Tag: theft
-
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
Ransomware operators are increasingly abusing Microsoft’s trusted Azure data transfer utility, AzCopy, to quietly exfiltrate sensitive data before encryption, turning a routine cloud migration tool into a stealthy theft channel. Instead of relying on obviously malicious tools like Rclone or MegaSync, threat actors are pivoting to native, administrator-approved cloud utilities to blend into normal IT…
-
AI Emerges as the New Insider Threat: Thales Releases the 2026 Data Threat Report
Tags: access, ai, api, attack, business, cloud, compliance, container, control, credentials, cyber, data, deep-fake, encryption, governance, identity, infrastructure, risk, saas, skills, software, strategy, theft, threat, toolAI Emerges as the New Insider Threat: Thales Releases the 2026 Data Threat Report madhav Tue, 03/03/2026 – 15:00 Over the past year, I’ve watched AI move to operational reality across nearly every industry we work with. The conversation is no longer about whether AI will transform business. It already has. Cybersecurity Todd Moore –…
-
South Korean Tax Agency Leak Leads to $4.8M Crypto Theft
A South Korean tax agency press release exposed a seized wallet’s seed phrase, enabling a $4.8 million cryptocurrency theft. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/south-korean-tax-agency-leak-leads-to-4-8m-crypto-theft/
-
ClawJacked flaw exposed OpenClaw users to data theft
“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released…
-
ClawJacked flaw exposed OpenClaw users to data theft
“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released…
-
Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool
Credential and cryptocurrency theft, live surveillance, ransomware – an attacker’s Swiss Army knife First seen on theregister.com Jump to article: www.theregister.com/2026/02/27/double_extortion_whammy_steaelite_rat/
-
Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses
A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars. First seen on wired.com Jump to article: www.wired.com/story/data-broker-breaches-fueled-dollar209-billion-in-identity-theft-losses/
-
Ransomware groups switch to stealthy attacks and long-term access
Tags: access, application-security, attack, ciso, control, crime, cyber, cybercrime, cybersecurity, data, detection, encryption, endpoint, exploit, extortion, group, identity, intelligence, monitoring, organized, ransomware, service, software, strategy, supply-chain, switch, theft, threat, tool, vulnerability38% drop in encryption over the past 12 months as more cybercriminals turn to silently exfiltrating data for extortion as their main stock in trade.Picus’ suggestion that the volume of ransomware attacks is dropping is disputed by other experts.Tony Anscombe, chief security evangelist at endpoint security vendor Eset, offered a contrasting perspective.”In the recent Eset…
-
Microsoft Defender Discovers Trojanized Gaming Utility Campaign Stealing Data with RATs
Microsoft Defender researchers have uncovered a new campaign that abuses trojanized gaming utilities to deliver multi”‘stage malware with remote access, data theft, and payload delivery capabilities. Attackers are masquerading as popular tools such as Xeno.exe and RobloxPlayerBeta.exe, tricking gamers into launching the malicious chain via downloads shared through web browsers and chat platforms. Once a…
-
Your Drug Formulas, Clinical Trials, and Manufacturing Lines Are Under Attack. Here’s How to Fight Back.
