#credential-theft — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #credential-theft, aggregated by home.social.
-
Malicious NuGet Package Exfiltrates Sicoob Banking Credentials
A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.
#MaliciousNugetPackage #SupplyChainAttack #CredentialTheft #EmergingThreats #Brazil
-
GitHub Breach Exposes 3,800 Repositories via Malicious VS Code Extension
GitHub's security chief confirms that customer data remains safe, with no evidence of impact outside of GitHub's internal repositories. The breach originated from a poisoned VS Code extension installed on a compromised employee device, allowing attackers to steal credentials.
#GithubBreach #MaliciousVsCodeExtension #SupplyChain #EmergingThreats #CredentialTheft
-
Developer Workstations Expose Software Supply Chain to Credential Theft
In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise…
#CredentialTheft #SupplyChain #CicdPipelines #ApiKeyTheft #CloudCredentials
-
Avada Builder Flaws Expose WordPress Sites to Credential Theft
A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.
#Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection
-
VectorCertain stops 839 of 839 AI credential theft attempts before execution—100% prevention across HSM keys, SWIFT tokens, OAuth tokens, and bulk harvesting. Zero credentials exfiltrated. #AISecure #CredentialTheft
-
TanStack npm packages compromised in cache-poisoning attack
Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.
#SupplyChain #Npm #Tanstack #CachePoisoning #CredentialTheft
-
Active Directory Breaches Persist After Password Resets
Resetting passwords isn't enough to keep hackers at bay, especially in Active Directory environments where cached credentials and sync delays can leave gaping security holes. Even after a password reset, attackers can still find ways to exploit outdated credentials and gain unauthorized access.
#ActiveDirectory #CredentialTheft #PasswordManagement #IdentityAndAccessManagement #EntraId
-
PCPJack Disrupts TeamPCP's Cloud Footprint with Credential Theft
Meet PCPJack, a sneaky new credential theft framework that's wreaking havoc on TeamPCP's cloud operations by stealing sensitive credentials and clearing out the competition. This malicious tool is quietly moving through cloud environments, leaving a trail of compromised systems in its wake.
#CredentialTheft #CloudSecurity #SupplyChain #MalwareOperations #EmergingThreats
-
Microsoft Edge Exposes Saved Passwords in Plaintext
Microsoft Edge's password management has a concerning vulnerability: it loads all saved passwords into browser memory in plaintext at startup, making it easier for hackers to steal credentials on compromised systems. This is in stark contrast to other Chromium-based browsers like Google Chrome and Brave, which only decrypt…
#BrowserSecurity #CredentialTheft #PlaintextPasswords #MicrosoftEdge #ChromiumbasedBrowsers
-
PCPJack Credential Stealer Exploits CVEs to Spread Across Cloud Systems
Meet PCPJack, a sneaky credential stealer that's exploiting vulnerabilities to spread rapidly across cloud systems, swiping sensitive info from services like cloud, finance, and productivity tools. Its operators are after one thing: illicit financial gain.
#CredentialStealer #CloudSecurity #EmergingThreats #MalwareOperations #CredentialTheft
-
PCPJack Worm Targets Cloud Infrastructure, Steals Credentials
A fresh malware campaign, dubbed PCPJack, is targeting cloud infrastructure, stealing credentials and wreaking havoc on Linux-based systems with a sophisticated framework that installs hidden working directories and establishes persistence. This alarming attack bears striking similarities to earlier TeamPCP/PCPCat campaigns,…
#CloudInfrastructure #MalwareOperations #CredentialTheft #Linux #EmergingThreats
-
Employees Willingly Sell Work Credentials
A shocking 13% of employees admit to selling their work logins or knowing someone who has, revealing a surprisingly casual attitude towards protecting sensitive work credentials. This statistic raises serious concerns about workplace security and the vulnerability of company data.
