Topic: credential theft
-
Old Windows Flaws Still Leak Your Passwords
Outdated Windows protocols like LLMNR and NBT-NS pose a security threat by allowing credential theft through inherent design flaws, not software vulnerabilities, as they automatically trust any responding device on the network. Attackers can use tools like Responder to intercept authentication da...
Read More » -
From Stolen Credentials to Fake Identities: How Infostealers Operate
Modern infostealer malware harvests vast, detailed data dumps that paint a comprehensive picture of a victim's digital life, creating persistent risks beyond simple credential theft. This stolen data effortlessly links personal and professional accounts to a real-world individual, eroding identit...
Read More » -
Account Compromises Soared 389% in 2025: Report
Account compromise incidents surged by 389% in 2025, with credential theft becoming the primary attack method, representing 75% of all malicious activity. The rise is driven by sophisticated Phishing-as-a-Service kits, which accounted for 63% of compromises and are designed to bypass defenses lik...
Read More » -
3 Browser Sandbox Threats That Evade Security Tools
Browsers are the primary target for cyberattacks but are often neglected in security frameworks, as they handle critical tasks yet prioritize performance over advanced threat protection. Key browser threats include credential theft, malicious extensions, and lateral movement, which exploit standa...
Read More » -
Barracuda Exposes Stealthy Microsoft 365 Phishing Kit
Whisper 2FA is a sophisticated phishing-as-a-service platform that has compromised nearly one million Microsoft 365 accounts by stealing login credentials and authentication tokens since July 2025. It employs a continuous credential theft loop that persistently prompts victims for multi-factor au...
Read More » -
New 'Starkiller' Phishing Kit Breaks MFA Protection
A new phishing platform called Starkiller bypasses multi-factor authentication by creating real-time, deceptive replicas of legitimate login pages, marking a significant escalation in cybercrime tools. Starkiller operates like a commercial SaaS product with a subscription model and customer suppo...
Read More » -
Beware: New Phishing Scam Steals Dropbox Passwords
A sophisticated phishing campaign targets corporate cloud storage credentials by using urgent, professional-looking emails that evade standard security protocols like SPF and DKIM. The attack employs a PDF attachment with a malicious link, hosted on legitimate cloud infrastructure to bypass autom...
Read More » -
Okta SSO accounts targeted in vishing data theft attacks
A new wave of sophisticated phishing attacks uses real-time voice calls and adversary-in-the-middle platforms to steal employee Okta credentials and bypass multi-factor authentication (MFA) by manipulating victims during live conversations. Attackers conduct detailed reconnaissance, spoof interna...
Read More » -
Malicious Chrome Extensions Steal HR Platform Credentials
Malicious Chrome extensions disguised as legitimate tools were discovered stealing login credentials and sabotaging security functions on major enterprise HR and ERP platforms. The extensions enabled persistent account access through continuous cookie theft and actively blocked critical security ...
Read More » -
Spot Browser-in-the-Browser Phishing Before It Spots You
A sophisticated phishing technique called Browser-in-the-Browser is resurging, embedding fake login windows within legitimate webpages to steal credentials by mimicking trusted services like Microsoft and Facebook. The attack uses deceptive pop-ups that appear as genuine browser prompts, ofte...
Read More » -
ownCloud Urges MFA Activation Following Credential Theft
ownCloud is urging all users to immediately enable multi-factor authentication (MFA) to block unauthorized access, even if login credentials are stolen. The company clarified its platform was not hacked; attackers instead used credentials stolen by malware from employee devices to access accounts...
Read More » -
SonicWall VPN Breach: Hackers Exploit Stolen Credentials
Attackers breached over 100 SonicWall SSLVPN accounts using stolen credentials, with malicious activity detected from October 4th to at least October 10th by Huntress. The intrusions utilized previously compromised valid credentials, not brute-force methods, and involved network reconnaissance an...
Read More » -
Microsoft Shuts Down RaccoonO365 Phishing-as-a-Service, Names Leader
Microsoft and Cloudflare dismantled the RaccoonO365 phishing-as-a-service operation, seizing 338 websites and crippling its infrastructure. The phishing kit bypassed multi-factor authentication to steal Microsoft 365 credentials and session cookies, enabling prolonged unauthorized account access....
