CREDENTIAL Archives - Page 2 of 106 - Cybersecurity News Everyday

Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks

The Socket research team uncovered a malicious Python package named disgrasya on PyPI, designed to automate carding attacks against WooCommerce stores using CyberSource as a payment gateway. This openly malicious tool facilitates the testing of stolen credit card numbers, allowing low-skilled fraudsters to simulate transactions without raising fraud detection alarms.…

Cyber Security News

Cisco warns of CSLU backdoor admin account used in attacks

April 2, 2025 BleepingComputer

Summary: Cisco has issued a warning regarding a critical vulnerability (CVE-2024-20439) in its Smart Licensing Utility (CSLU) that exposes a backdoor admin account, allowing unauthenticated attackers to gain remote admin access to vulnerable systems. This flaw, which was patched in September, is being actively exploited in conjunction with another vulnerability (CVE-2024-20440) to access sensitive data.…

Cyber Security News

Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log

April 2, 2025 admin

Summary: A massive data breach has exposed 144GB of sensitive information from Royal Mail Group, including personally identifiable information and internal documents, linked to a previous compromise at a third-party service provider, Spectos. The breach, carried out by the threat actor “GHNA,” echoes a recent breach involving Samsung, highlighting a concerning trend in supply chain vulnerabilities exacerbated by AI technologies.…

Threat Research

Decoding Fake US ESTA Emails: Scam or Real Deal?

April 2, 2025April 2, 2025 Securonix

The Cofense Phishing Defense Center has reported an increase in phishing emails masquerading as communications from US Customs and Border Protection regarding the Electronic System for Travel Authorization (ESTA). These emails create urgency and fear to trick users into providing personal information through a fraudulent website.…

Cyber Security News

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

April 2, 2025 CybersecurityNews

Summary: A new phishing-as-a-service platform, Lucid, has emerged, targeting 169 entities across 88 countries through advanced smishing techniques. Utilizing Apple iMessage and RCS, Lucid bypasses traditional anti-phishing measures, enabling significant increases in phishing success rates. This sophisticated model threatens financial security as it focuses primarily on harvesting credit card information and personally identifiable information (PII).…

Threat Research

DPRK IT Workers Expanding in Scope and Scale

April 2, 2025 GoogleCloudIntel

The Democratic People’s Republic of Korea (DPRK) IT workers have expanded their operations internationally, particularly in Europe, targeting sectors such as defense and government. These workers utilize sophisticated tactics, including deception and extortion, to infiltrate companies. Their activities pose significant risks, including data theft and espionage, emphasizing the need for increased vigilance by affected organizations.…

Threat Research

Salvador Stealer: New Android Malware That Phishes Banking Details & OTPs

April 2, 2025 AnyRun

The report discusses Salvador Stealer, a new Android malware posing as a banking application to steal sensitive user data, such as banking credentials and personal information. The malware employs phishing techniques and has multiple methods for exfiltrating data, including SMS interception and real-time communication with a Command and Control (C2) server via Telegram.…

Threat Research

Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon

April 2, 2025 Unit42

Researchers from Unit 42 have identified a rise in sophisticated phishing tactics that leverage QR codes and URL redirection to compromise user credentials. These methods obscure the true destination of phishing links, making it easier for attackers to deceive victims, particularly in sectors such as medical, automotive, education, energy, and finance.…

Cyber Security News

Apple backports zero-day patches to older iPhones and Macs

April 1, 2025 BleepingComputer

Summary: Apple has released security updates for older and latest versions of its operating systems, backporting fixes for actively exploited zero-day vulnerabilities. These updates address critical flaws discovered by researchers, enhancing the security of iOS, iPadOS, macOS, and Safari. Users are urged to apply these updates promptly to protect against potential attacks.…

Threat Research

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

April 1, 2025 Sophos

In late January 2025, an MSP administrator fell victim to a sophisticated phishing email that mimicked an authentication alert for a remote management tool, leading to a ransomware attack by Qilin actors. This incident emphasizes the vulnerabilities faced by MSPs and their clients to phishing campaigns.…

