Tag: credential theft
181 articles

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials
Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files
Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

macOS Malware Exploits User Trust to Steal Sensitive Data
Beware of a sneaky new macOS malware that tricks you into stealing your own sensitive data - all it needs is for you to paste a single command into Terminal. Dubbed ClickLock Stealer, this clever con artist has already duped at least 100 victims across 33 countries.

Spirals Ransomware Encrypts Network in Record Time
In a lightning-fast attack, the newly identified Spirals ransomware gang compromised a network and encrypted its entire system in under 24 hours, showcasing an alarming level of speed and sophistication. The attack began with a simple vulnerability - an exposed IIS server - which allowed hackers to upload a web shell and rapidly escalate their privileges.

Phishers Target LastPass, Bitwarden Users with Fake Security Alerts
Beware of fake security alerts! LastPass and Bitwarden users are being targeted by phishers with convincing emails that mimic real corporate communications, trying to trick you into visiting fraudulent websites.

MacOS Malware Exploits Legitimate Developer ID to Steal Login Credentials
Researchers at Jamf Threat Labs uncovered a sneaky new macOS malware, dubbed CrashStealer, that uses a clever disguise to steal sensitive login credentials and other personal data. This cunning malware masquerades as a legitimate Apple component to quietly harvest its victims' information.

Infostealer Infection Enables Argentine FA Breach
A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.

Malicious SDKs Target Paysafe, Skrill Users with Credential Theft
Beware of malicious software development kits (SDKs) masquerading as legitimate Paysafe, Skrill, and Neteller tools, designed to secretly steal your credentials. Researchers uncovered 17 fake packages on popular platforms, putting users at risk of credential theft.

Cyberattackers Deploy Vidar Infostealer in Global Monero Mining Campaign
Cybercriminals are running a sneaky double game, using Vidar Infostealer to steal sensitive info and hijack computers to mine Monero cryptocurrency, all while selling stolen credentials on the dark web. This global campaign, targeting consumers and small businesses, is a potent reminder to stay vigilant online.

Cloud Worm CAI Disrupts Rivals, Steals Secrets and Mines Crypto
Meet CAI, a malicious botnet that's disrupting rival operations, swiping sensitive secrets, and mining cryptocurrency - all while eliminating competing malware to maintain its grip on compromised targets. This centralized worm is a powerhouse of credential theft and cryptomining, making it a force to be reckoned with.

Phishing Campaign Targets Google Accounts with Fake Job Interviews
Beware of fake job interviews that could be phishing scams! A clever new campaign is targeting marketing pros with emails that appear to be from recruiters, aiming to trick them into handing over their Google account credentials.

Ransomware Gang Exploits Supply Chain Attacks in New Partnership
Ransomware gangs are now operating like businesses, forming partnerships to supercharge their attacks - and a new alliance between Vect and TeamPCP is a prime example, combining massive credential theft with devastating ransomware-as-a-service operations. This unprecedented pairing puts organizations directly in the crosshairs.

Ransomware Groups Exploit Citrix Bleed 2 in Supply Chain Attacks
Ransomware groups are exploiting the Citrix Bleed 2 vulnerability to launch devastating supply chain attacks, using legitimate remote access tools to spread their reach. This critical flaw has already been linked to multiple ransomware families, including Anubis, which has claimed 91 victims so far.

FortiBleed Campaign Tied to Lynx Ransomware Operators
Researchers uncovered a massive credential-theft operation, dubbed FortiBleed, which exposed over 73,000 Fortinet device credentials and was surprisingly linked to active ransomware negotiation panels. This shocking discovery offers a rare glimpse into the tactics of threat actors.

AI Browsers Exposed to Credential-Leaking BioShocking Attack
A shocking new attack has been discovered that can trick AI browsers and assistants into leaking sensitive user credentials, with six popular agents already proven vulnerable. This sneaky tactic, called BioShocking, uses a clever game-like approach to bypass safety protocols and get agents to cough up personal info.

Microsoft Disrupts StegoAd Malware Operation in Edge Extensions
Microsoft cracked down on a sneaky malware operation called StegoAd, which had infected up to 2.6 million installs across 119 Edge extensions with hidden code that lay dormant for days before stealing credentials and committing ad fraud. The cleverly concealed code was tucked away in ordinary image and font files, making it a challenge to detect.

Law Enforcement Disrupts Amadey Malware Network, Recovers 27M Stolen Credentials
In a major cybercrime crackdown, international law enforcement agencies and private sector partners joined forces to dismantle the Amadey malware network, recovering a staggering 27 million stolen login credentials. This huge blow to cybercriminals was delivered between June 15-19, 2026, as part of Operation Endgame.

Researchers Expose AI Browser Vulnerability to Credential Theft
Imagine a simple game trick that could convince AI-powered browsers to hand over your login credentials - a vulnerability researchers have now exposed, leaving users at risk. By creating a malicious web page that changes an AI agent's sense of reality, hackers can bypass safety guardrails and gain access to sensitive information.

Algerian Man Charged with Running Cybercrime Marketplaces
Meet the Algerian man behind a daring cybercrime scheme that swindled hundreds of thousands of dollars from thousands of victims - all from the safety of his anonymous online hideout. He allegedly ran two illicit marketplaces, selling stolen bank account and credit card numbers, phishing kits, and other tools of financial fraud.

NCSC Warns Fortinet Customers of Credential Theft Fallout
A massive database of 75,000 stolen credentials, including usernames, email addresses, and passwords, has been discovered, putting organisations like Oracle, Spotify, and AT&T at risk. The leak, dubbed "FortiBleed," affects customers in 194 countries and over 21,000 domains, with nearly half of all internet-accessible Fortinet firewalls potentially exposed.

Fortinet Firewalls Compromised in Massive Password-Stealing Attack
A massive password-stealing attack has compromised around 75,000 Fortinet firewall devices, putting credentials of major corporations across 194 countries at risk and leaving a trail of full network compromises in its wake. The breach, dubbed FortiBleed, has created a verified database of working credentials for some of the world's largest enterprises, threatening nearly every sector of the global economy.

FortiBleed Exposes 73,000 Fortinet VPN Credentials Worldwide
A massive security breach has exposed a whopping 73,000 Fortinet VPN credentials worldwide, putting tens of thousands of firewall endpoints at risk, including those of major companies like Chevron, Samsung, and Mercedes-Benz. The alarming leak, discovered by security researcher Bob Diachenko, contains sensitive information like usernames, email addresses, and plaintext passwords.

Dark Web Exposes Early Warning Signs of Supply-Chain Attacks
Attackers are quietly buying and selling access to trusted integrations, developer accounts, and unattended credentials on the dark web, revealing early warning signs of supply-chain attacks. Monitoring underground forums for these subtle signals can help flag potential risks long before a breach makes headlines.

Cyberattacks Expose AI Agents' Vulnerability to Phishing Risks
A staggering 3.3 billion identity records are now circulating on illicit markets, thanks to a whopping 11.1 million devices infected with infostealers last year - a digital threat landscape that's more vulnerable than ever. This alarming trend highlights the urgent need for robust protection against AI agents' vulnerability to phishing risks.