#CredentialTheft #InsiderThreats #EmergingThreats #DataBreach #IdentityTheft
-
CloudZ RAT Exploits Windows Phone Link for Credential Theft
Cyber attackers have cleverly exploited the Microsoft Phone Link feature to steal sensitive credentials and one-time passwords, all without needing to infect mobile devices with malware. By targeting this built-in Windows application, hackers can access synced phone data and extract valuable information.
#CredentialTheft #CloudzRat #WindowsPhoneLink #Microsoft #Android
-
UK Workers Sell Corporate Logins, Exposing Firms to Cybercrime
One in eight UK employees at large firms have sold or know someone who has sold corporate logins in the past year, a shocking trend that puts companies at risk of cybercrime. Alarming still, many justify this risky behaviour, with senior executives being more likely to think selling credentials is acceptable.
#InsiderThreat #CredentialTheft #CorporateSecurity #Uk #EmployeeFraud
-
Microsoft Uncovers Large-Scale Phishing Campaign Using Fake Compliance Emails
In just 48 hours, a massive phishing campaign targeted over 35,000 users across 13,000 organizations in 26 countries, using convincing fake compliance emails to steal login credentials. The sophisticated attack, detected by Microsoft's Defender Research team, hit US firms hard, but its global…
#PhishingCampaign #CredentialTheft #MicrosoftDefenderResearch #EmergingThreats #LargescaleAttack
-
Microsoft Exposes Large-Scale Phishing Campaign Targeting 35,000 Users Worldwide
A massive phishing campaign targeting over 35,000 users worldwide has been uncovered, using sophisticated email templates that convincingly masquerade as legitimate internal communications. The highly convincing lures successfully hit organizations across 26 countries, with a staggering 92% of targets…
#PhishingCampaign #CredentialTheft #Healthcare #FinancialServices #ProfessionalServices
-
Malicious PyTorch Lightning Package Exploits Supply Chain to Steal Credentials
A malicious version of the popular PyTorch Lightning package, downloaded over 11 million times, was found to contain a stealthy backdoor that steals credentials by silently executing a heavily obfuscated JavaScript payload. The compromised package, version 2.6.3, triggers the malicious routine automatically when…
#PytorchLightning #SupplyChain #CredentialTheft #Backdoor #PackageExploitation
-
Malicious Ruby Gems, Go Modules Exploit CI Pipelines for Credential Theft
Malicious actors are targeting developers and CI pipelines with fake Ruby Gems and Go Modules, masquerading as familiar libraries to steal credentials. The campaign, linked to the GitHub account BufferZoneCorp, poses a significant threat to software supply chains.
#SupplyChain #CredentialTheft #CiPipelines #RubyGems #GoModules
-
Over 2.8 billion credentials stolen in 2025 as ransomware evolves #CyberSecurity #CredentialTheft
https://betanews.com/article/over-2-8-billion-credentials-stolen-in-2025-as-ransomware-evolves/
-
Over 2.8 billion credentials stolen in 2025 as ransomware evolves #CyberSecurity #CredentialTheft
https://betanews.com/article/over-2-8-billion-credentials-stolen-in-2025-as-ransomware-evolves/
-
Checkmarx GitHub Data Leaked by LAPSUS$ Hackers
Checkmarx confirmed that hackers from the LAPSUS$ group breached its GitHub repository on March 23, 2026, and published stolen data on April 22, after a series of supply-chain and credential-theft events. The attackers used the access to publish malicious code to certain artifacts, compromising the integrity of Checkmarx's software development process.
-
Supply-Chain Attack Targets Security, Dev Tools with Credential Theft
Malicious hackers are exploiting the very tools developers rely on, including security scanners and password managers, to steal sensitive credentials and gain unauthorized access. This latest supply-chain attack has already hit major players like Checkmarx, compromising their GitHub repository and potentially putting customer data at risk.
-
Malware Targets Developers with Worm-Like Npm Supply Chain Attack
Malware is targeting developers through a sneaky npm supply chain attack, executing malicious code the moment a package is installed, and harvesting sensitive data to spread across ecosystems. Over 6,700 weekly downloads of one affected package show just how widespread the threat could be.
#SupplyChain #MalwareOperations #Npm #DeveloperTools #CredentialTheft
-
Password Resets Expose Vulnerability in Corporate Security
Did you know that password resets can cost companies a whopping $70 each, and with stolen credentials involved in nearly 45% of breaches, it's clear that corporate security is vulnerable to attack.
#PasswordResets #CredentialTheft #SelfservicePasswordReset #Sspr #HelpdeskSecurity
-
Stolen Credentials Empower Attackers in Identity-Based Breaches
While security teams obsess over complex threats, attackers often find it easier to simply walk in with stolen credentials - the quickest and most reliable way into networks. By focusing on sophisticated threats, we might be overlooking the front door, which is wide open with a copy of the keys in the wrong hands.
#StolenCredentials #IdentitybasedBreaches #EmergingThreats #CredentialTheft #Cybersecurity
-
Adaptavist Group Breach Sparks Imposter Email Scams
When security breaches strike, even the most trusted names can be compromised - and The Adaptavist Group is the latest example, with hackers using stolen credentials to gain access and now sending fake emails that could put your data at risk.
#AdaptavistGroup #Uk #Ransomware #CredentialTheft #ImposterScams
-
Raccoon Actor Targets Help Desks in Password Breach Spree
When help desks, meant to be a trusted source of support, become the easiest target for attackers, what can we do to protect ourselves? A recent surge in breaches, including a password breach spree by a Raccoon-linked actor, has left technologists, policymakers, and everyday users scrambling for answers.
#HelpDeskCompromise #PasswordBreach #SocialEngineering #CredentialTheft #RaccoonActor
-
North Korea Exploits Social Engineering to Target macOS Users
Beware of a sneaky new scam where North Korean hackers trick macOS users into handing over their credentials and cryptocurrency by posing as a fake Zoom update. They're using social engineering to get you to do the work for them, making it a low-cost but hard-to-stop threat.
#SocialEngineering #NorthKorea #Macos #CredentialTheft #Cryptocurrency
-
GitHub AI Agents Exposed to Credential Theft via Prompt Injection
Security researchers have uncovered a shocking vulnerability in popular GitHub AI agents, demonstrating how a simple prompt injection technique can be exploited to steal sensitive credentials, leaving users alarmingly exposed. The findings highlight a disturbing lack of transparency from vendors, putting automation and service access…
#PromptInjection #CredentialTheft #Github #AiAgents #EmergingThreats
-
‘Invisible’ credential theft campaign targets senior executives #CyberSecurity #CredentialTheft
https://betanews.com/article/invisible-credential-theft-campaign-targets-senior-executives/
-
🚨 Oh no, another package bites the dust! The "LiteLLM" Python library reveals its true colors as a master of deception, stealing credentials faster than a ninja in a bank vault 🏴☠️. Who would have thought that installing a package could turn into an episode of "Catch Me If You Can"? 🎭
https://github.com/BerriAI/litellm/issues/24512 #LiteLLM #PythonLibrary #CredentialTheft #CyberSecurity #SoftwareRisks #CatchMeIfYouCan #HackerNews #ngated -
https://winbuzzer.com/2026/02/06/cve-2026-0391-microsoft-edge-android-ui-spoofing-xcxwbn/
CVE-2026-0391: Edge Android Flaw Enables Spoofing Attacks
#MicrosoftEdge #Security #Cybersecurity #Microsoft #Android #WebBrowsers #Phishing #CredentialTheft #ZeroDayVulnerabilities #Chromium
-
Cyble Detects Phishing Campaign Using Telegram Bots to Siphon Corporate Credentials https://thecyberexpress.com/phishing-telegram-bots-steal-credentials/ #CentralEuropeCyberThreats #ThreatIntelligenceNews #PhishingCampaign2025 #SelfContainedMalware #EmailSecurityBypass #ThreatIntelligence #TelegramBotMalware #JavaScriptmalware #MicrosoftPhishing #TelegramAPIAbuse #CredentialTheft #InvoicePhishing #FirewallDaily #AdobePhishing #Cybleresearch #PressRelease #ThreatActors #HTMLPhishing #RFQPhishing
-
Nikkei's latest breach shows one stolen credential on Slack can expose 17,000 lives. Are we really secure in our daily digital chats? Read more on this eye-opening incident.
