credential-theft
108 articles with this tag
HIGH
HIGH
MEDIUM
MEDIUM
CRITICAL
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
MEDIUM
HIGH
CRITICAL
CRITICAL
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
HIGH
INFO
HIGH
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
MEDIUM
MEDIUM
LOW
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
HIGH
MEDIUM
HIGH
MEDIUM
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
INFO
MEDIUM
MEDIUM
CRITICAL
MEDIUM
HIGH
MEDIUM
MEDIUM
MEDIUM
MEDIUM
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
Typosquatted npm packages used to steal cloud and CI/CD secrets
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
Why some security fixes never reach your vulnerability dashboard
How Storm-2949 turned a compromised identity into a cloud-wide breach
Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them
New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know
LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
1 in 8 employees have sold company logins or know someone who has
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise
New PCPJack worm steals credentials, cleans TeamPCP infections
PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise
ClickFix Removes Your Background but Leaves the Malware
Supply chain attack against SAP npm packages facilitates credential theft
Why You Must Check Your Password Manager Immediately | THREAT WIRE
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
New npm supply-chain attack self-spreads to steal auth tokens
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
New VENOM phishing attacks steal senior executives' Microsoft logins
There are too many stories to cover! - Threat Wire
Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
Hackers exploit React2Shell in automated credential theft campaign
You Patched LiteLLM, But Do You Know Your AI Blast Radius?
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications
New DeepLoad Malware Dropped in ClickFix Attacks
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks
Venom Stealer Raises Stakes With Continuous Credential Harvesting
TeamPCP Moves From OSS to AWS Environments
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection
Breakdown: How TeamPCP hid malware inside WAV files using audio steganography
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
EmEditor Supply Chain Analysis: Why "Publisher Authorization" isn't the silver bullet we think it is
More Attackers Are Logging In, Not Breaking In
2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025
Threat Actor Targeting VPN Users in New Credential Theft Campaign
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
Fake LastPass support email threads try to steal vault passwords
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Attacker gets into France's database listing all bank accounts, makes off with 1.2 million records
Malicious Chrome extension targeting Apple App Store Connect developers through fake ASO service - full analysis
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Data breach at French bank registry impacts 1.2 million accounts
Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets
How infostealers turn stolen credentials into real identities
Data on 1.2 million French bank accounts accessed in registry breach
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Job scam uses fake Google Forms site to harvest Google logins
Red Team | Looting Credentials from Modern Browsers
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
Poland arrests suspect linked to Phobos ransomware operation
Unit 42: Nearly two-thirds of breaches now start with identity abuse
Infostealer Targets OpenClaw to Loot Victim’s Digital Life
Operation DoppelBrand: Weaponizing Fortune 500 Brands
Infostealer malware found stealing OpenClaw secrets for first time
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
Over 100 Malicious Chrome Extensions Found Stealing Session Data and Injecting Ads - Thailand Computer Emergency Response Team (ThaiCERT)
Popular Microsoft Outlook add-in hijacked to try and steal user accounts
AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials
1st malicious Outlook add-in ‘AgreeToSteal’ discovered, over 4,000 credentials stolen
Lumma Stealer: A fast-growing infostealer threat
Back to Business: Lumma Stealer Returns with Stealthier Methods
Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails
30+ Chrome extensions disguised as AI chatbots steal users' API keys, emails, other sensitive data
Outlook add-in goes rogue and steals 4,000 credentials and payment data
AMOS infostealer targets macOS through a popular AI app
Fake AI Chrome extensions with 300K users steal credentials, emails
Supply chain attacks now fuel a 'self-reinforcing' cybercrime economy
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
“Digital Parasite” Warning as Attackers Favor Stealth for Extortion
Someone's attacking SolarWinds WHD to steal high‑privilege credentials - but we don't know who or how
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
CVE-2026-2103 - Infor Syteline ERP - Keys Included: No Assembly Required
Mobile Phishing Kits Evolve to Sync with Voice Attacks
Malicious Chrome extensions can spy on your ChatGPT chats
Apple Pay phish uses fake support calls to steal payment details
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
OpenClaw reveals meaty personal information after simple cracks
Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses
Data breach at fintech firm Betterment exposes 1.4 million accounts
8-Minute Access: AI Accelerates Breach of AWS Environment
From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain
New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials
DIY AI bot farm OpenClaw is a security 'dumpster fire'
Open-source attacks move through normal development workflows
Attackers Harvest Dropbox Logins Via Fake PDF Lures
New GlassWorm attack targets macOS via compromised OpenVSX extensions
ShinyHunters-Branded Extortion Activity Expands, Escalates