Skip to main content

Tag: credentialharvesting

36 articles

Kimwolf Botnet: Exclusive Warning on Dangerous Local Threat

Kimwolf Botnet: Exclusive Warning on Dangerous Local Threat

The Kimwolf botnet is quietly hijacking routers and management consoles to turn whole local networks into persistent, hard-to-detect attack platforms. If you haven’t checked firmware, disabled remote admin, or changed default credentials lately, now’s the time—this is an active, targeted campaign.

Analyst 207
New Android Albiriox Malware Exclusive: Dangerous Surge

New Android Albiriox Malware Exclusive: Dangerous Surge

Albiriox malware is being sold like a subscription, turning smartphones into turnkey crime tools that give even novice operators remote takeover, credential harvesting, and live‑fraud capabilities. That MaaS model lowers the bar for attackers and creates an industrialized path from infection to immediate theft that security teams and users now must reckon with.

Analyst 207
ClickFix Phishing Exclusive: Critical Hotel Malware Alert

ClickFix Phishing Exclusive: Critical Hotel Malware Alert

Imagine a routine support ticket that silently installs malware—attackers are using ClickFix‑style pages sent from compromised hotel emails to steal credentials or drop remote‑access tools like PureRAT. Be cautious: don’t paste commands or log in from unexpected support links—verify the sender and the page first.

Analyst 207
Gootloader malware: Exclusive alert on Dangerous Ransomware

Gootloader malware: Exclusive alert on Dangerous Ransomware

Gootloader malware is back — a JavaScript loader that can turn a single click into a full domain takeover in roughly 17 hours. Learn how its stealthy delivery and lightning-fast lateral movement make fast, modern defenses essential.

Analyst 207
Iran’s MuddyWater Exclusive: Alarming Breach Hits 100+ Govt

Iran’s MuddyWater Exclusive: Alarming Breach Hits 100+ Govt

Using one compromised mailbox and a rented VPN, MuddyWater quietly slipped into over 100 government networks across the Middle East and North Africa; its a sobering reminder that cheap, old-school tradecraft—phishing, account takeovers, and credential theft—still outsmarts defenders chasing flashy exploits.

Analyst 207
TP-Link VPN Routers: Exclusive Critical Flaws Exposed

TP-Link VPN Routers: Exclusive Critical Flaws Exposed

Think your TP‑Link VPN router is protecting your network? New Forescout research reveals critical flaws that can let attackers intercept traffic and maintain persistent access—update firmware, disable WAN management, and change default credentials now.

Analyst 207
ToolShell Gains Traction as Public App Exploits Surge

ToolShell Gains Traction as Public App Exploits Surge

When did a routine update become a battleground? ToolShell has quietly moved from niche reconnaissance to a go‑to exploit chain that turns public apps into launchpads for credential theft, lateral movement and ransomware — a wake‑up call that exposed services and slow patching can let attackers topple whole networks.

Analyst 207
Iran-linked MuddyWater Breach Hits 100+ Government Networks

Iran-linked MuddyWater Breach Hits 100+ Government Networks

How did one compromised mailbox become a battering ram against more than 100 government networks? Researchers say Iran-linked MuddyWater used a hijacked account and its own VPN to send convincing phishing across the Middle East and North Africa, quietly stealing credentials and siphoning sensitive intelligence — a reminder that simple, trusted tools can inflict huge damage.

Analyst 207
Self-Replicating Worm Infiltrates 180+ Software Packages

Self-Replicating Worm Infiltrates 180+ Software Packages

The packages you trust might be betraying you: researchers found a self‑replicating worm in 187+ NPM modules that steals developer tokens, posts them publicly, and uses those leaked credentials to replicate—turning routine installs into a spreading infection.

Analyst 207
NoRobot malware: Exclusive Dangerous Threat

NoRobot malware: Exclusive Dangerous Threat

When LostKeys was exposed this spring, Coldriver didn’t fold — they reinvented, rolling out a lean, modular strain called NoRobot that sneaks past signatures, steals credentials, and blends into normal traffic. Defenders now need behavior-based detection, stronger identity controls like MFA, and faster threat-sharing to keep up with this smarter, stealthier pivot.

Analyst 207
three new malware families: Exclusive Critical Threat

three new malware families: Exclusive Critical Threat

Heads-up: Google TAG says Russia-linked COLDRIVER has churned out three new malware families and is retooling them within days—an accelerated development pace that makes signature-based defenses brittle and raises the urgency for MFA, behavior-based EDR, and proactive threat hunting.

Analyst 207
phishing emails: Urgent Warning—Must-Have Best Tips

phishing emails: Urgent Warning—Must-Have Best Tips

Don’t panic — LastPass says it wasn’t hacked; those alarming emails are a phishing scam. Pause, verify updates through the official app or website, and report any suspicious messages.

Analyst 207
Payroll Pirate Crew: Exclusive Risky Threat to Campuses

Payroll Pirate Crew: Exclusive Risky Threat to Campuses

Microsoft warns a cybercriminal group dubbed the Payroll Pirate Crew is targeting U.S. universities with phishing attacks that hijack HR systems to quietly reroute paychecks, leaving staff suddenly unpaid and campuses scrambling. Universities should tighten MFA, limit admin privileges, and require out‑of‑band verification for bank‑detail changes to protect employees and reputations.

