credential
-
Google Warns Ransomware Groups Shift to Data Theft as Profits Decline
Google is warning that ransomware gangs are reinventing their business model as traditional encryption‑for‑ransom attacks become less profitable and data‑theft…
Read More » -
Starbucks Data Breach Exposes Personal Data of Hundreds of Users
Starbucks Corporation disclosed a targeted cybersecurity incident on February 6, 2026, impacting approximately 900 employees. This breach compromised their personal…
Read More » -
Hackers Exploit CloudFlare Anti-Security to Steal Microsoft 365 Login Credentials
A recent Microsoft 365 credential harvesting campaign shows attackers exploiting CloudFlare’s protective features to shield malicious phishing sites from security…
Read More » -
AI-Driven Phishing Attacks Bypass Email Filters, Land in Inboxes
AI-generated phishing is rapidly reshaping email risk, with more attacks slipping past filters and landing directly in users’ inboxes, even…
Read More » -
Google Warns of AI‑Driven Adaptive Malware Rewriting Its Own Code
The cybersecurity landscape experienced a major shift in 2025 as threat actors transitioned from experimenting with artificial intelligence to fully…
Read More » -
UNC6426 Hackers Exploit NPM Package to Gain AWS Admin Access in 72 Hours
Attackers turned a routine NPM update into a direct path to full AWS administrator access in under 72 hours, highlighting…
Read More » -
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft
A new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a…
Read More » -
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threats
Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical…
Read More » -
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been identified in Nginx UI that permits unauthorized threat actors to download and decrypt entire…
Read More » -
Malicious Browser Add‑on Targets imToken Users’ Private Keys
Socket’s Threat Research Team has uncovered a highly deceptive Google Chrome extension designed to steal private keys and seed phrases…
Read More » -
Iranian APT Groups Intensify Cyberattacks on Critical Infrastructure Amid Rising Geopolitical Tensions
A dramatic escalation in Middle Eastern tensions began last week with Operation Lion’s Roar, a joint U.S.-Iranian military strike on…
Read More » -
New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker…
Read More » -
AuraStealer Infostealer Targeting Users with 48 C2 Domains in Ongoing Campaigns
Threat actors are actively deploying a new infostealer dubbed “AuraStealer,” backed by a growing customer base, 48 identified command‑and‑control (C2)…
Read More » -
React2Shell Vulnerability Exploited in the Wild, Analysts Warn
A critical vulnerability, known as React2Shell (CVE-2025-55182), has been discovered in React Server Components, affecting multiple React versions across the…
Read More » -
Beware of Malicious Scripts in Weaponized PDF Purchase Orders
A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate…
Read More » -
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Security researchers from Hunt.io and Acronis Threat Research Unit have made a groundbreaking discovery, uncovering a complex network of operational…
Read More »