Skip to main content

Tag: credential theft

181 articles

Dimly lit server room with rows of racked servers and networking gear.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials

Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

Analyst 207
Office setting with laptop showing Microsoft 365 interface and scattered papers.

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files

Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

Analyst 207
Person working on laptop in cozy setting with Terminal window open.

macOS Malware Exploits User Trust to Steal Sensitive Data

Beware of a sneaky new macOS malware that tricks you into stealing your own sensitive data - all it needs is for you to paste a single command into Terminal. Dubbed ClickLock Stealer, this clever con artist has already duped at least 100 victims across 33 countries.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit corporate server room.

Spirals Ransomware Encrypts Network in Record Time

In a lightning-fast attack, the newly identified Spirals ransomware gang compromised a network and encrypted its entire system in under 24 hours, showcasing an alarming level of speed and sophistication. The attack began with a simple vulnerability - an exposed IIS server - which allowed hackers to upload a web shell and rapidly escalate their privileges.

Analyst 207
Person looks concerned while examining a laptop screen with a fake security alert.

Phishers Target LastPass, Bitwarden Users with Fake Security Alerts

Beware of fake security alerts! LastPass and Bitwarden users are being targeted by phishers with convincing emails that mimic real corporate communications, trying to trick you into visiting fraudulent websites.

Analyst 207
Cluttered home office desk with Mac computer and software on screen.

MacOS Malware Exploits Legitimate Developer ID to Steal Login Credentials

Researchers at Jamf Threat Labs uncovered a sneaky new macOS malware, dubbed CrashStealer, that uses a clever disguise to steal sensitive login credentials and other personal data. This cunning malware masquerades as a legitimate Apple component to quietly harvest its victims' information.

Analyst 207
Brightly-lit sports facility with subtle computer hint, and staff in background.

Infostealer Infection Enables Argentine FA Breach

A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.

Analyst 207
Developer workstation with laptop and coding items, hinting at vulnerability with faint shadow and ajar window.

Malicious SDKs Target Paysafe, Skrill Users with Credential Theft

Beware of malicious software development kits (SDKs) masquerading as legitimate Paysafe, Skrill, and Neteller tools, designed to secretly steal your credentials. Researchers uncovered 17 fake packages on popular platforms, putting users at risk of credential theft.

Analyst 207
Ordinary office workspace with computers and monitors on desks, hinting at a global cyberattack.

Cyberattackers Deploy Vidar Infostealer in Global Monero Mining Campaign

Cybercriminals are running a sneaky double game, using Vidar Infostealer to steal sensitive info and hijack computers to mine Monero cryptocurrency, all while selling stolen credentials on the dark web. This global campaign, targeting consumers and small businesses, is a potent reminder to stay vigilant online.

Analyst 207
Dimly lit server room with rows of computer servers and networking equipment in disarray.

Cloud Worm CAI Disrupts Rivals, Steals Secrets and Mines Crypto

Meet CAI, a malicious botnet that's disrupting rival operations, swiping sensitive secrets, and mining cryptocurrency - all while eliminating competing malware to maintain its grip on compromised targets. This centralized worm is a powerhouse of credential theft and cryptomining, making it a force to be reckoned with.

Analyst 207
Marketing professional looks concerned, holding smartphone amidst papers and laptop.

Phishing Campaign Targets Google Accounts with Fake Job Interviews

Beware of fake job interviews that could be phishing scams! A clever new campaign is targeting marketing pros with emails that appear to be from recruiters, aiming to trick them into handing over their Google account credentials.

Analyst 207
Cramped warehouse storage area with industrial computer equipment and tangled cables.

Ransomware Gang Exploits Supply Chain Attacks in New Partnership

Ransomware gangs are now operating like businesses, forming partnerships to supercharge their attacks - and a new alliance between Vect and TeamPCP is a prime example, combining massive credential theft with devastating ransomware-as-a-service operations. This unprecedented pairing puts organizations directly in the crosshairs.

Analyst 207
Rows of computer servers, routers, and equipment in a brightly-lit network operations area.

Ransomware Groups Exploit Citrix Bleed 2 in Supply Chain Attacks

Ransomware groups are exploiting the Citrix Bleed 2 vulnerability to launch devastating supply chain attacks, using legitimate remote access tools to spread their reach. This critical flaw has already been linked to multiple ransomware families, including Anubis, which has claimed 91 victims so far.

Analyst 207
Rows of rack-mounted servers and equipment in a brightly-lit server room or data center interior.

FortiBleed Campaign Tied to Lynx Ransomware Operators

Researchers uncovered a massive credential-theft operation, dubbed FortiBleed, which exposed over 73,000 Fortinet device credentials and was surprisingly linked to active ransomware negotiation panels. This shocking discovery offers a rare glimpse into the tactics of threat actors.

