flaws

Oct 20, 2025 9:40 AM

Tags: access, attack, authentication, breach, china, control, corporate, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, flaw, framework, government, group, hacker, identity, infrastructure, intelligence, Intruder, korea, microsoft, monitoring, network, ransomware, reverse-engineering, risk, russia, supply-chain, tactics, technology, theft, threat, vulnerability, zero-day, zero-trust

China or Russia? Conflicting attribution: Microsoft attributed the broader wave of SharePoint exploitations to three Chinese-linked groups: Linen Typhoon, Violet Typhoon, and a third actor it tracks as Storm-2603. The company said the attackers were preparing to deploy Warlock ransomware across affected systems.However, the source familiar with the Kansas City incident tells CSO that a…