Tag: credentials
-
Fake ‘Antivirus’ App Spreads Android Malware, Steals Banking Credentials
A fake Android antivirus app called TrustBastion is spreading malware and stealing banking credentials. Here’s how it works and how to stay protected. The post Fake ‘Antivirus’ App Spreads Android Malware, Steals Banking Credentials appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-android-antivirus-trustbastion-malware/
-
Operation DoppelBrand: Weaponizing Fortune 500 Brands
GS7 targets US financial institutions, among others, with near-perfect imitations of phishing portals to steal credentials, paving the way for remote access and other threat activity First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/operation-doppelbrand-weaponizing-fortune-500-brands
-
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/operation-doppelbrand-trusted/
-
Noodlophile Malware Authors Use Fake Job Ads and Phishing Schemes to Evolve Tactics
Hey folks in the threat”‘hunting world looks like our coverage of the Noodlophile infostealer has struck a nerve with its creators. The operators used inflated engagement metrics and fake popularity scores to lure victims into downloading malicious ZIP archives. Once executed, these payloads quietly harvested user credentials, crypto”‘wallet data, browser information, and more all exfiltrated through Telegram…
-
10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons
Tags: access, ai, application-security, attack, automation, backdoor, banking, ceo, cisco, ciso, compliance, control, credentials, crypto, cyber, cybercrime, cybersecurity, data-breach, defense, detection, endpoint, exploit, finance, fintech, firewall, framework, infrastructure, intelligence, international, malware, monitoring, network, north-korea, oracle, password, risk, service, software, theft, threat, tool, vulnerabilitySecurity shortcomings: Adrian Cheek, senior cybercrime researcher at threat exposure management firm Flare, said the Bangladesh Bank heist was possible because of a number of security shortcomings, including a failure to air gap critical infrastructure.”The Bank of Bangladesh had four servers and the same number of desktops connected to SWIFT,” Cheek says. “This infrastructure, however,…
-
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized “Ninja Browser.” The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ctm360-lumma-stealer-and-ninja-browser-malware-campaign-abusing-google-groups/
-
How to find and remove credential-stealing Chrome extensions
Researchers have uncovered 30 Chrome extensions stealing user data. Here’s how to check your browser and remove any malicious extensions step by step. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-find-and-remove-credential-stealing-chrome-extensions/
-
Brutus: Open-source credential testing tool for offensive security
Brutus is an open-source, multi-protocol credential testing tool written in pure Go. Designed to replace legacy tools that have long frustrated penetration testers with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/13/brutus-open-source-credential-testing-tool-offensive-security/
-
New ClickFix Attack Wave Targets Windows Systems to Deploy StealC Stealer
A new wave of ClickFix attacks is targeting Windows users with fake Cloudflare-style CAPTCHA verification pages that trick victims into executing malicious PowerShell commands. This campaign delivers a multi-stage, fileless infection chain that ends with StealC, a powerful information stealer capable of harvesting credentials, cryptocurrency wallets, gaming accounts, emails, and detailed system fingerprints. The operation…
-
How do Agentic AI systems ensure robust cloud security?
How Can Non-Human Identities Transform Cloud Security? Is your organization leveraging the full potential of Non-Human Identities (NHIs) to secure your cloud infrastructure? While we delve deeper into increasingly dependent on digital identities, NHIs are pivotal in shaping robust cloud security frameworks. Unlike human identities, NHIs are digital constructs that transcend traditional login credentials, encapsulating……
-
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users
Tags: banking, breach, browser, chrome, control, credentials, credit-card, data, finance, google, infrastructure, malicious, marketplace, microsoft, office, password, phishingoutlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By…
-
macOS Infostealers Fuel Growing Cybercrime Market
A growing underground market is driving sophisticated macOS infostealers that steal credentials and cryptocurrency at scale. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/macos-infostealers-fuel-growing-cybercrime-market/
-
macOS Infostealers Fuel Growing Cybercrime Market
A growing underground market is driving sophisticated macOS infostealers that steal credentials and cryptocurrency at scale. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/macos-infostealers-fuel-growing-cybercrime-market/
-
Constella Intelligence Unveils 2026 Identity Breach Report: The Industrialization of Identity
New research reveals a 1-trillion-attribute threat landscape driven by machine speed and scale, and high-density credential consolidation. LOS ALTOS, CA, February 12, 2026 “, Constella, the leader in Identity Risk Intelligence, today announced the release of its flagship 2026 Identity Breach Report. The report details a fundamental shift in the cyber threat landscape, moving from the… First…
-
Outlook add-in goes rogue and steals 4,000 credentials and payment data
The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/outlook-add-in-goes-rogue-and-steals-4000-credentials-and-payment-data/
-
1Password open sources a benchmark to stop AI agents from leaking credentials
Research has shown that some AI models can identify phishing websites with near-perfect accuracy when asked. When those same models are used as autonomous agents with access … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/1password-security-comprehension-awareness-measure-scam-ai-benchmark/
-
Fake AI Chrome extensions with 300K users steal credentials, emails
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ai-chrome-extensions-with-300k-users-steal-credentials-emails/
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
SSH Worm Exploit Detected by DShield Sensor Using Credential Stuffing and Multi-Stage Malware
A DShield honeypot sensor recently recorded a complete compromise sequence involving a self-replicating SSH worm that exploits weak passwords to spread across Linux systems. The incident highlights how poor SSH hygiene and the use of default credentials remain among the most persistent threats to Internet-connected devices. Even in 2026, attackers continue leveraging automated credential stuffing…
-
Rogue VM Linked to Muddled Libra in VMware vSphere Attack, Exposing Critical TTPs
The cybercrime group Muddled Libra (aka Scattered Spider, UNC3944). The contents of this rogue VM and activity from the attack provide valuable insight into the operational playbook of this threat actor. This single VM acted as the attackers’ beachhead, revealing a detailed, step-by-step view of how the group conducts reconnaissance, steals credentials, and moves laterally…
-
The ephemeral infrastructure paradox: Why short-lived systems need stronger identity governance
Tags: access, automation, cloud, container, credentials, data, framework, github, governance, identity, infrastructure, jobs, network, risk, service, software, toolFigure 1: Governance must move from static reviews to a continuous lifecycle of issuance, verification and automated expiration. Niranjan Kumar Sharma 1. Identity must be cryptographic We must stop relying on IP allowlists. In a world of dynamic containers, network location is a poor proxy for trust.We need to move toward cryptographic identity. Every workload…
-
What CISOs need to know about the OpenClaw security nightmare
OpenClaw exposes enterprise security gaps: The first big lesson of this whole OpenClaw situation is that enterprises need to do more to get their security fundamentals in place. Because if there are any gaps, anywhere at all, they will now be found and exploited at an unprecedented pace. In the case of OpenClaw, that means…
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
Fake CAPTCHA Attacks Exploit Key Entry Point for LummaStealer Malware
Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operators have rebuilt at scale and are again harvesting credentials, crypto wallets, and personal data worldwide. LummaStealer…
-
Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass
Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit…