Skip to main content

Tag: account takeover

58 articles

FBI Reveals Stunning Rise in Costly AI Phishing Scams

FBI Reveals Stunning Rise in Costly AI Phishing Scams

Imagine a voicemail that sounds exactly like your daughter begging for help — only its a scam. The FBI warns cheap AI tools are fueling a surge of hyper‑personalized phishing scams that have already cost victims hundreds of millions and can fool individuals, businesses, and banks alike.

Analyst 207
Python-Based WhatsApp Worm Exclusive: Dangerous Stealer

Python-Based WhatsApp Worm Exclusive: Dangerous Stealer

What would you do if your WhatsApp started messaging your friends without you? Researchers warn the Delphi-based Eternidade Stealer is hijacking accounts and weaponizing contact lists—using social engineering and IMAP-resolved C2 to spread quickly and dodge static defenses.

Analyst 207
Eternidade Stealer Trojan Exclusive Severe Cybercrime Surge

Eternidade Stealer Trojan Exclusive Severe Cybercrime Surge

Eternidade Stealer is a new banking trojan that weaponizes Brazil’s favorite app, WhatsApp, turning ordinary messages into a fast-moving credential theft campaign. Researchers warn one click can unleash downloaders that harvest browser-stored credentials and cookies, making everyday chats unexpectedly risky for users and businesses.

Analyst 207
2FA Phishing Kit: Exclusive Alert on Dangerous BitB Pop-ups

2FA Phishing Kit: Exclusive Alert on Dangerous BitB Pop-ups

Think your 2FA push is safe? Browser-in-the-Browser phishing kits like Sneaky 2FA now mimic real browser dialogs to trick users into approving account takeovers, making powerful relay attacks cheap and easy to rent.

Analyst 207
FTSE 100 Exclusive: Alarming 500,000 Stolen Credentials

FTSE 100 Exclusive: Alarming 500,000 Stolen Credentials

Half a million stolen credentials tied to FTSE 100 staff have surfaced in criminal data stores — a blunt wake-up call that weak passwords and reused logins are leaving Britain’s biggest firms dangerously exposed. Socura’s findings show how easily attackers can impersonate insiders and turn simple credential theft into costly breaches unless boards treat cyber as a strategic priority.

Analyst 207
Improve Collaboration: Best Must-Have Steps to Beat Fraud

Improve Collaboration: Best Must-Have Steps to Beat Fraud

When fraudsters thrive on delay, real-time intelligence sharing across banks, telcos, tech firms and government is the fastest way to stop them in their tracks. Getting there means practical steps, common standards and a culture that treats shared signals as the public good they are.

Analyst 207
Quantum Route Redirect Phishing Kit: Stunningly Dangerous

Quantum Route Redirect Phishing Kit: Stunningly Dangerous

The Quantum Route Redirect phishing kit quietly hijacks web traffic, rerouting victims to eerily convincing fake sites. Learn how this route redirect phishing attack works and what you can do to stay one step ahead.

Analyst 207
I Paid Twice Phishing: Exclusive Scam Alert for Booking.com

I Paid Twice Phishing: Exclusive Scam Alert for Booking.com

Think you paid the hotel twice? A sophisticated I Paid Twice phishing campaign is hijacking Booking.com, Airbnb and Expedia bookings—using injected scripts and fake payment pages to trick travelers into handing over extra payments.

Analyst 207
Most common passwords: Exclusive list of the worst

Most common passwords: Exclusive list of the worst

We all scoff at 123456, yet it still tops the charts because convenience and password reuse beat security. That complacency makes credential-stuffing cheap and effective, letting attackers turn one weak password into dozens of account takeovers.

Analyst 207
Person sits in darkened room with shattered glass and torn paper, smartphone screen glowing eerily.

SMS Fraud Losses: Exclusive 11% Relief by 2026

Juniper Research predicts an 11% drop in global SMS fraud losses by 2026 — about $9 billion less — good news, but with smishing, SIM farms and brittle phone-number trust still rampant, it may be just the first step in a much bigger fight to secure SMS.

Analyst 207
Person staring at laptop with concern, surrounded by ghostly figures making phone calls in a dark cityscape.

Europol Exclusive: Alarming Rise in Caller ID Spoofing

Europol’s recent takedown ripped the curtain back on how caller ID spoofing and SIM farms let criminals rent anonymity at scale — a win that still reads like a warning. With fraudsters shifting to SIMless virtual numbers and VoIP farms, the phone number we trust as ID has become a commodity for scams.

Analyst 207
MuddyWater Exclusive: Devastating 100+ Government Breach

MuddyWater Exclusive: Devastating 100+ Government Breach

A single compromised mailbox and an attacker-controlled VPN quietly became the battering ram for a MuddyWater espionage campaign that infiltrated more than 100 government networks across the Middle East and North Africa. Group‑IB’s analysis shows the actors used trusted email, credential harvesting, and stealthy lateral movement to maintain months-long access and siphon sensitive diplomatic and personnel data.