#databreach
#cybersecurity
#slacksecurity
#credentialtheft
#infosec
#proactivesecurity
#communicationplatforms
#nikkei -
Is your browser really safe? Hackers are outsmarting traditional sandboxes with crafty extensions and clever credential theft. It’s time to rethink security and add extra layers of protection.
#browsersecurity
#sandboxing
#cyberthreats
#credentialtheft
#maliciousextensions -
#sicherheit geht uns alle an:
Welche Punkte/Regelungen/Belohnungen erwartet ihr in der #responsibledisclosure Policy von einer Seite wie LinuxNews.de? Bin da aktuell etwas planlos…Hashtags damit wir volle Kanne in der #itsecurity Bubble einschlagen: #cybersecurity #cybersec #opsec #security #databreach #hackerangriff #hacker #itsec #credentialtheft #digitalsafety #digitalesicherheit #threatintelligence
-
Malware on tap? Atroposia lets even novice hackers rent a toolkit that bypasses Windows defenses, steals credentials, and even targets crypto. How safe are we when cybercrime is just a subscription away?
#atroposia
#malwareasaservice
#cybercrime
#remotetrojan
#credentialtheft -
Heard the buzz about a massive Gmail breach? It's actually a mix-up of old, recycled data—not a fresh hack. Curious about the real story and how to stay secure?
https://thedefendopsdiaries.com/debunking-the-gmail-data-breach-panic-what-really-happened/
#gmailbreach
#databreach
#cybersecurity
#credentialtheft
#infosec -
Microsoft Teams users, beware – ransomware gangs are using ultra-smart phishing, bots, and loopholes in third-party apps to breach your defenses. Is your organization ready for this new wave of attacks?
#ransomware
#microsoftteams
#cybersecurity
#phishing
#credentialtheft -
One stolen password turned PowerSchool into a digital disaster: millions of student and teacher records, ruthless extortion, and a multi-million-dollar fallout. How safe are we really?
https://thedefendopsdiaries.com/inside-the-powerschool-breach-lessons-from-a-credential-compromise/
#powerschoolbreach
#credentialtheft
#databreach
#cybersecurity
#edtechsecurity -
SonicWall’s VPN breach shows how stolen credentials can blow open account security in just days. Is your organization ready to fend off smarter, faster cyberattacks?
#sonicwall
#vpnsecurity
#credentialtheft
#cyberattack
#multifactorauthentication -
Meldepflicht: Über 150 Cyberangriffe beim Bacs gemeldet - inside-it.ch https://www.inside-it.ch/meldepflicht-uber-150-cyberangriffe-beim-bacs-gemeldet-20250929 #KRITIS #Hacking #dDoS #CredentialTheft #CredentialStuffing #Ransomware #Malware #DataLeak #Datenleck #Datenschutz #privacy
-
How the "Kim" dump exposed North Korea's credential theft playbook
#HackerNews #KimDump #NorthKorea #CredentialTheft #CyberSecurity #HackerNews #Kimsuky
-
Google warns that mass data theft hitting Salesloft AI agent has grown bigger - Google is advising users of the Salesloft Drift AI chat agen... - https://arstechnica.com/security/2025/08/google-warns-that-mass-data-theft-hitting-salesloft-ai-agent-has-grown-bigger/ #credentialtheft #salesloftdrift #chatagents #salesforce #security #biz #ai
-
🖥️ VNC might be convenient for legacy systems, but it's just as convenient for attackers...
