Tag: theft
-
8 things CISOs can’t afford to get wrong in 2026
Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
-
Automated data poisoning proposed as a solution for AI theft threat
Tags: ai, breach, business, cyber, data, encryption, framework, intelligence, LLM, malicious, microsoft, resilience, risk, risk-management, technology, theft, threatKnowledge graphs 101: A bit of background about knowledge graphs: LLMs use a technique called Retrieval-Augmented Generation (RAG) to search for information based on a user query and provide the results as additional reference for the AI system’s answer generation. In 2024, Microsoft introduced GraphRAG to help LLMs answer queries needing information beyond the data on…
-
Bitfinex Hack Mastermind Behind $10 Billion Theft Gets Early Release
Ilya Lichtenstein, the man behind the massive 2016 Bitfinex Bitcoin theft, has been released early from prison. Read how the First Step Act and a trail of Walmart gift cards led to this major update in one of the world’s largest crypto thefts. First seen on hackread.com Jump to article: hackread.com/bitfinex-hack-mastermind-gets-early-release/
-
Cloud file-sharing sites targeted for corporate data theft attacks
A threat actor known as Zestix has been offering to corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloud-file-sharing-sites-targeted-for-corporate-data-theft-attacks/
-
Covenant Health Notifying 480K Patients of 2025 Data Theft
Ransomware Gang Qilin Had Claimed It Stole 852 GB of Health System’s Data. Nearly half a million patients of a Catholic healthcare network that serves New England and parts of Pennsylvania began the new year by receiving notifications that hackers may have stolen their health information in a May 2025 hacking incident. First seen on…
-
US broadband provider Brightspeed investigates breach claims
Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-broadband-provider-brightspeed-investigates-breach-claims/
-
Windows Users at Risk as Critical Zoom Vulnerability Exploited
A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately. The post Windows Users at Risk as Critical Zoom Vulnerability Exploited appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-flaw-windows-users-at-risk/
-
Aflac Notifies 22.7 Million People of June Data Theft Attack
Insurer’s Hack Could Rank as Largest US Health Data Breach Reported in 2025. Supplemental health insurer Aflac is notifying 22.65 million people whose sensitive health and personal information, including Social Security numbers, was potentially compromised in a June data theft incident. The incident will likely rank as the biggest U.S. health data breach reported in…
-
Aflac Notifies 22.6 Million People of June Data Theft Attack
Insurer’s Hack Could Rank as Largest US Health Data Breach Reported in 2025. Supplemental health insurer Aflac is notifying 22.65 million people whose sensitive health and personal information, including Social Security numbers, was potentially compromised in a June data theft incident. The incident will likely rank as the biggest U.S. health data breach reported in…
-
Cryptocurrency theft attacks traced to 2022 LastPass breach
Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cryptocurrency-theft-attacks-traced-to-2022-lastpass-breach/
-
Hacker Claims 200GB Data Theft From European Space Agency, Here’s What We Know
The European Space Agency confirmed a cyber incident after a hacker claimed to access and steal data from external collaboration servers. The post Hacker Claims 200GB Data Theft From European Space Agency, Here’s What We Know appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hacker-claims-200gb-data-theft-european-space-agency/
-
Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an “industry-wide” Sha1-Hulud attack in November. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trust-wallet-links-85-million-crypto-theft-to-shai-hulud-npm-attack/
-
Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen
Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-chain attack to its Chrome extension hack, which resulted in the theft of about $8.5 million in crypto assets. The investigation reveals that the attacker independently developed…
-
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets.”Our Developer GitHub secrets were exposed in the attack, which gave the attacker access…
-
Top 5 real-world AI security threats revealed in 2025
Tags: access, ai, api, attack, breach, chatgpt, cloud, control, credentials, cybercrime, data, data-breach, defense, email, exploit, flaw, framework, github, gitlab, google, injection, least-privilege, LLM, malicious, malware, microsoft, nvidia, open-source, openai, rce, remote-code-execution, risk, service, software, supply-chain, theft, threat, tool, vulnerabilityA critical remote code execution (RCE) in open-source AI agent framework Langflow that was also exploited in the wildAn RCE flaw in OpenAI’s Codex CLIVulnerabilities in NVIDIA Triton Inference ServerRCE vulnerabilities in major AI inference server frameworks, including those from Meta, Nvidia, Microsoft, and open-source projects such as vLLM and SGLangVulnerabilities in open-source compute framework…
-
Stolen LastPass backups enable crypto theft through 2025
Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault backups stolen in the 2022 LastPass breach are still being cracked using weak master passwords, enabling crypto theft as late as 2025. In 2022,…
-
Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new… First seen on hackread.com Jump to article: hackread.com/everest-ransomware-group-chrysler-data-breach/
-
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
Tags: backup, blockchain, breach, crypto, cybercrime, data, data-breach, intelligence, password, russia, theftThe encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs.The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors…
-
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
Tags: backup, blockchain, breach, crypto, cybercrime, data, data-breach, intelligence, password, russia, theftThe encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs.The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors…
-
US shuts down phisherfolk’s $14.6M password-hoarding platform
Crooks used platform to scoop up and store banking credentials for big-money thefts First seen on theregister.com Jump to article: www.theregister.com/2025/12/24/us_shutters_phishermens_146m_passwordhording/
-
59,000 Servers Breached: Operation PCPcat Targets React and Next.js at Internet Scale
A large-scale cyber espionage operation known as Operation PCPcat has shaken the modern web infrastructure, compromising more than 59,000 servers in just 48 hours. The campaign targets systems built on React frameworks, including widely deployed Next.js and React Servers, and has already resulted in the theft of hundreds of thousands of credentials. First seen on thecyberexpress.com Jump to…
-
Webrat turns GitHub PoCs into a malware trap
The malicious payload and behavior: Beneath the polished README, the attackers dumped a password-protected ZIP linked in the repository. The archive password was hidden in file names, something easily missable by unsuspecting eyes. Inside, the key components include a decoy DLL, a batch file to launch the malware, and the primary executable (like rasmanesc.exe) capable…
-
Interpol sweep takes down cybercrooks in 19 countries
Tags: access, antivirus, attack, botnet, business, china, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, encryption, finance, fraud, group, incident response, infrastructure, intelligence, international, interpol, law, malicious, malware, microsoft, ransomware, russia, scam, service, theft, threatA ‘very good thing’: The fact that the same operation broke ransomware operations and a business email compromise (BEC) operation is “unique,” said DiMaggio, because most people think of Africa as the source of BEC and fraud scams.The fact that authorities are working to disrupt ransomware operations in Africa before they grow to the size…
-
Hackers stole over $2.7B in crypto in 2025, data shows
2025 was another banner year for crypto hacks and heists, the third year in a row that a new crypto theft record was set. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/23/hackers-stole-over-2-7-billion-in-crypto-in-2025-data-shows/
-
University of Phoenix Data Breach: 3.5M Individuals Affected
Full Scope of Clop Ransomware Group’s Oracle E-Business Suite Hits Still Emerging. The University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group’s supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities. First…
-
University of Phoenix Data Breach: 3.5M Individuals Affected
Full Scope of Clop Ransomware Group’s Oracle E-Business Suite Hits Still Emerging. The University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group’s supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities. First…
-
University of Phoenix Data Breach: 3.5M Individuals Affected
Full Scope of Clop Ransomware Group’s Oracle E-Business Suite Hits Still Emerging. The University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group’s supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities. First…
-
âš¡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most, firewalls, browser add-ons, and even smart TVs, turning small cracks into serious breaches.The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and…
-
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan.”Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy First seen on…