Tag: theft
-
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
by
in SecurityNewsEncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the development of advanced malware tools, including EncryptRAT. However, critical mistakes in their operational infrastructure have…
-
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
by
in SecurityNewsThe cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs.”The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular…
-
Retirement funds reportedly raided after unexplained portal probes and data theft
by
in SecurityNewsAustralians checking their pensions are melting down call centres and websites First seen on theregister.com Jump to article: www.theregister.com/2025/04/04/australian_retirement_funds_attacked/
-
Hunters International shifts from ransomware to pure data extortion
by
in SecurityNewsThe Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunters-international-rebrands-as-world-leaks-in-shift-to-data-extortion/
-
Oracle Disclosed Breach Of ‘Legacy’ Environment To Customers: Report
by
in SecurityNewsA breach of an Oracle ‘legacy’ environment led to the theft of log-in credentials and included a demand by the attacker for an extortion payment, according to a Bloomberg report. First seen on crn.com Jump to article: www.crn.com/news/security/2025/oracle-disclosed-breach-of-legacy-environment-to-customers-report
-
Oracle quietly admits data breach, days after lawsuit accused it of cover-up
by
in SecurityNews
Tags: access, attack, authentication, breach, cloud, compliance, credentials, crime, cve, cybersecurity, data, data-breach, endpoint, exploit, finance, fraud, hacker, identity, infrastructure, intelligence, law, oracle, resilience, risk, service, strategy, supply-chain, technology, theft, threat, vulnerabilityLawsuit challenges Oracle’s response: The reports of Oracle’s acknowledgement of the breach come just days after the company was hit with a class action lawsuit over its handling of the security breach.The lawsuit specifically addresses a major security breach discovered in March that reportedly compromised 6 million records containing sensitive authentication-related data from Oracle Cloud…
-
Hackers Exploit Stripe API for Web Skimming Card Theft on Online Stores
by
in SecurityNewsCybersecurity researchers at Jscamblers have uncovered a sophisticated web-skimming campaign targeting online retailers. The campaign utilizes a legacy… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-stripe-api-web-skimming-card-theft/
-
Hackers Exploit Stripe API for Web Skimming Card Theft on Online Stores
by
in SecurityNewsCybersecurity researchers at Jscamblers have uncovered a sophisticated web-skimming campaign targeting online retailers. The campaign utilizes a legacy… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-stripe-api-web-skimming-card-theft/
-
Oracle quietly admits data breach, days after lawsuit accused it of cover-up
by
in SecurityNews
Tags: access, attack, authentication, breach, cloud, compliance, credentials, crime, cve, cybersecurity, data, data-breach, endpoint, exploit, finance, fraud, hacker, identity, infrastructure, intelligence, law, oracle, resilience, risk, service, strategy, supply-chain, technology, theft, threat, vulnerabilityLawsuit challenges Oracle’s response: The reports of Oracle’s acknowledgement of the breach come just days after the company was hit with a class action lawsuit over its handling of the security breach.The lawsuit specifically addresses a major security breach discovered in March that reportedly compromised 6 million records containing sensitive authentication-related data from Oracle Cloud…
-
Hunters International Ransomware Gang Rebranding, Shifting Focus
by
in SecurityNewsThe notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion. The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunters-international-ransomware-gang-rebranding-shifting-focus/
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Aura or LifeLock: Who Offers Better Identity Protection in 2025?
by
in SecurityNewsThe Growing Threat of Digital Identity Theft Identity theft is a continuous online threat that lurks behind every… First seen on hackread.com Jump to article: hackread.com/aura-or-lifelock-who-offers-identity-protection-2025/
-
Crimelords at Hunters International tell lackeys ransomware too ‘risky’
by
in SecurityNewsBosses say theft now the name of the game with a shift in tactics, apparent branding First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/hunters_international_rebrand/
-
What is subdomain hijacking?
