stealing
-
Janela RAT: Financial Cybercrime Campaign Using Fake MSI Installers and Malicious Browser Extensions
Janela Remote Access Trojan (RAT) campaigns leverage fake Windows MSI installers and malicious browser extensions to infiltrate financial networks and…
Read More » -
China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
A threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes…
Read More » -
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Security researchers have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in…
Read More » -
Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort
German authorities have officially named one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently…
Read More » -
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
A malicious PyPI package, hermes-px, masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a…
Read More » -
Axios NPM Packages Breached in Ongoing Supply Chain Attack
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a…
Read More » -
GhostSocks Hijacks Devices as Proxy Network for Stealthy Cyberattacks
A recently identified malware strain known as GhostSocks is fundamentally altering attack tactics by transforming compromised devices into residential proxy…
Read More » -
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
A new cybercriminal service named “Leak Bazaar” has emerged on the Russian-speaking TierOne forum, advertised by user Snow of SnowTeam…
Read More » -
GhostClaw AI Malware Targets macOS Users with Credential-Stealing Payloads
GhostClaw, a multi-stage macOS infostealer, now exploits both GitHub repositories and AI-assisted development workflows to steal credentials and deploy secondary…
Read More » -
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Aqua Security’s vulnerability scanner, Trivy, faced a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, exploited prior…
Read More » -
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them…
Read More » -
Tycoon2FA Operators Resume Cloud Account Phishing Following Infrastructure Disruption
Tycoon 2FAoperators have restarted large-scale cloud account phishing just days after law enforcement and industry partners disrupted the platform’s core…
Read More » -
VoidStealer Malware Cracks Chrome’s Master Encryption Key with Novel Hardware Breakpoint Technique
An information stealer called VoidStealer employs a novel technique to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key…
Read More » -
Copyright Complaint Lures Linked to New PureLog Stealer Credential Theft Wave
Criminals are actively deploying the PureLog Stealer malware through a sophisticated, multi-stage assault campaign that disguises itself as legitimate copyright…
Read More » -
Iranian Hackers Use Compromised Cameras for Regional Surveillance
Iranian cyber operations are expanding, focusing on US organizations and utilizing internet-connected cameras across the Middle East for intelligence and…
Read More »