Skip to main content

Tag: credential harvesting

76 articles

Brightly-lit server stands out in dimly lit data center with blurred equipment and cityscape visible through a window.

Misconfigured Server Reveals Evilginx Phishing Operators

A shocking security blunder exposed the inner workings of a massive Evilginx phishing campaign, revealing 218 victims across 12 countries, with nearly 94% being corporate targets, who were quietly harvested over the course of a year. The careless mistake, made on a Budapest virtual private server, gave researchers a rare glimpse into the sophisticated phishing ecosystem.

Analyst 207
Cramped server room with laptop and cables in ordinary indoor lighting.

Evilginx Phishing Ops Expose Microsoft 365 MFA Weaknesses

A French security firm stumbled upon a live Microsoft 365 phishing operation when a simple Python command was left exposed in a readable file, revealing a treasure trove of sensitive data. This lucky discovery shed light on the alarming weaknesses in Microsoft 365's multi-factor authentication.

Analyst 207
Modern office building exterior in a business district at daytime.

ARToken Phishing Platform Exposes EvilTokens' Microsoft 365 Toolkit

Cisco Talos researchers have uncovered a sophisticated phishing platform, ARToken, that offers a Microsoft 365 toolkit and goes far beyond traditional credential-harvesting pages, exposing over 80 API endpoints. This phishing-as-a-service operation is a game-changer in the world of cyber threats.

Analyst 207
Network operations room with computer servers and equipment showing signs of affected infrastructure.

FortiBleed Exposes Link to Ransomware Ops

A shocking new report reveals that the notorious FortiBleed vulnerability has a direct link to ransomware operations, with a key player found negotiating with both groups. This alarming connection has led to at least 12 ransomware deployments and hundreds of encrypted endpoints.

Analyst 207
Developer workstation with laptop and subtle signs of supply chain breach.

Miasma Malware Targets npm, GitHub in Expanded Supply Chain Attack

Over 550 GitHub repositories have been compromised in a massive supply-chain attack, with malware harvesting developer credentials and spreading across package registries and workflows. The attack has already infected numerous npm packages and one Go module, putting developer data at risk.

Analyst 207
Rows of computer servers and networking equipment fill a brightly-lit network operations center, conveying a sense of…

FortiBleed Exposes 110 Million Credentials in Global Firewall Hack

A recent global firewall hack, dubbed FortiBleed, has exposed a staggering 110 million credentials, putting countless individuals and organizations at risk. This massive breach was made possible by a sophisticated five-stage pipeline that allowed hackers to capture sensitive information, including cleartext and hashed credentials, from compromised devices.

Analyst 207
Cramped, dimly lit room with cluttered desk, laptop, and scattered papers, surrounded by old computer equipment.

Threat Actors Monetize Stolen Credentials with Searchable Underground Services

Cybercriminals are cashing in on stolen credentials with a new breed of underground services that allow buyers to search and purchase specific, verified login details. This emerging market acts as a middleman between hackers who steal sensitive info and those who want to use it to take over accounts.

Analyst 207
Brightly lit coding workspace with laptop showing GitHub/GitLab page surrounded by coding materials and documents.

North Korean Hackers Exploit Coding Lures to Steal Crypto Credentials

In a sneaky move, North Korean hackers sent over 250 emails with innocent-looking coding tasks to nearly 100 US-based organizations, tricking them into handing over cryptocurrency credentials. The clever phishing scam, tracked as UNK_DeadDrop, targeted tech, education, and finance firms, with a special focus on cryptocurrency companies.

Analyst 207
A laptop with a blank screen sits amidst scattered papers and generic development tools in a well-lit workspace.

IronWorm Malware Infects 36 npm Packages in Supply-Chain Attack

Meet IronWorm, a sneaky Rust-based infostealer that's infected 36 npm packages, putting a wide range of sensitive credentials and secrets at risk of being harvested. This stealthy malware operates undetected, targeting everything from AWS and OpenAI credentials to cryptocurrency wallet files.

Analyst 207
Dimly lit server room with rows of computer servers and a blurred technician screen.

Hackers Exploit Active Directory Flaw to Harvest Passwords

Storing passwords in Active Directory description fields is a rookie mistake that hackers are eager to exploit, and one hacker did just that with alarming ease. It was disturbingly simple for them to get their hands on sensitive information.

Analyst 207
Developer workstation with open laptop showing code, surrounded by empty coffee cups and scattered notes, hinting at a…

Miasma Supply Chain Attack Targets Red Hat npm Packages

A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.

Analyst 207
Cryptocurrency developer's workspace with Mac computer, notes, and empty coffee cups.

Jinx-0164 Targets Crypto Developers with Custom macOS Malware

Beware of fake meetings on LinkedIn - cyber attackers are using them to trick crypto developers into installing custom macOS malware called Audiofix, which can steal sensitive info like passwords, SSH keys, and cryptocurrency wallet details. This sneaky malware is disguised as an audio fix, but its real goal is to harvest your valuable data.

Analyst 207
Close-up of computer circuit board with exposed casing revealing abstract malicious code in background.

MuddyWater Exploits DLL Side-Loading in Global Espionage Push

MuddyWater hackers have launched a massive global espionage campaign, infiltrating at least nine organizations across four continents by cleverly disguising malicious code as legitimate software. They used a sneaky trick called DLL side-loading to quietly steal credentials and browser data.