Read More » -
One Stolen Password Can Breach Your Entire System
Identity has become the primary attack vector, with stolen credentials and phishing driving nearly 90% of breaches and enabling attackers to bypass multi-factor authentication. The explosion of cloud services and SaaS applications has created a vast, poorly managed attack surface, where 99% of cl...
Read More » -
Chrome And Safari Alert: This Sign Means You're Hacked
A new phishing technique exploits small mobile screens by using characters like "rn" to mimic "m" in URLs, tricking users into visiting fake sites that resemble legitimate ones like microsoft.com. The primary defense is behavioral: avoid logging in via emailed links and instead navigate directly ...
Read More » -
MFA Bypass Leads to Major Infostealer Attack on 50 Firms
A major data breach affecting around 50 global companies was enabled by the lack of multi-factor authentication (MFA), allowing an attacker to use stolen credentials for cloud file-sharing platforms. The attacker, using credentials harvested by infostealer malware, accessed accounts where passwor...
Read More » -
Quantum Phishing Kit Makes Cyber-Attacks Accessible to All
The Quantum Route Redirect phishing-as-a-service platform enables even unskilled cybercriminals to launch widespread credential theft campaigns across 90 countries, significantly increasing the global threat level. It evades detection by redirecting security scanners to legitimate websites while ...
Read More » -
Google Denies Widespread Gmail Data Breach Rumors
Google has officially denied a new Gmail data breach, clarifying that recent reports stem from misinterpreted collections of old stolen credentials and not a new security incident. The confusion arose when a large set of 183 million compromised credentials from various sources was added to a cybe...
Read More » -
Microsoft Warns of "Payroll Pirate" Scam Targeting Employee Paychecks
A phishing campaign called "Payroll Pirate" targets corporate HR accounts to redirect employee paychecks into criminal-controlled bank accounts by manipulating platforms like Workday. Attackers use adversary-in-the-middle techniques to intercept login credentials and multi-factor authentication c...
Read More » -
New MatrixPDF Toolkit Weaponizes PDFs for Phishing Attacks
MatrixPDF is a malicious toolkit that transforms harmless PDFs into phishing tools, redirecting users to credential harvesting pages or initiating malware downloads, and is marketed on underground forums and Telegram. The toolkit offers features like drag-and-drop importing, real-time previews, a...
Read More » -
Self-Replicating Worm Infects 180+ npm Packages in Automated Attack
A self-replicating worm named "Shai-hulud" is spreading through the npm ecosystem, infecting over 180 packages and stealing developer credentials to propagate further. The worm uses stolen authentication tokens to inject malicious code, exfiltrate sensitive data like GitHub and AWS keys, and make...
Read More » -
Microsoft, Cloudflare Shut Down Massive RaccoonO365 Phishing Operation
Microsoft and Cloudflare dismantled the RaccoonO365 phishing-as-a-service scheme, which harvested thousands of Microsoft 365 credentials through deceptive campaigns. The operation seized 338 websites and accounts, disrupting a group that compromised over 5,000 users across 94 countries and target...
Read More » -
Android Tablet Backdoor & Dell Zero-Day: Critical Week in Review
A critical firmware backdoor in Android tablets and a long-running espionage campaign exploiting a Dell zero-day highlight persistent supply chain security challenges and the stealthy nature of modern cyber adversaries. The role of the CISO is evolving to manage AI-augmented teams, while threats ...
Read More » -
AI Hacker Breached 600 Fortinet Firewalls in 5 Weeks
A Russian-speaking hacker exploited exposed management interfaces and weak credentials to breach over 600 Fortinet firewalls across 55 nations, using generative AI to automate network exploration and compromise. The attacker used AI-generated custom tools to decrypt stolen firewall configuration ...
Read More » -
Viral AI Assistant Sparks Data Security Concerns
The Moltbot AI assistant's deep system integration and popularity pose severe security risks, as its power can lead to leaks of sensitive corporate and personal data if deployments are not properly secured. Insecure enterprise deployments are common, often due to misconfigured proxies that expose...
