tokens

June 16, 2025

Katz Stealer Boosts Credential Theft with System Fingerprinting and Persistence Mechanisms

The emergence of Katz Stealer, a sophisticated information-stealing malware-as-a-service (MaaS) that is redefining the boundaries of credential theft. First detected…
Read More »
June 15, 2025

Developers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens

A sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth…
Read More »
June 12, 2025

Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware

Security researchers have uncovered a sophisticated malware campaign exploiting a little-known flaw in Discord’s invitation system, enabling cybercriminals to hijack…
Read More »
June 10, 2025

Google Vulnerability Allowed Hackers to Access User Phone Numbers

A security researcher has disclosed a critical vulnerability in Google’s account recovery system that allowed attackers to brute-force and obtain…
Read More »
June 6, 2025

New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers

A newly identified information-stealing malware, crafted in the Rust programming language, has emerged as a significant threat to users of…
Read More »
June 6, 2025

New Chaos RAT Targets Linux and Windows Users to Steal Sensitive Data

A new wave of cyber threats has emerged with the discovery of updated variants of Chaos RAT, a notorious open-source…
Read More »
May 31, 2025

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575,…
Read More »
May 23, 2025

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity…
Read More »
May 16, 2025

Jenkins Released Security Updates – Multiple Vulnerabilities Fixed That Allow Attackers to Exploit CI/CD Pipelines

Jenkins, the widely used automation server for CI/CD pipelines, has released a critical security advisory addressing several vulnerabilities in popular…
Read More »
May 13, 2025

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has evolved with sophisticated PowerShell tools…
Read More »
May 11, 2025

Critical Azure and Power Apps Vulnerabilities Allow Privilege Escalation for Attackers

Microsoft has patched four critical security vulnerabilities affecting its Azure cloud services and Power Apps platform that could allow attackers…
Read More »
May 9, 2025

Cyberattackers Targeting IT Help Desks for Initial Breach

Cybercriminals are increasingly impersonating IT support personnel and trusted authorities to manipulate victims into granting access to critical systems, according…
Read More »
May 9, 2025

Hackers Exploit Host Header Injection to Breach Web Applications

Cybersecurity researchers have reported a significant rise in web breaches triggered by a lesser-known technique: Host Header Injection. This sophisticated…
Read More »
May 8, 2025

Ubiquiti UniFi Protect Camera Vulnerability Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score of 10.0-could allow attackers to hijack…
Read More »
May 1, 2025

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace’s Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been exploiting legitimate Software-as-a-Service (SaaS) platforms like…
Read More »
April 28, 2025

Advanced Multi-Stage Carding Attack Hits Magento Site Using Fake GIFs and Reverse Proxy Malware

A multi-stage carding attack has been uncovered targeting a Magento eCommerce website running an outdated version 1.9.2.4. This version, unsupported…
Read More »
April 27, 2025

Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware

The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced infostealers targeting global gaming communities. Documented…
Read More »
February 28, 2025

New Pass-the-Cookie Attacks Bypass MFA, Giving Hackers Full Account Access

Multi-factor authentication (MFA), long considered a cornerstone of cybersecurity defense, is facing a formidable new threat: “Pass-the-Cookie” attacks. Recent findings reveal…
Read More »
February 27, 2025

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications

The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been identified leveraging legitimate cloud services…
Read More »
February 22, 2025

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing attackers to extract private keys used…
Read More »

Previous page Next page