Tag: credential harvesting
76 articles

Phantom Stealer Emerges as Sophisticated Stealer-as-a-Service Tool
Imagine your entire online life being stolen and sold for just a few hundred dollars - that's the harsh reality with Phantom Stealer, a powerful and stealthy tool that's making it easy for cybercriminals to get their hands on your sensitive information. This sophisticated .NET-based stealer can harvest everything from login credentials to payment card details, putting your digital identity at risk.

Cisco Hit by Alarming Code Heist After Trivy Breach
A shocking code heist has hit Cisco, with hackers making off with sensitive source code after infiltrating the company's internal development environment through a Trivy supply-chain attack. This brazen breach raises urgent questions about the hidden vulnerabilities lurking in today's interconnected development ecosystems.

Multifaceted Phishing Scheme Stunningly Damages Bitpanda
Thousands of Bitpanda users are reeling after a sophisticated phishing campaign spun up convincing lookalike sites—with disposable domains and SSL certificates—to harvest credentials and fuel criminal markets. The attack shows how industrialized phishing‑as‑a‑service turns takedown efforts into whack‑a‑mole, leaving customers, companies and regulators scrambling to restore digital trust.

TGR-STA-1030 Exclusive: Severe Breach Hits 70 Sites
Meet TGR-STA-1030: a stealthy Asia-based espionage crew that’s quietly breached at least 70 government and critical‑infrastructure networks across 37 countries, using bespoke tools, credential harvesting and meticulous reconnaissance to keep long‑term, hard-to-detect access to telecom and communications systems.

LastPass Warns: Critical Phishing Steals Master Passwords
If you get a frantic LastPass email demanding a 24‑hour backup, pause — its a phishing campaign trying to steal your master password, the single key that unlocks everything in your vault. Never click the links or enter your master password — LastPass will never ask for that.

Phishing Attacks Exclusive: Critical Risk to Microsoft 365
Think an email from your CEO is safe? Microsoft 365 phishing campaigns now use cloud misconfigurations and device-code tricks to make external messages look internal and steal authentication tokens or MFA codes.

Android TV: Must-Read Botnet Risk Alert
Before you plug in that bargain Android TV box, know this: researchers say some models secretly route other peoples internet traffic through your home, effectively turning the device into a botnet node and putting you at risk of fraud and legal trouble.

QR codes Exclusive Threat: Pyongyang’s Dangerous Phishing
Think twice before you scan: the FBI warns North Korean hackers are using QR-based quishing to turn innocent-looking codes into multi-step traps that steal cloud credentials and bypass enterprise defenses.

QR codes Stunning Pyongyang Phishing Threat
QR codes have gone from handy shortcuts to attack vectors—North Korean actors are using QR-based phishing to steal cloud credentials by hiding multi-step payloads inside seemingly legitimate scans. The real question now isnt whether to scan, but how to verify what the square tells you.

FBI Reveals Stunning Rise in Costly AI Phishing Scams
Imagine a voicemail that sounds exactly like your daughter begging for help — only its a scam. The FBI warns cheap AI tools are fueling a surge of hyper‑personalized phishing scams that have already cost victims hundreds of millions and can fool individuals, businesses, and banks alike.

Smishing Triad Impersonation Campaigns: Exclusive Threat
Think that bank-looking text is really from your provider? Smishing Triad attackers now pair believable sender IDs with lookalike Egyptian domains, SIM farms and hijacked devices to harvest credentials and bypass 2FA—one click can mean compromise.

FlexibleFerret Exclusive: Dangerous macOS Go Backdoor
Think a harmless Mac script cant hurt? FlexibleFerret proves otherwise — a modular, multistage campaign that uses staged shell/AppleScript and a Go-based backdoor to quietly harvest credentials and maintain stealthy, long-term access across macOS systems.