Read More » -
Okta Users Targeted by Advanced Phishing & Vishing Kits
New phishing kits enable real-time credential interception and control of authentication flows, targeting users of major identity platforms like Google and Microsoft. These attacks combine voice phishing with dynamic, convincing fake login pages that bypass multi-factor authentication methods lik...
Read More » -
Malicious 'TradingView Premium' Ads Spread from Meta to Google
A malvertising campaign has expanded from Facebook to Google Ads, using fake offers of free TradingView Premium to distribute advanced information-stealing malware. The scam involves hijacking legitimate Google Ads accounts and verified YouTube channels, which are rebranded to impersonate Trading...
Read More » -
Akira Ransomware: 4 Hours from VPN Login to Total Encryption
Akira ransomware attacks can achieve full network encryption in as little as four hours after initial VPN access, leaving organizations with a very narrow window for detection and response. Attackers exploit stolen SonicWall VPN credentials and bypass multi-factor authentication to systematically...
Read More » -
Corporate Data Theft: Cloud File-Sharing Sites Under Attack
A cybercriminal group named Zestix is selling sensitive data stolen from dozens of organizations by exploiting compromised employee credentials on cloud file-sharing platforms. The breaches highlight systemic security failures, including a lack of multi-factor authentication and outdated password...
Read More » -
Microsoft's 2025 Cyberdefense Report: The New Rules of Engagement
AI is fundamentally reshaping cybersecurity by empowering attackers to refine methods, automate operations, and overwhelm traditional defenses, with nation-state actors increasingly leveraging AI for phishing, vulnerability identification, and malware modification. Identity has become the primary...
Read More » -
Hackers Hijack AWS Accounts with AiTM Phishing & Fake Domains
A sophisticated phishing campaign targets AWS users with spoofed security emails, directing them to fake login pages on deceptive domains to steal credentials. The attack uses an adversary-in-the-middle (AiTM) framework to intercept and relay login data in real-time, bypassing multi-factor authen...
Read More » -
New npm Malware Spreads Itself in Supply Chain Attack
A sophisticated malware campaign is targeting developers via 19 typosquatting npm packages, stealing credentials and exhibiting worm-like behavior to self-propagate across development environments. The malware operates in two stages, harvesting sensitive data like API keys and crypto wallets, and...
Read More » -
Bitpanda Customers Targeted by Sophisticated Phishing Scam
A sophisticated phishing campaign is impersonating cryptocurrency platform Bitpanda, using convincing fake emails and websites to steal login credentials and extensive personal data in a multi-step attack. The scam employs urgency tactics and a multi-step process that mimics multi-factor authenti...
Read More » -
1.2 Million French Bank Accounts Exposed in Data Breach
A data breach at France's national bank account registry (FICOBA) exposed the personal and banking details of 1.2 million citizens after an attacker used a civil servant's stolen credentials. The exposed data, including IBANs and addresses, poses significant fraud risks, such as unauthorized dire...
Read More » -
Lumma Stealer & Ninja Malware Hijack Google Groups
A widespread malware campaign exploits Google's trusted services, using over 4,000 malicious Google Groups and 3,500 Google-hosted URLs to distribute information-stealers by disguising links as legitimate resources. The attack deploys the Lumma Stealer on Windows via deceptive archives and target...
Read More » -
Hackers Spread Android Malware via Hugging Face
A sophisticated malware campaign targets Android users by abusing the trusted AI platform Hugging Face to host and distribute malicious payloads, exploiting its reputation to bypass security warnings. The attack uses a deceptive dropper app to deliver a powerful remote access tool that steals cre...
Read More » -
New Facebook Login Scam Uses Sneaky Browser-in-Browser Trick
A sophisticated phishing campaign uses a deceptive "browser-in-the-browser" (BitB) technique to create fake, convincing login windows within a victim's browser, targeting Facebook users to steal credentials for fraud. Attackers lure victims with phishing emails posing as legal notices or security...