Detect pharmaceutical IP theft, ransomware campaigns, and supply chain breaches in real time with Morpheus AI SOC. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/your-drug-formulas-clinical-trials-and-manufacturing-lines-are-under-attack-heres-how-to-fight-back/
-
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries
Tags: access, api, apt, china, cloud, communications, cyber, cyberespionage, data, defense, endpoint, espionage, google, government, group, hacker, infrastructure, intelligence, linux, mandiant, monitoring, network, phone, radius, service, spy, theft, threat, vpnHow Mandiant found it: The campaign came to light during a Mandiant Threat Defense investigation, when analysts flagged unusual activity on a CentOS server. A binary named xapt, designed to masquerade as the apt package manager on Debian-based Linux systems, had already escalated to root and was running shell commands to confirm its access level,…
-
US artificial intelligence developers accuse Chinese firms of stealing their data
Artificial intelligence developers are accusing Chinese firms of stealing their intellectual property following a spate of ‘distillation attacks’, despite their own alleged theft of training data First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639367/US-artificial-intelligence-developers-accuse-Chinese-firms-of-stealing-their-data
-
Hydra Saiga Espionage Campaign Targets Critical Utilities Using Telegram C2 for Data Theft
Hydra Saiga is running a long-running espionage campaign that abuses Telegram as command-and-control (C2) to infiltrate critical utilities in Central Asia and exfiltrate sensitive data from government and infrastructure networks. The first known Hydra Saiga activity dates to December 2024, when an executable named “Letter from the Permanent Representative of Turkmenistan to the UN addressed…
-
DarkCloud Infostealer Escalates as Major Enterprise Threat with Scalable Credential Theft
Infostealers continue to dominate the initial access landscape in 2026, driving breaches through scalable credential theft. Among these, DarkCloud has emerged as a major threat, illustrating how low-cost, commercialized malware is reshaping enterprise compromise dynamics worldwide. Despite being promoted as “surveillance software,” its real function is unmistakable highvolume credential harvesting across browsers, email clients, file transfer tools, and…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Untrusted repositories turn Claude code into an attack vector
Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthropic’s Claude Code AI coding assistant that could lead to remote code execution and API key theft. The vulnerabilities abuse features such as Hooks, MCP servers, and…
-
Medical Device Maker Reports Data Theft Hack to SEC
Attack Spotlights Threats, Risks Facing Healthcare Supply Chain. UFP Technologies, a Massachusetts-based maker of single-use medical devices and other healthcare supplies, has notified the U.S. Securities and Exchange Commission of a cyber incident discovered on Valentine’s Day that involved the theft or destruction of company data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/medical-device-maker-reports-data-theft-hack-to-sec-a-30847
-
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Tags: ai, api, cybersecurity, exploit, flaw, intelligence, remote-code-execution, theft, vulnerabilityCybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials.”The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables executing First seen on thehackernews.com Jump to article: thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
-
Chinese prosecutors raise alarm about growth of domestic IP theft
China’s top prosecutorial agency said authorities have handled hundreds of domestic cases involving commercial espionage and technology leaks since 2021. First seen on therecord.media Jump to article: therecord.media/china-domestic-ip-theft-crackdown
-
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars.Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025.…
-
Crypto platform Step Finance shutting down after $40 million theft
The decentralized finance platform Step Finance said the theft of $40 million from its treasury in late January led the company to decide to wind down operations. First seen on therecord.media Jump to article: therecord.media/step-finance-cryptocurrency-theft-shutdown
-
New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices
Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service. First seen on hackread.com Jump to article: hackread.com/zerodayrat-malware-monitoring-android-ios-devices/
-
ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft
ZeroDayRAT targets Android and iOS devices, combining real-time surveillance with direct financial theft within a single browser panel. The Malware-as-a-Service (MaaS) ecosystem is entering a new phase, blending mobile surveillance and financial crime into one seamless platform. Active promotions for this RAT (Remote Access Trojan) began on Telegram channels on February 2, 2026, highlighting its dual purpose: real-time spying and direct financial…
-
Anthropic Facing Allegations from Musk Over Large”‘Scale Data Misuse
Tech billionaire Elon Musk has publicly condemned the artificial intelligence firm Anthropic, accusing the company of massive data theft and hypocrisy. This confrontation follows Anthropic’s recent claims that competing Chinese artificial intelligence models unlawfully extracted training data from its flagship Claude model. The Distillation Controversy Earlier this week, Anthropic published a report accusing Chinese AI…
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
The stealer employs a broad data-theft toolkit: The researchers noted that the Python implementation acts as a wide-net data harvester. It collects system information, extracts browser-stored data, and pulls details from communication platforms, including Telegram and Discord. Additional modules target VPN configurations, retrieve selected files from the host, and can deliver other payloads, suggesting the…