Topic: credential theft
-
Microsoft Shuts Down RaccoonO365 Phishing-as-a-Service, Names Leader
Microsoft and Cloudflare dismantled the RaccoonO365 phishing-as-a-service operation, seizing 338 websites and crippling its infrastructure. The phishing kit bypassed multi-factor authentication to steal Microsoft 365 credentials and session cookies, enabling prolonged unauthorized account access....
Read More » -
Microsoft Warns of "Payroll Pirate" Scam Targeting Employee Paychecks
A phishing campaign called "Payroll Pirate" targets corporate HR accounts to redirect employee paychecks into criminal-controlled bank accounts by manipulating platforms like Workday. Attackers use adversary-in-the-middle techniques to intercept login credentials and multi-factor authentication c...
Read More » -
New MatrixPDF Toolkit Weaponizes PDFs for Phishing Attacks
MatrixPDF is a malicious toolkit that transforms harmless PDFs into phishing tools, redirecting users to credential harvesting pages or initiating malware downloads, and is marketed on underground forums and Telegram. The toolkit offers features like drag-and-drop importing, real-time previews, a...
Read More » -
Self-Replicating Worm Infects 180+ npm Packages in Automated Attack
A self-replicating worm named "Shai-hulud" is spreading through the npm ecosystem, infecting over 180 packages and stealing developer credentials to propagate further. The worm uses stolen authentication tokens to inject malicious code, exfiltrate sensitive data like GitHub and AWS keys, and make...
Read More » -
Microsoft, Cloudflare Shut Down Massive RaccoonO365 Phishing Operation
Microsoft and Cloudflare dismantled the RaccoonO365 phishing-as-a-service scheme, which harvested thousands of Microsoft 365 credentials through deceptive campaigns. The operation seized 338 websites and accounts, disrupting a group that compromised over 5,000 users across 94 countries and target...
Read More » -
Malicious 'TradingView Premium' Ads Spread from Meta to Google
A malvertising campaign has expanded from Facebook to Google Ads, using fake offers of free TradingView Premium to distribute advanced information-stealing malware. The scam involves hijacking legitimate Google Ads accounts and verified YouTube channels, which are rebranded to impersonate Trading...
Read More » -
Akira Ransomware: 4 Hours from VPN Login to Total Encryption
Akira ransomware attacks can achieve full network encryption in as little as four hours after initial VPN access, leaving organizations with a very narrow window for detection and response. Attackers exploit stolen SonicWall VPN credentials and bypass multi-factor authentication to systematically...
Read More » -
A Dangerous Worm Is Infecting Software Packages
A self-replicating worm named Shai-Hulud has infected hundreds of open-source JavaScript packages on NPM, actively seeking credentials to spread further and escalating software supply chain risks. Major U.S. tech firms like IBM and Microsoft have supplied surveillance technology to China, support...
Read More » -
How Attackers Weaponize Communication Networks
Communication networks are now the primary target for cyber attackers, offering vast data access for espionage, financial crime, and other malicious intents. Attackers exploit built-in network tools and lawful intercept systems to passively monitor and steal credentials, enabling large-scale surv...
Read More » -
Microsoft Teams Targeted by Fake IT Support Scams
A new wave of phishing attacks is exploiting Microsoft Teams, using fake IT support accounts to trick employees into installing malware that gives attackers full network control. Attackers are shifting from email to Teams due to its trusted role in business, impersonating IT staff to deploy remot...
Read More » -
Securing Australia: How AI and Identity Redefine Cybersecurity
Australian businesses face rapidly evolving cybersecurity threats where traditional defenses are inadequate, with attackers now prioritizing immediate execution over stealth using AI to target identity systems. Cloud environments have become particularly vulnerable, with compromised credentials b...
Read More » -
The Sneaky Box Behind That Phishing Text You Just Got
Attackers are hijacking industrial cellular routers from Milesight IoT, exploiting their remote management capabilities to send fraudulent text messages on a large scale. Security researchers found thousands of these routers with outdated firmware and open interfaces, making them vulnerable to ex...
Read More » -
Google: BrickStorm Malware Stole U.S. Data for a Year
A sophisticated cyber espionage campaign using BrickStorm malware successfully stole sensitive data from American technology, legal, SaaS, and BPO companies for over a year before being detected. The malware, attributed to China-linked group UNC5221, is a versatile backdoor that operates stealthi...
Read More » -
iiNet Data Breach Exposes Over 280,000 Australian Customers
A data breach at iiNet, an Australian ISP, exposed the personal information of over 280,000 customers after an unauthorized third party used stolen employee credentials to access its order management system. The compromised data included email addresses, phone numbers, usernames, and some passwor...
Read More » -
60,000 Redis Servers Exposed by Critical Security Flaw
A critical vulnerability (CVE-2025-49844) in Redis, rated 10.0 in severity, allows attackers to gain full control over servers by exploiting a flaw in the Lua scripting engine that has existed for 13 years. Approximately 60,000 publicly accessible Redis servers with no authentication are at direc...
Read More » -
NSA-Reported VMware Flaws Patched by Broadcom
Broadcom has released critical patches for two VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) that allow unauthenticated attackers to enumerate valid usernames, posing risks of unauthorized access. Additional high-severity flaws were addressed in VMware vCenter (CVE-2025-41250) an...
Read More » -
Broadcom Patches Critical VMware Security Flaws
Broadcom has released critical security updates for VMware NSX and vCenter to address multiple high-severity vulnerabilities that could enable cyberattacks on enterprise systems. Among the vulnerabilities, CVE-2025-41250 is an SMTP header injection flaw in vCenter, while CVE-2025-41251 and CVE-20...
Read More » -
Google's 2.5 Billion Gmail Users: No Password Reset Required
Google has denied false reports of a major Gmail data breach and clarified that no password reset warning was issued to users. The company emphasized that Gmail's security is robust, blocking over 99.9% of phishing and malware attempts, and recommended using passkeys for added protection. This in...
Read More » -
Scania Hit by Data Breach in Extortion Attack
Scania's Financial Services division suffered a data breach, with attackers stealing sensitive insurance documents and attempting extortion via compromised credentials from an external IT provider. Cybercriminals used infostealer malware to access the system, leaked data samples online, and direc...
Read More »
