Topic: credential theft
-
Old Windows Flaws Still Leak Your Passwords
Outdated Windows protocols like LLMNR and NBT-NS pose a security threat by allowing credential theft through inherent design flaws, not software vulnerabilities, as they automatically trust any responding device on the network. Attackers can use tools like Responder to intercept authentication da...
Read More » -
Barracuda Exposes Stealthy Microsoft 365 Phishing Kit
Whisper 2FA is a sophisticated phishing-as-a-service platform that has compromised nearly one million Microsoft 365 accounts by stealing login credentials and authentication tokens since July 2025. It employs a continuous credential theft loop that persistently prompts victims for multi-factor au...
Read More » -
SonicWall VPN Breach: Hackers Exploit Stolen Credentials
Attackers breached over 100 SonicWall SSLVPN accounts using stolen credentials, with malicious activity detected from October 4th to at least October 10th by Huntress. The intrusions utilized previously compromised valid credentials, not brute-force methods, and involved network reconnaissance an...
Read More » -
Microsoft Shuts Down RaccoonO365 Phishing-as-a-Service, Names Leader
Microsoft and Cloudflare dismantled the RaccoonO365 phishing-as-a-service operation, seizing 338 websites and crippling its infrastructure. The phishing kit bypassed multi-factor authentication to steal Microsoft 365 credentials and session cookies, enabling prolonged unauthorized account access....
Read More » -
Google Denies Widespread Gmail Data Breach Rumors
Google has officially denied a new Gmail data breach, clarifying that recent reports stem from misinterpreted collections of old stolen credentials and not a new security incident. The confusion arose when a large set of 183 million compromised credentials from various sources was added to a cybe...
Read More » -
Microsoft Warns of "Payroll Pirate" Scam Targeting Employee Paychecks
A phishing campaign called "Payroll Pirate" targets corporate HR accounts to redirect employee paychecks into criminal-controlled bank accounts by manipulating platforms like Workday. Attackers use adversary-in-the-middle techniques to intercept login credentials and multi-factor authentication c...
Read More » -
New MatrixPDF Toolkit Weaponizes PDFs for Phishing Attacks
MatrixPDF is a malicious toolkit that transforms harmless PDFs into phishing tools, redirecting users to credential harvesting pages or initiating malware downloads, and is marketed on underground forums and Telegram. The toolkit offers features like drag-and-drop importing, real-time previews, a...
Read More » -
Self-Replicating Worm Infects 180+ npm Packages in Automated Attack
A self-replicating worm named "Shai-hulud" is spreading through the npm ecosystem, infecting over 180 packages and stealing developer credentials to propagate further. The worm uses stolen authentication tokens to inject malicious code, exfiltrate sensitive data like GitHub and AWS keys, and make...
Read More » -
Microsoft, Cloudflare Shut Down Massive RaccoonO365 Phishing Operation
Microsoft and Cloudflare dismantled the RaccoonO365 phishing-as-a-service scheme, which harvested thousands of Microsoft 365 credentials through deceptive campaigns. The operation seized 338 websites and accounts, disrupting a group that compromised over 5,000 users across 94 countries and target...
Read More » -
Malicious 'TradingView Premium' Ads Spread from Meta to Google
A malvertising campaign has expanded from Facebook to Google Ads, using fake offers of free TradingView Premium to distribute advanced information-stealing malware. The scam involves hijacking legitimate Google Ads accounts and verified YouTube channels, which are rebranded to impersonate Trading...
Read More » -
Akira Ransomware: 4 Hours from VPN Login to Total Encryption
Akira ransomware attacks can achieve full network encryption in as little as four hours after initial VPN access, leaving organizations with a very narrow window for detection and response. Attackers exploit stolen SonicWall VPN credentials and bypass multi-factor authentication to systematically...
Read More » -
Microsoft's 2025 Cyberdefense Report: The New Rules of Engagement
AI is fundamentally reshaping cybersecurity by empowering attackers to refine methods, automate operations, and overwhelm traditional defenses, with nation-state actors increasingly leveraging AI for phishing, vulnerability identification, and malware modification. Identity has become the primary...
Read More » -
Malicious NPM Packages Downloaded 86,000+ Times
A security vulnerability in the NPM ecosystem allowed attackers to upload over 100 malicious packages, downloaded more than 86,000 times, exploiting Remote Dynamic Dependencies to fetch unverified code. The PhantomRaven campaign used these dependencies to bypass detection, as they remain invisibl...
Read More » -
October 2025 Threat Report: Barracuda SOC Insights
Akira ransomware is exploiting unpatched SonicWall VPN vulnerabilities (CVE-2024-40766), bypassing multi-factor authentication through stolen credentials and encrypting data rapidly. Attackers are increasingly using Python scripts to automate and disguise malicious activities, such as deploying p...
Read More » -
A Dangerous Worm Is Infecting Software Packages
A self-replicating worm named Shai-Hulud has infected hundreds of open-source JavaScript packages on NPM, actively seeking credentials to spread further and escalating software supply chain risks. Major U.S. tech firms like IBM and Microsoft have supplied surveillance technology to China, support...
Read More » -
How Attackers Weaponize Communication Networks
Communication networks are now the primary target for cyber attackers, offering vast data access for espionage, financial crime, and other malicious intents. Attackers exploit built-in network tools and lawful intercept systems to passively monitor and steal credentials, enabling large-scale surv...
Read More » -
Microsoft Teams Targeted by Fake IT Support Scams
A new wave of phishing attacks is exploiting Microsoft Teams, using fake IT support accounts to trick employees into installing malware that gives attackers full network control. Attackers are shifting from email to Teams due to its trusted role in business, impersonating IT staff to deploy remot...