Analyst 207
180,000 Records of PII Exposed: Exclusive Critical Leak

180,000 Records of PII Exposed: Exclusive Critical Leak

Heads up: roughly 180,000 customer records — including names, payment card details and other PII — were left in an unsecured repository, putting people at risk of fraud and companies on the hook for costly regulatory and reputational fallout.

Analyst 207
180,000 Records Exposed: Stunning Security Failure

180,000 Records Exposed: Stunning Security Failure

180,000 customer records — including payment card details and other PII — were left in an unsecured repository. This glaring misconfiguration shows how convenience can quickly turn into costly fraud, identity theft and regulatory headaches.

Analyst 207
WestJet Alerts Americans: Exclusive Serious Data Breach

WestJet Alerts Americans: Exclusive Serious Data Breach

WestJet data breach: the airline says a June intrusion may have exposed passport numbers, loyalty IDs and travel details for about 1.2 million U.S. customers—here’s why that raises your scam risk and what to do next.

Analyst 207
Shattered window in a modern tech company HQ reflects cityscape, eerie laptop glow nearby.

WestJet Exclusive Alert: Critical Data Breach Notified

WestJet Exclusive Alert: A June cyber intrusion may have exposed travel and loyalty-account data for roughly 1.2 million customers—including U.S. residents—so check your accounts now. WestJet says it’s working with forensic experts and law enforcement, but this notice is your cue to watch for phishing, reset passwords, and protect your identity.

Analyst 207
Lumma Stealer Exclusive: Vidar 2.0 Fuels Dangerous Rise

Lumma Stealer Exclusive: Vidar 2.0 Fuels Dangerous Rise

The Lumma Stealer leak has supercharged Vidar 2.0, recycling stolen credentials and exposed code into a stealthier, cheaper toolkit for criminals. Trend Micro warns defenders to brace for rising Vidar 2.0 activity through Q4 2025.

Analyst 207
Lumma Stealer Vacuum Exclusive Dangerous Vidar 2.0 Upgrade

Lumma Stealer Vacuum Exclusive Dangerous Vidar 2.0 Upgrade

From the public doxxing of Lumma Stealer to the resurfacing of Vidar 2.0, the cybercrime scene is behaving more like a ruthless software market — and that escalation puts millions of credentials and finances at risk. Security teams take note: analysts expect a rise in sophisticated stealer activity through Q4 2025.

Analyst 207
Scattered Spider Duo: Exclusive Shocking $115M Ransom Link

Scattered Spider Duo: Exclusive Shocking $115M Ransom Link

Imagine lights going out at your hospital or your commute being held hostage — and the alleged architects are teenagers. The newly unsealed indictment accuses Scattered Spider of using social engineering and telecom hacks to extract at least $115M in ransoms, turning account takeovers into real‑world chaos.

Analyst 207
Magento Exclusive: Critical Flaw Hits 250+ Stores Overnight

Magento Exclusive: Critical Flaw Hits 250+ Stores Overnight

A single flaw prompted 250+ attack attempts against Magento-based stores in just 24 hours, forcing merchants to weigh sales against safety. Adobe’s emergency patches — plus quick steps like MFA and session token rotation — need to be applied now to stop fraud, skimming, and account takeovers.

Analyst 207
Jingle Thief Exclusive: Costly Cloud Hack Steals Millions

Jingle Thief Exclusive: Costly Cloud Hack Steals Millions

Imagine criminals turning your retailer’s cloud into a holiday ATM—Unit 42 warns the Jingle Thief gang uses phishing and smishing to steal credentials and exploit misconfigured cloud systems to issue and redeem millions in gift cards. Stronger identity controls, logging and vendor oversight are urgent fixes before consumers and merchants are left cleaning up the mess.

Analyst 207
Magento Stores Hit by Stunning Critical Breach, 250+

Magento Stores Hit by Stunning Critical Breach, 250+

Heads-up: a critical vulnerability in Adobe Commerce and Magento Open Source is being actively exploited — Sansec logged 250+ attack attempts in 24 hours. Merchants should patch immediately, rotate sessions, and hunt for suspicious activity to prevent account takeovers, fraud, and data leaks.

Analyst 207
Rhadamanthys Stealer: Exclusive Dangerous Threat

Rhadamanthys Stealer: Exclusive Dangerous Threat

Rhadamanthys has evolved from a simple credential stealer into a stealthy, full-stack threat that fingerprints devices and hides stolen data inside ordinary PNG images while pairing with proxy and crypt services for turnkey attacks. Defenders should boost telemetry, enforce phishing‑resistant MFA, and add content‑aware inspection (including steganalysis) to spot these covert exfiltration channels.

Analyst 207
WestJet data breach: Exclusive Risk to Millions

WestJet data breach: Exclusive Risk to Millions

WestJet revealed a criminal intrusion that exposed personal and loyalty data for about 1.2 million customers, raising urgent questions about airline cybersecurity and what it means for your privacy. Read on to learn what happened, why stolen travel data is so dangerous, and simple steps you can take right now to protect yourself.

Analyst 207