Tag: theft
-
Patched OpenClaw Flaw Let Hackers Hijack AI Agents
Chainable Bugs Enable Credential Theft, Persistence, Takeover. Four chainable flaws in OpenClaw allowed attackers to move from an initial foothold to persistent system-level compromise by abusing the AI agent’s own privileges. The bugs enabled credential theft, privilege escalation and backdoor deployment, affecting all versions released before April 23. First seen on govinfosecurity.com Jump to article:…
-
Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft
Grafana refused an extortion demand after attackers used a stolen GitHub token to download code, with no customer data exposed so far. The post Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-grafana-github-token-codebase-breach/
-
Internet Explorer may be dead, but its ghost still runs malware
A legacy Windows tool that refuses to die: Bitdefender’s findings suggest MSHTA remains attractive because it checks several boxes attackers like. These include it being Microsoft-signed, preinstalled on Windows, capable of in-memory execution, and still implicitly trusted in many environments.Other sophisticated campaigns picked it up too. Bitdefender detailed PurpleFox using MSHTA to launch ‘msiexec’ commands…
-
VoidStealer Malware Targets Chrome Data Despite Built-In Browser Protections
A newly discovered infostealer called VoidStealer is raising concerns after researchers revealed it can bypass Google Chrome’s App-Bound Encryption (ABE), a security feature designed to protect sensitive browser data. The malware introduces a novel technique that allows attackers to extract encryption keys directly from memory, enabling session hijacking and credential theft even on updated systems. VoidStealer Malware…
-
macOS Malware Abuses Fake Google Update for Persistence
A newly observed variant of the SHub macOS infostealer, dubbed “Reaper,” is expanding its capabilities with stealthier delivery, enhanced data theft, and a persistence mechanism disguised as a legitimate Google software update. The Reaper variant continues SHub’s use of fake application installers, notably masquerading as WeChat and Miro downloads. However, its infection chain stands out…
-
Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365
Tags: attack, breach, cloud, cyberattack, data, identity, infrastructure, intelligence, microsoft, service, theft, threatMicrosoft Threat Intelligence has disclosed details of a cyberattack carried out by a threat actor tracked as Storm-2949, which escalated from a targeted identity compromise into a large-scale breach of cloud infrastructure and sensitive enterprise systems. The campaign focused heavily on data theft from Microsoft 365 services, Azure-hosted production environments, and cloud storage resources, demonstrating how compromised identities can…
-
Grafana confirms GitHub token breach cybercrime group claims the attack
Tags: attack, breach, cybercrime, data, data-breach, extortion, github, group, leak, security-incident, theftGrafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…
-
Grafana refuses to pay ransom after codebase theft
On Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack. First seen on therecord.media Jump to article: therecord.media/grafana-refuses-to-pay-ransom-codebase-theft
-
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. >>Over 600k Salesforce records containing PII and other internal corporate data have been compromised.<< The…
-
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. >>Over 600k Salesforce records containing PII and other internal corporate data have been compromised.<< The…
-
Crime increasingly a ‘serious barrier’ to UK growth, say business leaders
British Chambers of Commerce survey shows firms ‘are dealing with rising levels of theft, fraud and cyber-attacks’UK business leaders have warned that crime is becoming an increasingly “serious barrier” to growing Britain’s economy amid a rise in shoplifting, fraud and cyber-attacks against companies.The British Chambers of Commerce (BCC), which represents tens of thousands of businesses…
-
Grafana Says It Rejected Ransom Demand After Source Code Theft
Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected. First seen on hackread.com Jump to article: hackread.com/grafana-source-code-theft-rejected-ransom-demand/
-
Critical ‘Claw Chain’ Vulnerabilities Put Thousands of OpenClaw AI Servers at Risk
Critical Claw Chain vulnerabilities in OpenClaw expose thousands of AI servers to data theft, backdoors, and admin-level attacks globally this week. . First seen on hackread.com Jump to article: hackread.com/claw-chain-vulnerabilities-openclaw-ai-servers-risk/
-
Avada Builder WordPress plugin flaws allow site credential theft