Analyst 207
Laptop screen displays colorful webpage in brightly-lit coffee shop setting.

AI Browsers Exposed to Credential-Leaking BioShocking Attack

A shocking new attack has been discovered that can trick AI browsers and assistants into leaking sensitive user credentials, with six popular agents already proven vulnerable. This sneaky tactic, called BioShocking, uses a clever game-like approach to bypass safety protocols and get agents to cough up personal info.

Analyst 207
Browser extension icon on a computer screen with abstract code in the background.

Microsoft Disrupts StegoAd Malware Operation in Edge Extensions

Microsoft cracked down on a sneaky malware operation called StegoAd, which had infected up to 2.6 million installs across 119 Edge extensions with hidden code that lay dormant for days before stealing credentials and committing ad fraud. The cleverly concealed code was tucked away in ordinary image and font files, making it a challenge to detect.

Analyst 207
Law enforcement officials from various countries gather around a console in a brightly-lit room.

Law Enforcement Disrupts Amadey Malware Network, Recovers 27M Stolen Credentials

In a major cybercrime crackdown, international law enforcement agencies and private sector partners joined forces to dismantle the Amadey malware network, recovering a staggering 27 million stolen login credentials. This huge blow to cybercriminals was delivered between June 15-19, 2026, as part of Operation Endgame.

Analyst 207
Person sitting at desk with laptop and puzzle piece, testing vulnerability in office setting.

Researchers Expose AI Browser Vulnerability to Credential Theft

Imagine a simple game trick that could convince AI-powered browsers to hand over your login credentials - a vulnerability researchers have now exposed, leaving users at risk. By creating a malicious web page that changes an AI agent's sense of reality, hackers can bypass safety guardrails and gain access to sensitive information.

Analyst 207
Dark laptop on a cluttered surface with scattered papers and coins, cityscape visible through a large window in the…

Algerian Man Charged with Running Cybercrime Marketplaces

Meet the Algerian man behind a daring cybercrime scheme that swindled hundreds of thousands of dollars from thousands of victims - all from the safety of his anonymous online hideout. He allegedly ran two illicit marketplaces, selling stolen bank account and credit card numbers, phishing kits, and other tools of financial fraud.

Analyst 207
Corporate headquarters with subtle hints of vulnerability and a blank computer screen.

NCSC Warns Fortinet Customers of Credential Theft Fallout

A massive database of 75,000 stolen credentials, including usernames, email addresses, and passwords, has been discovered, putting organisations like Oracle, Spotify, and AT&T at risk. The leak, dubbed "FortiBleed," affects customers in 194 countries and over 21,000 domains, with nearly half of all internet-accessible Fortinet firewalls potentially exposed.

Analyst 207
Network equipment and servers in a server room with blinking lights and laptop screens in the foreground.

Fortinet Firewalls Compromised in Massive Password-Stealing Attack

A massive password-stealing attack has compromised around 75,000 Fortinet firewall devices, putting credentials of major corporations across 194 countries at risk and leaving a trail of full network compromises in its wake. The breach, dubbed FortiBleed, has created a verified database of working credentials for some of the world's largest enterprises, threatening nearly every sector of the global economy.

Analyst 207
Rows of equipment racks and networking gear in a brightly-lit server room.

FortiBleed Exposes 73,000 Fortinet VPN Credentials Worldwide

A massive security breach has exposed a whopping 73,000 Fortinet VPN credentials worldwide, putting tens of thousands of firewall endpoints at risk, including those of major companies like Chevron, Samsung, and Mercedes-Benz. The alarming leak, discovered by security researcher Bob Diachenko, contains sensitive information like usernames, email addresses, and plaintext passwords.

Analyst 207
Dimly lit, cluttered table with scattered computers and laptops in a cramped underground setting.

Dark Web Exposes Early Warning Signs of Supply-Chain Attacks

Attackers are quietly buying and selling access to trusted integrations, developer accounts, and unattended credentials on the dark web, revealing early warning signs of supply-chain attacks. Monitoring underground forums for these subtle signals can help flag potential risks long before a breach makes headlines.

Analyst 207
Darkened underground digital marketplace with rows of screens displaying abstract data.

Cyberattacks Expose AI Agents' Vulnerability to Phishing Risks

A staggering 3.3 billion identity records are now circulating on illicit markets, thanks to a whopping 11.1 million devices infected with infostealers last year - a digital threat landscape that's more vulnerable than ever. This alarming trend highlights the urgent need for robust protection against AI agents' vulnerability to phishing risks.

Analyst 207