Analyst 207
malicious npm packages: Stunning Critical Threat Revealed

malicious npm packages: Stunning Critical Threat Revealed

Researchers uncovered Beamglea — 175 malicious npm packages downloaded about 26,000 times — that quietly hosted credential‑harvesting phishing campaigns against 135+ organizations, a stark reminder that the convenience of open-source packages can become a gateway for large‑scale theft.

Analyst 207
NET malware Dangerous: Exclusive Phantom Taurus Threat

NET malware Dangerous: Exclusive Phantom Taurus Threat

A Beijing-linked group dubbed Phantom Taurus is quietly using custom .NET malware to hunt credentials and siphon sensitive files from government web servers across Asia, Africa and the Middle East — a sharp reminder that everyday frameworks can hide serious threats. Defenders should harden .NET apps, tighten logging and MFA, and share indicators fast to turn the tables before secrets slip away.

Analyst 207
Vietnam-linked phishing campaign: Dangerous, Stunning Shift

Vietnam-linked phishing campaign: Dangerous, Stunning Shift

A Vietnam-linked phishing campaign has quietly upgraded from a Python infostealer to PureRAT, turning quick credential grabs into hands-on, persistent intrusions that can enable live data theft and lateral movement. Defenders should shift from signature hunting to behavior-based EDR, network telemetry, and stronger email and access controls to stop these more dangerous, interactive attacks.

Analyst 207
Torn rope bridge over misty chasm with broken links and laptop screen in foreground, amidst glowing circuitry patterns.

Nimbus Manticore: Exclusive Risky Supply-Chain Threat

A stealthy, Iran-linked cyber actor called Nimbus Manticore is quietly shifting from remote spying to targeting European aerospace, telecom and defense suppliers — and its patient, surgical intrusions threaten intellectual property, supply chains and national security unless industry and governments boost defenses and share threats quickly.

Analyst 207
phishing-as-a-service: Stunning Risky Surge

phishing-as-a-service: Stunning Risky Surge

Phishing-as-a-service has exploded into a business — Netcraft found over 17,500 phishing domains spoofing 316 brands — turning credential theft into an off‑the‑shelf operation. Security teams and policymakers must act fast: harden authentication, automate detection, and disrupt the cross‑border plumbing that powers these disposable scams.

Analyst 207
fake CAPTCHA pages: Exclusive Dangerous AI Phishing Threat

fake CAPTCHA pages: Exclusive Dangerous AI Phishing Threat

Think twice before clicking that checkbox — attackers are using AI to spin up lifelike fake CAPTCHAs that harvest credentials and turn a trusted security step into an easy phishing trap.

Analyst 207
RaccoonO365 Disrupted: Critical, Must-Have Security Win

RaccoonO365 Disrupted: Critical, Must-Have Security Win

Microsoft just dismantled RaccoonO365, seizing 338 fake login sites that had harvested at least 5,000 Microsoft credentials — a big win that cuts off a major phishing operation and a wake-up call to harden your accounts.

Analyst 207
malicious bundlejs: Stunning Devastating npm Alert

malicious bundlejs: Stunning Devastating npm Alert

Over 40 npm packages were quietly republished with an injected bundle.js that steals credentials, turning trusted modules into stealthy supply‑chain lures. Lock down maintainer accounts, enable MFA and artifact signing, and scan for unexpected postinstall scripts to stop this kind of attack.

Analyst 207
phishing-as-a-service: Stunning Risky Threat

phishing-as-a-service: Stunning Risky Threat

Think a thief who never touches the lock — VoidProxy is a phishing-as-a-service that intercepts live logins, relays MFA and session tokens in real time, and lets attackers quietly hijack Microsoft and Google accounts. Learn why layered defenses, hardware-backed keys, and session risk detection are now essential to stop these fast, stealthy takeovers.

Analyst 207
ConnectWise ScreenConnect Risky Exploit: Stunning AsyncRAT

ConnectWise ScreenConnect Risky Exploit: Stunning AsyncRAT

Imagine your trusted remote-admin tool becoming the very doorway attackers use to steal credentials and siphon crypto—researchers found ConnectWise ScreenConnect sessions abused to run a fleshless, in-memory VBScript loader that dropped AsyncRAT to harvest keys, keystrokes, and wallets. Harden RMM access, monitor session scripts, and assume compromise—because when legitimate tooling is weaponized, detection needs to get smarter fast.

Analyst 207
npm packages Must-Have Defense Against Risky Attacks

npm packages Must-Have Defense Against Risky Attacks

Attackers briefly pushed trojanized npm releases that spread fast through the cloud, mined only pennies, and left security teams scrambling to contain and remediate. It’s a wake‑up call: package convenience comes with real supply‑chain risk, so tighten controls, pin dependencies, and treat dependencies as first‑class security assets.

Analyst 207