by
in SecurityNewsSubdomain hijacking is a cybersecurity risk where attackers exploit abandoned DNS records to take control of legitimate subdomains. This can lead to phishing attacks, credential theft, and malware distribution. Organizations must regularly audit DNS records, remove outdated entries, and strengthen cloud security policies to prevent these vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/what-is-subdomain-hijacking/
-
Stripe API Skimming Campaign Unveils New Techniques for Theft
by
in SecurityNewsA novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious scripts into pages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/stripe-api-skimming-campaign-new/
-
Bybit Heist Fuels Record Crypto-Theft Surge, Says CertiK
by
in SecurityNewsHackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/record-crypto-theft-certik-bybit/
-
Google fixes GCP flaw that could expose sensitive container images
by
in SecurityNewsrun.services.update and iam.serviceAccounts.actAspermissions they could modify a Cloud Run service and deploy a new revision.”In doing so, they could specify (through malicious code injection) any private container image stored in a victim’s registries, Matan added.According to a Tenable statement to CSO, an attacker could use this vulnerability for data theft or espionage in a real-world…
-
North Korea’s Fake IT Worker Scheme Sets Sights on Europe
by
in SecurityNewsGoogle has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-fake-it-worker-europe/
-
Durch Identitätsdiebstahl 1,5 Millionen Dollar von US-Stadtverwaltung gestohlen
by
in SecurityNewsComptroller: FBI investigating cyberattack, ID theft that defrauded Baltimore of $1.5M First seen on wbal.com Jump to article: www.wbal.com/comptroller-fbi-investigating-cyberattack-id-theft-that-defrauded-baltimore-city-of-1-5m
-
Check Point Responds to Hacking Claims
by
in SecurityNewsCheck Point has responded to a hacker’s claims of sensitive data theft, confirming an incident but saying that it had limited impact. The post Check Point Responds to Hacking Claims appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/check-point-responds-to-hacking-claims/
-
Infostealer malware poses potent threat despite recent takedowns
by
in SecurityNewsHow CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
Triton RAT Uses Telegram for Remote System Access and Control
by
in SecurityNewsCado Security Labs has uncovered a new Python-based Remote Access Tool (RAT) named Triton RAT, which leverages Telegram for remote system access and data exfiltration. This open-source malware, available on GitHub, is designed to execute a wide range of malicious activities, including credential theft, system control, and persistence establishment. Technical Overview Triton RAT initiates its…
-
Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure
by
in SecurityNewsRussian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructure, enabling sophisticated campaigns involving financial theft, espionage, and psychological operations. UAC-0050, linked to Russian law enforcement agencies, has transitioned to deploying NetSupport…
-
CrushFTP Vulnerability Lets Hackers Bypass Security and Seize Server Control
by
in SecurityNewsA newly disclosed authentication bypass vulnerability (CVE-2025-2825) in CrushFTP file transfer software enables attackers to gain complete control of servers without valid credentials. The vulnerability affects versions 10.0.0 through 11.3.0 of the popular enterprise file transfer solution, exposing organizations to data theft and system compromise. The Exploit: Bypassing Security in 3 Steps Security researchers have…
-
‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft
The newly identified Android banking trojan Crocodilus takes over devices, enabling overlay attacks, remote control, and keylogging. The post ‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/crocodilus-android-banking-trojan-allows-device-takeover-data-theft/
-
‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft
The newly identified Android banking trojan Crocodilus takes over devices, enabling overlay attacks, remote control, and keylogging. The post ‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/crocodilus-android-banking-trojan-allows-device-takeover-data-theft/
-
CrushFTP Vulnerability Lets Hackers Bypass Security and Seize Server Control
by
in SecurityNewsA newly disclosed authentication bypass vulnerability (CVE-2025-2825) in CrushFTP file transfer software enables attackers to gain complete control of servers without valid credentials. The vulnerability affects versions 10.0.0 through 11.3.0 of the popular enterprise file transfer solution, exposing organizations to data theft and system compromise. The Exploit: Bypassing Security in 3 Steps Security researchers have…
-
9-Year-Old NPM Crypto Package Hijacked for Information Theft
by
in SecurityNewsNearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers. The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/9-year-old-npm-crypto-package-hijacked-to-steal-information/
-
Oracle customers confirm data stolen in alleged cloud breach is valid
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/