#credential-harvesting

[ follow ]
#phishing #cybersecurity #meduza-malware #russian-police-arrests #astrakhan-data-breach #qilin
fromDataBreaches.Net
2 days ago

Russian Police Bust Suspected Meduza Infostealer Developers - DataBreaches.Net

Russian police arrested "three young IT specialists" suspected of developing and selling the Meduza credential-harvesting malware. Authorities from the Ministry of Internal Affairs of Russia, together with police investigators, charged the men with developing and supplying the information-stealing malware, and tied it to an attack that breached and stole data from a government institution in the country's southern Astrakhan region in May, said a ministry spokeswoman in a Russian-language post to Telegram.
Information security
Information security
fromThe Hacker News
1 day ago

Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack

Qilin ransomware has conducted persistent global attacks since 2025, exploiting leaked admin credentials to harvest credentials and exfiltrate data across multiple sectors.
Information security
fromIT Pro
2 weeks ago

Hackers are using a new phishing kit to steal Microsoft 365 credentials and MFA tokens - Whisper 2FA is evolving rapidly and has been used in nearly one million attacks since July

Whisper 2FA is a PhaaS tool that steals credentials and MFA tokens from Microsoft 365 accounts while evading detection through advanced obfuscation.
Information security
fromThe Hacker News
3 weeks ago

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

175 malicious npm packages host redirect scripts via the unpkg CDN to facilitate Beamglea credential-harvesting phishing targeting over 135 industrial, technology, and energy companies.
Information security
fromSecuritymagazine
5 months ago

Credential Harvesting Becomes Top Retail Data Threat

Credential harvesting is now the top threat to retail cybersecurity, surpassing payment card theft.
The retail sector faced a 56% increase in cyberattacks in 2023, indicating rising risks.
Employee training significantly mitigates vulnerability to phishing attacks in retail.
fromThe Hacker News
6 months ago

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

The first thing to note is that this is a valid, signed email - it really was sent from no-reply@google.com, it passes the DKIM signature check.
Growth hacking
[ Load more ]