Tag: credential harvesting
76 articles

Misconfigured Server Reveals Evilginx Phishing Operators
A shocking security blunder exposed the inner workings of a massive Evilginx phishing campaign, revealing 218 victims across 12 countries, with nearly 94% being corporate targets, who were quietly harvested over the course of a year. The careless mistake, made on a Budapest virtual private server, gave researchers a rare glimpse into the sophisticated phishing ecosystem.

Evilginx Phishing Ops Expose Microsoft 365 MFA Weaknesses
A French security firm stumbled upon a live Microsoft 365 phishing operation when a simple Python command was left exposed in a readable file, revealing a treasure trove of sensitive data. This lucky discovery shed light on the alarming weaknesses in Microsoft 365's multi-factor authentication.

ARToken Phishing Platform Exposes EvilTokens' Microsoft 365 Toolkit
Cisco Talos researchers have uncovered a sophisticated phishing platform, ARToken, that offers a Microsoft 365 toolkit and goes far beyond traditional credential-harvesting pages, exposing over 80 API endpoints. This phishing-as-a-service operation is a game-changer in the world of cyber threats.

FortiBleed Exposes Link to Ransomware Ops
A shocking new report reveals that the notorious FortiBleed vulnerability has a direct link to ransomware operations, with a key player found negotiating with both groups. This alarming connection has led to at least 12 ransomware deployments and hundreds of encrypted endpoints.

Miasma Malware Targets npm, GitHub in Expanded Supply Chain Attack
Over 550 GitHub repositories have been compromised in a massive supply-chain attack, with malware harvesting developer credentials and spreading across package registries and workflows. The attack has already infected numerous npm packages and one Go module, putting developer data at risk.

FortiBleed Exposes 110 Million Credentials in Global Firewall Hack
A recent global firewall hack, dubbed FortiBleed, has exposed a staggering 110 million credentials, putting countless individuals and organizations at risk. This massive breach was made possible by a sophisticated five-stage pipeline that allowed hackers to capture sensitive information, including cleartext and hashed credentials, from compromised devices.

Threat Actors Monetize Stolen Credentials with Searchable Underground Services
Cybercriminals are cashing in on stolen credentials with a new breed of underground services that allow buyers to search and purchase specific, verified login details. This emerging market acts as a middleman between hackers who steal sensitive info and those who want to use it to take over accounts.

North Korean Hackers Exploit Coding Lures to Steal Crypto Credentials
In a sneaky move, North Korean hackers sent over 250 emails with innocent-looking coding tasks to nearly 100 US-based organizations, tricking them into handing over cryptocurrency credentials. The clever phishing scam, tracked as UNK_DeadDrop, targeted tech, education, and finance firms, with a special focus on cryptocurrency companies.

IronWorm Malware Infects 36 npm Packages in Supply-Chain Attack
Meet IronWorm, a sneaky Rust-based infostealer that's infected 36 npm packages, putting a wide range of sensitive credentials and secrets at risk of being harvested. This stealthy malware operates undetected, targeting everything from AWS and OpenAI credentials to cryptocurrency wallet files.

Hackers Exploit Active Directory Flaw to Harvest Passwords
Storing passwords in Active Directory description fields is a rookie mistake that hackers are eager to exploit, and one hacker did just that with alarming ease. It was disturbingly simple for them to get their hands on sensitive information.

Miasma Supply Chain Attack Targets Red Hat npm Packages
A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.

Jinx-0164 Targets Crypto Developers with Custom macOS Malware
Beware of fake meetings on LinkedIn - cyber attackers are using them to trick crypto developers into installing custom macOS malware called Audiofix, which can steal sensitive info like passwords, SSH keys, and cryptocurrency wallet details. This sneaky malware is disguised as an audio fix, but its real goal is to harvest your valuable data.

MuddyWater Exploits DLL Side-Loading in Global Espionage Push
MuddyWater hackers have launched a massive global espionage campaign, infiltrating at least nine organizations across four continents by cleverly disguising malicious code as legitimate software. They used a sneaky trick called DLL side-loading to quietly steal credentials and browser data.