Threat Research

GreenSpot APT Phishing Campaigns with Fake 163.com Login Analysis

April 1, 2025 AnalysisSpace

GreenSpot APT phishing campaigns target 163.com users, attempting to steal credentials through fake login pages without embedding malicious attachments. While currently not direct threats, future modifications could introduce risks. Affected: 163.com, users of GreenSpot phishing campaigns

Keypoints :

GreenSpot APT is conducting phishing campaigns. Fake login pages prompt users to enter credentials twice.…

Cyber Security News

Morphing Meerkat’s Phishing Tactics: Abusing DNS MX Records

April 1, 2025 CybersecurityNews

Summary: A recent report by Infoblox Threat Intelligence details a sophisticated phishing operation named Morphing Meerkat, which utilizes DNS techniques to create tailored phishing content for victims. The operation dynamically serves fake login pages mimicking over 100 brands, employing advanced methods to evade detection and enhance effectiveness.…

Cyber Attack

Python-based RAT Abuses Discord API to Execute Data Theft Attacks

April 1, 2025 Cyware

Summary: This report analyzes a Python-based Remote Access Trojan (RAT) that utilizes Discord’s API for malicious activities, including command execution and credential theft. It provides a detailed examination of the RAT’s code and behavior, revealing its capabilities for remote machine control and espionage. Recommendations for combating this cyber threat emphasize the importance of enhanced security measures and user education.…

Cyber Attack

Hackers abuse WordPress MU-Plugins to hide malicious code

April 1, 2025 BleepingComputer

Summary: Hackers are increasingly leveraging WordPress’s mu-plugins directory to execute malicious code undetected on every page load. This method, which was first identified in February 2025, enables various harmful activities, including credential theft and redirection to malware-laden sites. Security analysts recommend that WordPress site administrators enhance their security measures to safeguard against these threats.…

Cyber Security News

Hacker Leaks Samsung Customer Data

March 31, 2025 CybersecurityNews

Summary: A hacker known as ‘GHNA’ has leaked around 270,000 customer records from Samsung Germany’s ticketing system, sourced via compromised credentials from Spectos GmbH. The data breach stems from an incident in 2021 and includes sensitive personal and transaction information. Experts warn that the leaked data could facilitate various cyber threats, including phishing and account takeovers.…

Cyber Attack

Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

March 31, 2025 LeakNews

Summary: This week’s cybersecurity insights highlight vulnerabilities in widely used systems like Chrome and Kubernetes, as well as emerging threats from phishing-as-a-service operations. The coverage includes data leaks, ransomware trends, and the importance of vigilance against common oversights that can lead to security breaches. Additionally, the impact of recent legal cases and developments in AI-driven cyber threats are discussed.…

Threat Research

RST TI Report Digest: 31 Mar 2025

March 31, 2025March 31, 2025 iocOne

This week’s threat intelligence report reveals an analysis of multiple cyber threat reports. Key highlights include espionage tactics from APT groups, sophisticated malware deployments, and various Indicators of Compromise (IoCs) detected across platforms. The ongoing evolution of cyber threats emphasizes adaptive techniques utilized by attackers to infiltrate critical sectors.…

Threat Research

SVC New Stealer on the Horizon

March 31, 2025March 31, 2025 Seqrite

SvcStealer 2025 is a sophisticated information-stealing malware delivered through spear phishing emails. It captures sensitive data from victims, including credentials and cryptocurrency wallet information, and sends it to a command and control (C2) server. With a focus on evading detection, it deletes traces of its activities and can potentially download additional malware.…

Threat Research

Samsung Tickets Data Leak: Infostealers Strike Again in Massive Free Dump

March 31, 2025 admin

This article discusses a massive data breach impacting Samsung Germany, where a hacker known as “GHNA” leaked approximately 270,000 customer tickets due to credentials stolen by infostealer malware back in 2021. The breach highlights the dangers of unmonitored and unrotated credentials, leading to potential exploitation and privacy violations for thousands of customers.…

Cyber Security News

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

March 30, 2025 CybersecurityNews

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the presence of a new malware, RESURGE, targeting vulnerabilities in Ivanti Connect Secure appliances. This malware exploits a recently patched security flaw (CVE-2025-0282) and has capabilities enhancing its evasion and operational effectiveness. It is linked to espionage activities potentially conducted by state-sponsored threat actors.…

Tag: CREDENTIAL