Unencrypted traffic makes it easy to intercept credentials. Some setups don’t require a password at all. And even when passwords are used, they’re often weakly stored and easily cracked.
Attackers might not even need to log in, just sniff the traffic and capture screens or keystrokes without being noticed.
To prove the point, our Kieran built a Python script (VncCrack.py) that cracks VNC passwords in plaintext using intercepted traffic.
📌Check it out in action in our latest blog post: https://www.pentestpartners.com/security-blog/vnc-rdp-for-all-to-see/#CyberSecurity #PenTesting #VNC #LegacySecurity #DFIR #NetworkSecurity #CredentialTheft
-
Microsoft 365 credential theft is evolving quickly!
Attackers are no longer just stealing your login—they’re using your own AI tools like Microsoft Copilot to accelerate fraud from inside your environment.
Our 4-minute video breaks down how threat actors are targeting Microsoft 365 accounts and weaponizing Copilot, Teams, SharePoint, and more to perform rapid reconnaissance, commit fraud, and exploit centralized trust systems.
Watch now to learn:
▪ How Copilot can be used against you
▪ Real phishing tactics mimicking Microsoft 365, Adobe & DocuSign
▪ Why SSO, OAuth, and poor access controls can make attacks worse
▪ What your organization must do to stay aheadWatch the video! https://youtu.be/zaBwxy1Gjhc
#Microsoft365 #CredentialTheft #Cybersecurity #CoPilot #ZeroTr #Cyberaware #Cyber #SMB #CEO #CISO #CIO #Phishing #CloudSecurity #AI #M365 #Riskmanageemnt
-
*Politically hacking the smart toilet screens in the resort-town airport. #InternetOfThings #credentialtheft #hack #digitaloutsideofhome #TwentyTwenties
https://thethaiger.com/news/phuket/phuket-airport-scrambles-to-explain-cyberattack-on-digital-screen
-
Credential theft escalates as threat actors use stealthier tactics #CyberSecurity #CredentialTheft
https://betanews.com/2025/04/17/credential-theft-escalates-as-threat-actors-use-stealthier-tactics/
-
Unauthorised network access remains a significant threat, especially for organisations lacking robust network security controls. Attackers can capture privileged credentials from automated tasks and vulnerability scanners if these tasks are configured with an excessive scope or are insufficiently protected by network or host controls...
Read our latest blog, "Watch where you point that cred," by Tom Thomas-Litman, for insights and recommendations for securing internal networks: https://www.pentestpartners.com/security-blog/watch-where-you-point-that-cred-part-1/
#CyberSecurity #Infosec #NetworkSecurity #VulnerabilityScanning #CredentialTheft #Honeypots #LeastPrivilege #RiskMitigation
-
FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages https://gbhackers.com/flowerstorm-microsoft-phishing/ #CyberSecurityNews #CredentialTheft #PhishingAttacks #cybersecurity #CyberCrime #Microsoft #Phishing
-
🚨 Security Alert! 🚨 A recent attack has compromised 16 Chrome extensions, exposing over 600,000 users to data theft! 🛡️ Cyberhaven was among the first affected, with malicious code stealing sensitive information. This highlights the vulnerabilities of browser extensions. Stay safe and review your installed extensions! 🔍✨ #CyberSecurity #ChromeExtensions #DataProtection #PhishingAttack #CredentialTheft https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html #newz
-
Yearlong supply-chain attack targeting security pros steals 390K credentials - A sophisticated and ongoing supply-chain attack operating for the past yea... - https://arstechnica.com/security/2024/12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/ #supplychainattacks #credentialtheft #cryptomining #security #biz #github #npm
-
I'd love to see Flare go the next step and automatically enroll compromised credentials into a passwordless authentication mechanism.
#security #cybersecurity #CredentialTheft #IdentitySecurity #Authentication #IAM #Funding #Passwordless
https://techcrunch.com/2024/12/11/flare-raises-30m-to-thwart-info-stealers-like-those-used-on-snowflake-customers/
3/3