Read More » -
Atroposia Malware Now Scans for Local Vulnerabilities
Atroposia is a malware-as-a-service platform offering a modular remote access trojan for $200 per month, featuring stealthy remote control, data theft, and a local vulnerability scanner to aid cybercriminals. Its capabilities include hidden remote desktop sessions, file manipulation, credential a...
Read More » -
Securing Australia: How AI and Identity Redefine Cybersecurity
Australian businesses face rapidly evolving cybersecurity threats where traditional defenses are inadequate, with attackers now prioritizing immediate execution over stealth using AI to target identity systems. Cloud environments have become particularly vulnerable, with compromised credentials b...
Read More » -
The Sneaky Box Behind That Phishing Text You Just Got
Attackers are hijacking industrial cellular routers from Milesight IoT, exploiting their remote management capabilities to send fraudulent text messages on a large scale. Security researchers found thousands of these routers with outdated firmware and open interfaces, making them vulnerable to ex...
Read More » -
Google: BrickStorm Malware Stole U.S. Data for a Year
A sophisticated cyber espionage campaign using BrickStorm malware successfully stole sensitive data from American technology, legal, SaaS, and BPO companies for over a year before being detected. The malware, attributed to China-linked group UNC5221, is a versatile backdoor that operates stealthi...
Read More » -
KnowBe4 Trains One Million Students in Cybersecurity Milestone
KnowBe4's Student Edition program has educated one million students on essential digital safety topics, preparing them for online protection and professional roles while helping schools combat cyber threats. The initiative fosters a global security culture in education, with the company training ...
Read More » -
The Password Problem We Still Haven't Solved
Identity-related breaches persist due to basic vulnerabilities like reused passwords and insufficient verification, allowing attackers prolonged network access. Passwords remain the dominant authentication method despite intentions to go passwordless, hindered by legacy systems and diverse enviro...
Read More » -
iiNet Data Breach Exposes Over 280,000 Australian Customers
A data breach at iiNet, an Australian ISP, exposed the personal information of over 280,000 customers after an unauthorized third party used stolen employee credentials to access its order management system. The compromised data included email addresses, phone numbers, usernames, and some passwor...
Read More » -
How MCP Server Flaws Escalate to Supply Chain Attacks
A path traversal vulnerability in Smithery.ai's MCP server platform exposed administrative credentials, compromising over 3,000 AI servers and risking a major supply chain incident. The flaw allowed attackers to access sensitive files and an overprivileged token, enabling potential code execution...
Read More » -
Microsoft Blocks Dangerous File Previews in Windows
The October 2025 Windows update disables the File Explorer Preview Pane for files marked from the internet or accessed from untrusted network shares to enhance security. This change prevents NTLM hash leakage, a vulnerability where previewing certain files could allow attackers to intercept and m...
Read More » -
TikTok Videos Fueling New ClickFix Infostealer Attacks
A new wave of TikTok cyberattacks uses deceptive videos promising free premium software to trick users into executing malicious PowerShell commands, part of the ClickFix social engineering campaign. Executing the commands downloads Aura Stealer malware, which harvests sensitive data like password...
Read More » -
60,000 Redis Servers Exposed by Critical Security Flaw
A critical vulnerability (CVE-2025-49844) in Redis, rated 10.0 in severity, allows attackers to gain full control over servers by exploiting a flaw in the Lua scripting engine that has existed for 13 years. Approximately 60,000 publicly accessible Redis servers with no authentication are at direc...
Read More » -
New Atroposia RAT Emerges on Dark Web
Atroposia is a newly discovered remote access trojan sold on dark web marketplaces, offering encrypted remote control, credential theft, and cryptocurrency wallet data extraction. The malware is modular and integrates with tools like SpamGPT for AI-driven phishing campaigns and MatrixPDF for weap...
Read More » -
Rising Cyber-Attacks Target PHP Servers and IoT Devices
A surge in cyber-attacks is targeting PHP servers, IoT devices, and cloud gateways, driven by botnets like Mirai exploiting known vulnerabilities and misconfigurations to expand their reach. Specific vulnerabilities under active exploitation include CVE-2022-47945 in ThinkPHP, CVE-2021-3129 in La...
Read More » -
NSA-Reported VMware Flaws Patched by Broadcom
Broadcom has released critical patches for two VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) that allow unauthenticated attackers to enumerate valid usernames, posing risks of unauthorized access. Additional high-severity flaws were addressed in VMware vCenter (CVE-2025-41250) an...
Read More » -
Broadcom Patches Critical VMware Security Flaws
Broadcom has released critical security updates for VMware NSX and vCenter to address multiple high-severity vulnerabilities that could enable cyberattacks on enterprise systems. Among the vulnerabilities, CVE-2025-41250 is an SMTP header injection flaw in vCenter, while CVE-2025-41251 and CVE-20...
Read More » -
Google's 2.5 Billion Gmail Users: No Password Reset Required
Google has denied false reports of a major Gmail data breach and clarified that no password reset warning was issued to users. The company emphasized that Gmail's security is robust, blocking over 99.9% of phishing and malware attempts, and recommended using passkeys for added protection. This in...
Read More » -
Dangerous VSCode Extensions Steal Crypto on OpenVSX
Malicious extensions in the VSCode ecosystem, such as C++ Playground and HTTP Format, have been downloaded thousands of times and are designed to steal cryptocurrency or create backdoors, with the threat actor TigerJack repeatedly uploading them under new names to evade detection. These extension...
Read More » -
Scania Hit by Data Breach in Extortion Attack
Scania's Financial Services division suffered a data breach, with attackers stealing sensitive insurance documents and attempting extortion via compromised credentials from an external IT provider. Cybercriminals used infostealer malware to access the system, leaked data samples online, and direc...
Read More »