Read More » -
CISA Alerts: Chinese "BrickStorm" Malware Targets VMware Servers
A sophisticated Chinese-linked malware campaign called "Brickstorm" is targeting VMware vSphere servers, using hidden virtual machines to steal credentials and compromise networks, as detailed by U.S. and Canadian cybersecurity agencies. The malware employs advanced evasion techniques like encryp...
Read More » -
Criminal Networks Are Industrializing Payment Fraud
Criminal syndicates now operate like modern corporations, using automation, reusable infrastructure, and scalable methods to create persistent threats that financial institutions struggle to counter. Fraud networks employ organized, repeatable strategies such as AI-powered social engineering and ...
Read More » -
Malicious NPM Packages Downloaded 86,000+ Times
A security vulnerability in the NPM ecosystem allowed attackers to upload over 100 malicious packages, downloaded more than 86,000 times, exploiting Remote Dynamic Dependencies to fetch unverified code. The PhantomRaven campaign used these dependencies to bypass detection, as they remain invisibl...
Read More » -
October 2025 Threat Report: Barracuda SOC Insights
Akira ransomware is exploiting unpatched SonicWall VPN vulnerabilities (CVE-2024-40766), bypassing multi-factor authentication through stolen credentials and encrypting data rapidly. Attackers are increasingly using Python scripts to automate and disguise malicious activities, such as deploying p...
Read More » -
A Dangerous Worm Is Infecting Software Packages
A self-replicating worm named Shai-Hulud has infected hundreds of open-source JavaScript packages on NPM, actively seeking credentials to spread further and escalating software supply chain risks. Major U.S. tech firms like IBM and Microsoft have supplied surveillance technology to China, support...
Read More » -
How Attackers Weaponize Communication Networks
Communication networks are now the primary target for cyber attackers, offering vast data access for espionage, financial crime, and other malicious intents. Attackers exploit built-in network tools and lawful intercept systems to passively monitor and steal credentials, enabling large-scale surv...
Read More » -
Microsoft Teams Targeted by Fake IT Support Scams
A new wave of phishing attacks is exploiting Microsoft Teams, using fake IT support accounts to trick employees into installing malware that gives attackers full network control. Attackers are shifting from email to Teams due to its trusted role in business, impersonating IT staff to deploy remot...
Read More » -
Telegram Channels Reveal SmarterMail Exploits in the Wild
Threat actors are rapidly weaponizing critical vulnerabilities in SmarterMail (CVE-2026-24423 and CVE-2026-23760), sharing exploit code and credentials to enable server takeover and ransomware campaigns. These flaws have already been exploited in real-world incidents, including a breach at Smarte...
Read More » -
Secure OT Systems: The Power of Strong Passwords
Operational technology (OT) secures critical physical infrastructure, but its security often lags behind IT, creating high risks of physical damage and public safety threats from cyberattacks. OT security is uniquely challenged by outdated systems, IT/OT network convergence, and shared credential...
Read More » -
Ivanti EPM Flaw Patched, Now Under Active Attack
A critical vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager is under active attack, allowing unauthenticated attackers to bypass security and steal credentials. U.S. cybersecurity authorities have issued a binding directive for federal agencies to patch within three weeks, as the flaw is ...
Read More » -
OAuth Redirects Exploited to Deliver Malware
A sophisticated phishing campaign exploits OAuth's error-handling to redirect users from legitimate login pages to attacker-controlled sites, bypassing standard security filters. The attacks use convincing business-themed email lures to trick users into clicking links that lead to credential thef...
Read More » -
N-able Anomaly Detection Stops Credential-Based Threats
N-able has upgraded its Cove Data Protection platform with enhanced Anomaly Detection to combat identity-based cyberattacks targeting backup systems, providing real-time alerts for suspicious policy modifications. The threat landscape has shifted, with stolen credentials enabling attackers to sub...
Read More » -
Why Hackers Keep Exploiting the Same Security Gaps
The majority of successful breaches stem from fundamental failures in identity management, third-party access controls, and perimeter device security, with stolen credentials being a primary gateway. Attackers frequently exploit trusted tools and workflows, such as remote management software and ...
Read More »