Chinese Phishing Services Shift to Live Credential Interception Tactics
Cyber attackers are now using live administration panels to interact with victims in real-time, capturing one-time passcodes and instantly bypassing multifactor authentication protections. This new tactic allows them to neutralize security measures and steal sensitive information more effectively.

Malware Worm Eliminates Rival, Seizes Control
Meet the malware worm with a ruthless streak - it not only eliminates rival malware from infected systems, but also seizes control and claims the compromised credentials for itself. This cunning worm is taking over, leaving other malicious operators with nothing.

MicroStealer Targets Education, Telecom with Credential Theft FTC Cracks Down on Kochava's Location Data Practices Proton Mail Adds Quantum-Safe Encryption Supply Chain Hardened with pnpm 11 Release Meta Deploys AI for Underage Enforcement North Korea-Linked Cybercrime Case Upheld ICS Security Flaws Disclosed in Eclipse BaSyx MOVEit Automation Exposes Critical Vulnerability VECT Ransomware Encryption Flaws Discovered Oracle Accelerates Patching with
MicroStealer malware is on the loose, targeting education and telecom sectors with a sneaky credential theft attack that's harvesting sensitive data, including browser credentials, cryptocurrency wallets, and system info. This stealthy threat uses a multi-stage delivery chain to quickly swipe valuable info and send it to hackers.

Ukraine Arrests Hackers Behind 610,000 Roblox Account Breach
Ukrainian authorities have cracked down on a group of hackers responsible for breaching over 610,000 Roblox accounts in a months-long phishing scam that harvested credentials and tokens. The stolen access was used to snag in-game items and Robux, Roblox's virtual currency.

Python Backdoor Exploits Tunneling Service to Harvest Browser, Cloud Credentials
Meet DEEP#DOOR, a sneaky Python-based backdoor framework that's harvesting browser and cloud credentials by exploiting a tunneling service, and learn how it infiltrates systems through a clever sequence of stealthy steps. This sophisticated threat starts with a simple batch script that disables Windows security controls and ends with a fully featured Remote Access Trojan (RAT).

Google Exposes Microsoft Teams Phishing Campaign Using Custom Snow Malware
Beware of scammers posing as helpdesk heroes! They'll flood your inbox with spam, then reach out on Microsoft Teams with a fake fix that actually steals your password using custom Snow malware.

macOS ClickFix Attacks Harvest Credentials via AppleScript Stealers
macOS users beware: a sneaky ClickFix campaign is using AppleScript stealers to harvest credentials from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. This targeted attack has already made off with a staggering amount of sensitive info - and it's still on the loose.

VENOM Phishing Attacks Target C-Suite Microsoft Logins
A new phishing-as-a-service platform called VENOM is making it alarmingly easy for hackers to target senior executives, specifically seeking their Microsoft logins. This compact toolkit is putting the keys to the corner office within reach of any motivated adversary, leaving security teams scrambling to respond.

Feds Disrupt Russia-Backed Espionage Network Infecting 18,000 Devices
Federal authorities have successfully disrupted a massive Russia-backed espionage operation that had infiltrated nearly 18,000 devices, stealing sensitive account credentials and tokens by hijacking internet traffic. This significant takedown thwarts the efforts of Forest Blizzard, a notorious threat group linked to Russia's GRU.

LiteLLM Supply-Chain Compromise Exposes Mercor Data
A single faulty AI dependency can become a backdoor for attackers - as seen in the recent LiteLLM supply-chain compromise that exposed sensitive data, source code, and internal credentials at Mercor. This alarming incident highlights the risks of relying on third-party dependencies and the importance of securing your supply chain.

Hackers Exploit React2Shell Flaw to Breach 766 Next.js Hosts
In a massive credential harvesting operation, hackers exploited the React2Shell vulnerability to breach 766 Next.js hosts, scooping up sensitive database credentials, SSH private keys, and other valuable secrets. This single software flaw was turned into an automated threat, compromising hundreds of sites and putting their digital kingdoms at risk.