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/avada-builder-wordpress-plugin-flaws-allow-site-credential-theft/
-
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below –…
-
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/inside-the-remus-infostealer-session-theft-maas-and-rapid-evolution/
-
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gremlin-stealer-evolves-into/
-
Cryptohack Roundup: Banking Trojan Targets Crypto Firms
Also: Indictments in Theft Case, KelpDAO Restarts Operations. This week, banking Trojan TCLBanker targeted crypto platforms, three people indicted in a violent digital assets-related robbery, Kelp DAO restarted services after the $292 million hack and the U.S. Department of the Treasury tightened oversight of Binance. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-banking-trojan-targets-crypto-firms-a-31683
-
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cyber-enabled-cargo-crime-how-cybercrime-tradecraft-is-used-to-steal-freight/
-
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
Tags: attack, authentication, business, cloud, communications, control, credentials, defense, detection, email, framework, government, infrastructure, login, malicious, malware, mfa, microsoft, phishing, service, theftThe campaign dynamically adapts to victims: After deobfuscation, the phishing payload loads infrastructure designed to impersonate Microsoft 365 and other login portals while dynamically adapting to targeted users.According to the report, the malware can determine which authentication provider should be impersonated, preload victim email addresses into phishing pages, and customize branding elements such as company…
-
Foxconn Confirms Cyberattack as Nitrogen Ransomware Claims 8TB Data Theft
Foxconn, one of the world’s largest electronics manufacturers and a major supplier to Apple, has confirmed that a recent Foxconn cyberattack disrupted operations at several of its North American facilities. According to online reports, a ransomware group known as Nitrogen claimed responsibility for the incident and alleged that it stole massive amounts of company data.…
-
Nitrogen Ransomware claims massive data theft from Foxconn
Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by threat actors after the Nitrogen ransomware group listed it on its Tor…
-
Android 17 to expand banking scam call and privacy protections
Android 17, expected to roll out next month, will introduce several security and privacy features focused on device theft, threat detection, and banking scam calls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-17-to-expand-banking-scam-call-and-privacy-protections/
-
Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks
A critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by simply visiting a malicious website. Security researcher Sagilayani disclosed CVE-2026-44211 on GitHub four days ago, revealing that the kanban npm package bundled with the Cline CLI starts a WebSocket server on 127.0.0.1:3484 with zero Origin…
-
Claude Code MCP Attack Enables Persistent Token Theft
Researchers demonstrated a Claude Code attack that steals OAuth tokens through malicious MCP integrations and npm hooks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/claude-code-mcp-attack-enables-persistent-token-theft/
-
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Tags: cloud, container, credentials, cve, cybersecurity, data, data-breach, exploit, finance, framework, infrastructure, service, theft, wormCybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments.”The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting First seen on thehackernews.com Jump to article:…
-
Cryptohack Roundup: Bitcoin Core Reveals High-Severity Flaw
Also: TrustedVolumes, Wasabi Protocol and Ekubo Hacks. This week, Bitcoin Core revealed a memory safety flaw, hackers exploited TrustedVolumes, Wasabi Protocol and Ekubo, Bithumb suspension paused, sentencing in U.S. theft case, prosecutors seek 20-year sentence for Delio CEO and North Korea denied that it’s a thief. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-bitcoin-core-reveals-high-severity-flaw-a-31625
-
$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets
20-year-old California resident Marlon Ferro, known online as “GothFerrari,” was sentenced to 78 months in prison for his role in a cryptocurrency theft operation tied to more … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/07/crypto-theft-home-burglary-scheme/
-
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDraft and CloudSorcerer with aggressive network reconnaissance and credential theft. Researchers assess with high confidence…
-
Iranian cyber espionage disguised as a Chaos Ransomware attack
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…