Topic: stolen credentials
-
Stolen Credentials: Why Hackers Still Prefer Them
Stolen credentials are cybercriminals' top tool due to their simplicity and effectiveness, bypassing the need for advanced hacking techniques. Passwords remain the weakest security link, with slow adoption of stronger measures like MFA and passkeys, while reused passwords amplify risks. Combolist...
Read More » -
Akira Ransomware Bypasses MFA to Breach SonicWall VPNs
Akira ransomware is bypassing multi-factor authentication on SonicWall SSL VPN devices, likely using stolen OTP seeds to generate valid tokens despite security patches. Attackers exploit the CVE-2024-40766 vulnerability to steal credentials, which they reuse even on patched systems, gaining rapid...
Read More » -
Infostealer Attacks Surge 800% - Protect Your Credentials Now
Identity-based attacks are surging, with 1.8 billion stolen credentials in early 2025, an 800% increase, highlighting the need for stronger defenses like multi-factor authentication (MFA). Over 20,000 new vulnerabilities were disclosed, with 12,200 not yet in the National Vulnerability Database (NV...
Read More » -
Hacker Confesses to Leaking Supreme Court Data on Instagram
Nicholas Moore, a Tennessee man, pleaded guilty to computer fraud for repeatedly hacking into sensitive federal systems, including the U.S. Supreme Court's electronic filing platform, and publicly boasting about the breaches on social media. His intrusions also targeted the AmeriCorps and Departm...
Read More » -
AI Transforms Enterprise Ransomware Defense Strategies
Ransomware attacks are increasing globally, with 70% of organizations reporting incidents, but fewer are paying ransoms (down from 76% to 57%), as cybercriminals now often threaten data exposure even after payment. Paying ransoms no longer ensures data recovery, with 25% of organizations failing ...
Read More » -
Police Takedown: Rhadamanthys, VenomRAT, and Elysium Malware Operations Disrupted
An international law enforcement effort led by Europol and Eurojust dismantled over 1,000 servers used by major malware families like Rhadamanthys, VenomRAT, and the Elysium botnet, with support from nine countries and private cybersecurity firms. The operation resulted in the arrest of a key sus...
Read More » -
6 Browser Threats Your Security Team Must Prepare for in 2025
The browser is now a primary attack surface for cyber threats, targeting cloud applications and corporate data through sophisticated campaigns. Key browser-based threats include phishing for credentials and sessions, malicious code delivery, and malicious OAuth integrations, which bypass traditio...
Read More » -
PowerSchool Hacker Sentenced to 4 Years in Prison
A 19-year-old Massachusetts college student received a four-year prison sentence for orchestrating a 2024 cyberattack on PowerSchool, compromising tens of millions of students' and teachers' personal data globally. The attackers used stolen subcontractor credentials to breach systems, exfiltratin...
Read More » -
UK Schools Hit by Student-Led Data Breaches, ICO Warns
Over half of UK school insider data breaches are committed by students, often using simple tactics like guessing weak passwords or accessing staff credentials. These actions, while sometimes driven by curiosity, risk leading young people toward cybercrime, with incidents including unauthorized ac...
Read More » -
Fintech Firm Targeted in $130M Bank Heist Attempt by Hackers
Hackers attempted to steal approximately $130 million from Sinqia S.A., a Brazilian fintech subsidiary, by exploiting stolen credentials to access Brazil's Pix payment network. The breach was detected and contained, with some funds recovered and no customer data compromised, though Sinqia's acces...
Read More » -
Stolen Police Logins Expose Flock Cameras to Hackers
Federal lawmakers are demanding an FTC investigation into Flock Safety's license plate scanning network due to its failure to mandate multi-factor authentication for all law enforcement users, leaving sensitive data vulnerable. Unauthorized access to Flock's system could allow hackers to exploit ...
Read More » -
Salesforce Customers Hit by Hackers in Data Extortion Attack
A new hacking collective called Scattered LAPSUS$ Hunters is extorting Salesforce and its customers by stealing and threatening to release approximately one billion records from major organizations using the platform. The group, composed of members from Lapsus$, Scattered Spider, and ShinyHunters...
Read More »