Tag: theft
-
âš¡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most, firewalls, browser add-ons, and even smart TVs, turning small cracks into serious breaches.The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and…
-
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan.”Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy First seen on…
-
Session tokens give attackers a shortcut around MFA
In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/22/session-token-theft-video/
-
10 Major Cyberattacks And Data Breaches In 2025
Among the major cyberattacks and data breaches in 2025 were nation-state infiltration by China and North Korea, as well as massive data theft and ransomware attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/10-major-cyberattacks-and-data-breaches-in-2025
-
Hacks, thefts, and disruption: The worst data breaches of 2025
TechCrunch looks back at the biggest data breaches, disruptive cyberattacks, and damaging hacks of 2025, from the raiding of U.S. government databases to a hack every month in South Korea. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/19/hacks-thefts-and-disruption-the-worst-data-breaches-of-2025/
-
Hacks, thefts and disruption: The worst data breaches of 2025
TechCrunch looks back at the biggest data breaches, disruptive cyberattacks, and damaging hacks of 2025, from the raiding of U.S. government databases to a hack every month in South Korea. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/19/hacks-thefts-and-disruption-the-worst-data-breaches-of-2025/
-
The Com: the growing cybercrime network behind recent Pornhub hack
Criminal ecosystem is made up of mostly male native English language speakers aged from 16 to 25Ransomware hacks, data theft, crypto scams and sextortion cover a broad range of cybercrimes carried out by an equally varied list of assailants.But there is also an English-speaking criminal ecosystem carrying out these activities that defies conventional categorisation. Nonetheless,…
-
Ministers confirm breach at UK Foreign Office but details remain murky
Officials admit ‘there certainly has been a hack,’ but refuse to confirm China link or data theft First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/uk_foreign_office_hack/
-
Ministers confirm breach at UK Foreign Office but details remain murky
Officials admit ‘there certainly has been a hack,’ but refuse to confirm China link or data theft First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/uk_foreign_office_hack/
-
North Korean Hackers Set Record with $2 Billion Crypto Heist in 2025
North Korean cybercriminals shattered previous records in 2025, stealing at least $2.02 billion in cryptocurrency through a sophisticated campaign that represents the most successful year ever for state-sponsored digital theft despite fewer confirmed attacks. This unprecedented haul marks a 51% increase year-over-year. It brings the regime’s cumulative cryptocurrency theft to a staggering $6.75 billion, cementing…
-
MedStar Health Notifying Patients of Data Theft Breach
Ransomware Gang Rhysida Leaks 3.7TB of Data Stolen From Maryland Hospital System. Maryland-based MedStar Health, which operates 10 hospitals, is notifying patients about a data theft incident affecting their personal information. Ransomware group Rhysida claims on its darkweb leak site to have 3.7 terabytes of MedStar’s data, including over 7 million pieces of patient data.…
-
Clop ransomware targets Gladinet CentreStack in data theft attacks
The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/
-
RansomHouse RaaS Enhances Double Extortion with Data Theft and Encryption
RansomHouse, a ransomware-as-a-service (RaaS) operation managed by the threat group Jolly Scorpius, has significantly enhanced its encryption capabilities, marking a critical escalation in the threat landscape. Recent analysis of RansomHouse binaries reveals a sophisticated upgrade from basic linear encryption to a complex multi-layered encryption methodology, demonstrating how ransomware operators continue to evolve their technical sophistication…
-
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Tags: control, credentials, cyber, group, infrastructure, lazarus, network, north-korea, theft, threat, toolSecurity researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active command-and-control servers, credential-theft environments, tunneling nodes, and certificate-linked infrastructure that had remained hidden from public…
-
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Tags: control, credentials, cyber, group, infrastructure, lazarus, network, north-korea, theft, threat, toolSecurity researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active command-and-control servers, credential-theft environments, tunneling nodes, and certificate-linked infrastructure that had remained hidden from public…
-
Crypto Theft in 2025 Concentrated in Fewer, Larger Breaches
Chainalysis Data Shows Access-Driven Attacks Reshaping Risk. Hackers stole more than $3.4 billion in crypto this year. Losses were driven by a small number of high-impact breaches. Chainalysis data shows how North Korea actors, centralized platforms and expanding retail adoption reshaped where crypto risk accumulated. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/crypto-theft-in-2025-concentrated-in-fewer-larger-breaches-a-30331
-
Crypto theft in 2025: North Korean hackers continue to dominate
When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/crypto-theft-2025-north-korean-domination/
-
North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December.The figure represents a 51% increase year-over-year and $681 million…
-
FTC orders crypto platform Nomad to distribute $37.5 million after 2022 theft
Under a settlement with the FTC, the Nomad platform will have to redistribute stolen funds that white-hat hackers returned to the company after thieves aggressively exploited a vulnerability in 2022. First seen on therecord.media Jump to article: therecord.media/ftc-settlement-nomad-platform-return-customers-cryptocurrency
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Tags: credentials, cyber, exploit, hacker, infrastructure, intelligence, network, russia, theft, threat, vulnerabilityAmazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (20212025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Tags: credentials, cyber, exploit, hacker, infrastructure, intelligence, network, russia, theft, threat, vulnerabilityAmazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (20212025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the…
-
FortiGate firewall credentials being stolen after vulnerabilities discovered
Tags: access, advisory, ai, attack, authentication, best-practice, breach, ceo, cisa, credentials, cve, cyberattack, cybersecurity, data, data-breach, exploit, firewall, flaw, fortinet, hacker, infrastructure, Internet, kev, least-privilege, login, malicious, network, password, software, theft, threat, update, vulnerabilityCSO. “So far, the pattern of activity has appeared to be opportunistic in nature. While it is difficult to estimate the number of devices directly vulnerable to this vulnerability, there are hundreds of thousands of Fortinet appliances accessible on the public internet through specialized search engines. This allows threat actors to opportunistically attempt exploitation against…
-
Russian APT group pivots to network edge device misconfigurations
Tags: apt, attack, authentication, breach, cloud, credentials, detection, group, infrastructure, intelligence, mfa, mssp, network, russia, service, technology, theft, threatCredential harvesting: The researchers also observed credential replay attacks against victims’ other online services using stolen domain credentials following network edge device compromises. This indicates that the attackers are likely harvesting credentials by leveraging the traffic capturing and analysis capabilities of the compromised devices.”Time gap between device compromise and authentication attempts against victim services suggests…
-
Medical Group Will Pay $1.2M to Settle Data Theft Lawsuit
Cybercrime Gang Rhysida Still Lists the Practice on Its Leak Site Among Its Victims. A Kansas medical group will pay $1.2 million to settle proposed class action litigation involving an attack that compromised the sensitive data of nearly 256,000 individuals. The Rhysida ransomware operation claimed responsibility and said it stole 3 terabytes. First seen on…
-
Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft
Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal data belonging to current and former employees. This disclosure marks the luxury automaker’s first public admission regarding the full scope of the incident, following a month-long production shutdown that cost the company hundreds of millions…
-
Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft
Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal data belonging to current and former employees. This disclosure marks the luxury automaker’s first public admission regarding the full scope of the incident, following a month-long production shutdown that cost the company hundreds of millions…
-
Askul confirms theft of 740k customer records in ransomware attack
Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/askul-confirms-theft-of-740k-customer-records-in-ransomhouse-attack/