CTM360 Exclusive: Alarming WhatsApp Hijack Campaign Exposed
CTM360 exposes HackOnChat, a clever and dangerous campaign that clones WhatsApp Web to trick users into revealing authentication codes and handing over their accounts. With thousands of malicious URLs and coordinated fronts, this WhatsApp account hijacking operation is alarmingly scalable and hard to takedown.

Dragon Breath Exclusive: Critical RONINGLOADER Gh0st RAT
Think twice before clicking Next — researchers warn Dragon Breath is hiding a multi‑stage RONINGLOADER inside trojanized NSIS installers (masquerading as Chrome or Teams) to install a modified Gh0st RAT that gives attackers stealthy, persistent remote access for credential theft, lateral movement and data exfiltration.

GootLoader WordPress: Exclusive Font Trick Is Dangerous
Think an exclusive font is harmless? Think again — GootLoader is hiding malicious JavaScript in fonts and other benign WordPress assets, letting tiny site tweaks become a fast route to full-network takeovers.

Quantum Route Redirect Phishing Kit: Stunningly Dangerous
The Quantum Route Redirect phishing kit quietly hijacks web traffic, rerouting victims to eerily convincing fake sites. Learn how this route redirect phishing attack works and what you can do to stay one step ahead.

China-Aligned UTA0388 Exclusive: Dangerous AI Phishing
Imagine your inbox posing as a trusted colleague—researchers say UTA0388, a China‑aligned cluster, now uses AI to craft eerily personalized, time‑sensitive spear‑phishing that steals credentials and plants stealthy, long‑term access.

Russian spies Exclusive: Dangerous VM malware on Windows
Meet Curly COMrades — a spy group that runs a tiny Alpine Linux “shadow OS” inside a hidden Hyper‑V VM on compromised Windows hosts, letting them slip past endpoint tools and quietly harvest data, credentials and long‑term access.

Invisible npm malware: Exclusive, Dangerous Token Theft
PhantomRaven quietly slipped into the npm registry, turning routine installs into token theft by harvesting credentials during install and letting attackers publish malicious updates without touching your code. One stolen token can cascade through thousands of projects—here’s why supply‑chain hygiene and MFA matter now.

New Atroposia RAT Exclusive: Dangerous Dark Web Threat
Meet Atroposia RAT: a modular, encrypted remote-access trojan on the dark web that grants attackers a stealthy, persistent foothold to harvest credentials and siphon crypto wallets. Defenders need to move beyond static hashes and rely on behavioral analytics, EDR, and tuned network telemetry to spot its evasive moves.

GhostCall Exclusive: Critical BlueNoroff Malware Reveal
Meet GhostCall — a stealthy campaign tied to BlueNoroff that weaponizes low‑profile backdoors and traffic‑manipulation to quietly harvest credentials and hijack Web3 sessions. As blockchain projects scale, GhostCall and its sibling GhostHire show how openness can be turned into an espionage-and-theft platform that technologists, policy makers and users can’t afford to ignore.

Iran’s MuddyWater: Stunning, damaging 100+ network breach
A single hijacked government mailbox became MuddyWater’s battering ram, letting Tehran-linked operators quietly harvest credentials and pivot into 100+ networks across the Middle East and North Africa. It’s a stark reminder that low-cost social engineering and trusted infrastructure can give attackers exponential reach without a single zero-day.

Iran’s MuddyWater Exclusive: Damaging 100+ Gov Hacks
MuddyWater turned one trusted inbox and a rented VPN into a battering ram against more than 100 government networks—proving social engineering beats flashy malware every time. Group‑IB’s forensic breakdown shows how stealthy credential theft and patient lateral movement bought months of access to critical diplomatic and government secrets.

MuddyWater Exclusive: Devastating 100+ Government Breach
A single compromised mailbox and an attacker-controlled VPN quietly became the battering ram for a MuddyWater espionage campaign that infiltrated more than 100 government networks across the Middle East and North Africa. Group‑IB’s analysis shows the actors used trusted email, credential harvesting, and stealthy lateral movement to maintain months-long access and siphon sensitive diplomatic and personnel data.