Tag: credentialstuffing
16 articles

Google Exclusive: Gmail Breach Claims Overblown
Headlines claiming 183 million Gmail accounts were hacked sparked panic, but Google says the scare is overblown. Security experts say the list is mostly recycled, aggregated credentials from older leaks—still risky for reused passwords, but not proof of a fresh Gmail-wide breach.

Jingle Thief Exclusive: Hackers Devastate Gift Cards
Exclusive: Hackers are turning gift cards into easy targets—our deep dive reveals how gift card fraud works, who’s at risk, and simple steps to protect your balance.

data breaches: Stunning, Alarming Q3 — 23M Victims
Over 23 million people had personal data exposed in Q3, according to the ITRC — a wake-up call that privacy can’t be an afterthought as breaches across sectors put identities, finances and long-term security at risk.

WordPress themes and plugins: Risky Must-Have Fix
A routine verification prompt can hide a dangerous trap: attackers are hijacking WordPress themes and plugins to inject stealthy JavaScript that redirects visitors to convincing phishing pages. Keep themes and plugins updated, use strong admin controls and a WAF, and vet all extensions to stop these silent, high-impact compromises before they spread.

credential stuffing: Risky Scourge, Must-Have Defenses
Think one reused password can’t hurt? A £2.31m fine proves it can — credential stuffing uses recycled logins and bots to drain money, steal data and wreck trust, and regulators are now forcing companies to adopt MFA, breached-password checks and smarter anti-bot defenses.

Gucci and Alexander McQueen: Exclusive Risky Data Breach
Luxury shoppers were jolted this week after a reported breach tied to ShinyHunters exposed millions of email addresses linked to Gucci and Alexander McQueen. Change your passwords, enable MFA, and watch for phishing while the brands investigate and disclose what was taken.

API security: Must-Have Defenses Against Risky Breaches
Thales’ report of 40,000+ API incidents in H1 2025 shows APIs have gone from a niche technical risk to a boardroom emergency — attackers are automating probes, scraping data and abusing business logic at scale. Now’s the moment to move API security from a checkbox to a strategic priority with discovery, fine‑grained auth, rate limiting and runtime protection.

unauthorized access incident: Stunning Risk — Act Now
Ugh — Plex warned of another password exposure. If you got notified, reset your password, enable MFA, and review connected devices right away.

password managers Must-Have Best Defense After 16B Leak
Imagine waking up to find every password you’ve ever used dumped online — that’s the reality of a 16 billion credential leak, and businesses can’t afford to rely on reused passwords. Adopt enterprise password managers, enforce strong MFA, and harden identity controls now before attackers turn those lists into breaches.

multifactor authentication Risky Crisis, Must-Have Fix
Login attacks are skyrocketing, and the identity systems we trust—from MFA to identity providers—are under siege, eroding confidence and leaving security teams scrambling. Rebuilding trust will take pragmatic steps like phased passkey rollouts, phishing‑resistant methods, and smarter help‑desk controls that balance security with usability.

VPS-based attacks: Critical Guide to Risky Threats
Attackers are increasingly using rented VPS hosts to make their logins look like legitimate data-center traffic, blurring the line between customer and criminal. SaaS teams and users need stronger passwords, phishing-resistant MFA, and behavior-based authentication to stop stealthy account takeovers.

CRM platform Risky Breach: Stunning Contact Exposure
Workday says its core systems were untouched, but a third-party CRM was breached — exposing business contacts that could fuel phishing, BEC and credential-stuffing attacks. Treat contact data as compromised: tighten MFA, audit integrations, and warn teams to watch for targeted social engineering.

government email credentials: Exclusive Risky Threat
Imagine someone buying access to a government inbox for less than the price of dinner — and using it to intercept investigations, impersonate officials, or fuel disinformation. With law-enforcement emails reportedly selling for about $40 on underground markets, stronger credential hygiene, MFA, and coordinated policy action aren’t optional — they’re urgent.

FortiSIEM vulnerability: Critical, Urgent Must-Fix
A critical FortiSIEM vulnerability now has working exploit code circulating, and defenders are seeing a sharp spike in automated scanning and brute‑force attacks against exposed devices. If you manage FortiSIEM, patch or apply Fortinet’s mitigations immediately, isolate internet‑facing appliances, and rotate credentials to stay ahead of opportunistic attackers.

APT28 LameHug: Exclusive Risky AI Threat Warning
MITRE’s take on APT28’s LameHug at Black Hat is a wake-up call: while crude now, this testbed shows how AI and automation could quickly turn basic tools into powerful cyber weapons. Defenders, policymakers, and everyday users should sharpen defenses and share intel now—before experiments like this graduate into routine attacks.

ShinyHunters cybercrime group: Critical Exclusive Threat
When your bank calls about a transaction you didn’t make, it’s a stark reminder that the ShinyHunters cybercrime group is now homing in on banks, fintechs and their vendors to harvest credentials and personal data for large-scale fraud. Institutions must act fast—tightening credential defenses, shoring up vendor security, and boosting detection—to protect customers, reputation and regulatory standing.