Analyst 207
Person's hand holds smartphone in brightly-lit urban setting with subtle hint of unease.

Chinese Phishing Services Shift to Live Credential Interception Tactics

Cyber attackers are now using live administration panels to interact with victims in real-time, capturing one-time passcodes and instantly bypassing multifactor authentication protections. This new tactic allows them to neutralize security measures and steal sensitive information more effectively.

Analyst 207
Dimly lit network closet with disarrayed cables and equipment.

Malware Worm Eliminates Rival, Seizes Control

Meet the malware worm with a ruthless streak - it not only eliminates rival malware from infected systems, but also seizes control and claims the compromised credentials for itself. This cunning worm is taking over, leaving other malicious operators with nothing.

Analyst 207
Students work on laptops in a dimly lit university computer lab with scattered papers and blurred screens.

MicroStealer Targets Education, Telecom with Credential Theft FTC Cracks Down on Kochava's Location Data Practices Proton Mail Adds Quantum-Safe Encryption Supply Chain Hardened with pnpm 11 Release Meta Deploys AI for Underage Enforcement North Korea-Linked Cybercrime Case Upheld ICS Security Flaws Disclosed in Eclipse BaSyx MOVEit Automation Exposes Critical Vulnerability VECT Ransomware Encryption Flaws Discovered Oracle Accelerates Patching with

MicroStealer malware is on the loose, targeting education and telecom sectors with a sneaky credential theft attack that's harvesting sensitive data, including browser credentials, cryptocurrency wallets, and system info. This stealthy threat uses a multi-stage delivery chain to quickly swipe valuable info and send it to hackers.

Analyst 207
Cluttered home office setup with gaming console and laptop surrounded by papers and snack packaging.

Ukraine Arrests Hackers Behind 610,000 Roblox Account Breach

Ukrainian authorities have cracked down on a group of hackers responsible for breaching over 610,000 Roblox accounts in a months-long phishing scam that harvested credentials and tokens. The stolen access was used to snag in-game items and Robux, Roblox's virtual currency.

Analyst 207
Windows computer workstation in an office setting with router and cables, and a blank laptop screen on the desk.

Python Backdoor Exploits Tunneling Service to Harvest Browser, Cloud Credentials

Meet DEEP#DOOR, a sneaky Python-based backdoor framework that's harvesting browser and cloud credentials by exploiting a tunneling service, and learn how it infiltrates systems through a clever sequence of stealthy steps. This sophisticated threat starts with a simple batch script that disables Windows security controls and ends with a fully featured Remote Access Trojan (RAT).

Analyst 207
Person at desk looks at laptop with Microsoft Teams on screen, background webpage blurred.

Google Exposes Microsoft Teams Phishing Campaign Using Custom Snow Malware

Beware of scammers posing as helpdesk heroes! They'll flood your inbox with spam, then reach out on Microsoft Teams with a fake fix that actually steals your password using custom Snow malware.

Analyst 207
Person sitting in dark room with laptop showing fake login prompt and nearby smartphone and torn paper with credentials.

macOS ClickFix Attacks Harvest Credentials via AppleScript Stealers

macOS users beware: a sneaky ClickFix campaign is using AppleScript stealers to harvest credentials from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. This targeted attack has already made off with a staggering amount of sensitive info - and it's still on the loose.

Analyst 207
Shadowy figure looms behind a login page on a laptop screen, poised to submit credentials.

VENOM Phishing Attacks Target C-Suite Microsoft Logins

A new phishing-as-a-service platform called VENOM is making it alarmingly easy for hackers to target senior executives, specifically seeking their Microsoft logins. This compact toolkit is putting the keys to the corner office within reach of any motivated adversary, leaving security teams scrambling to respond.

Analyst 207
Shadowy figure holds damaged laptop amidst glowing code, set against a dark cityscape and Russian map backdrop.

Feds Disrupt Russia-Backed Espionage Network Infecting 18,000 Devices

Federal authorities have successfully disrupted a massive Russia-backed espionage operation that had infiltrated nearly 18,000 devices, stealing sensitive account credentials and tokens by hijacking internet traffic. This significant takedown thwarts the efforts of Forest Blizzard, a notorious threat group linked to Russia's GRU.

Analyst 207
LiteLLM Supply-Chain Compromise Exposes Mercor Data

LiteLLM Supply-Chain Compromise Exposes Mercor Data

A single faulty AI dependency can become a backdoor for attackers - as seen in the recent LiteLLM supply-chain compromise that exposed sensitive data, source code, and internal credentials at Mercor. This alarming incident highlights the risks of relying on third-party dependencies and the importance of securing your supply chain.

Analyst 207
Hackers Exploit React2Shell Flaw to Breach 766 Next.js Hosts

Hackers Exploit React2Shell Flaw to Breach 766 Next.js Hosts

In a massive credential harvesting operation, hackers exploited the React2Shell vulnerability to breach 766 Next.js hosts, scooping up sensitive database credentials, SSH private keys, and other valuable secrets. This single software flaw was turned into an automated threat, compromising hundreds of sites and putting their digital kingdoms at risk.

Analyst 207