Credential Theft Archives • Page 4 of 5 • Daily CyberSecurity

4 Open-Source Packages Infect 56,000+ Downloads with Stealthy Spyware Open Source Spyware, Supply Chain Surveillance

4 Open-Source Packages Infect 56,000+ Downloads with Stealthy Spyware

Do Son July 25, 2025

The Socket Threat Research Team has uncovered a coordinated surveillance malware campaign hidden in four open-source packages—three...

Katz Stealer: The $100/Month MaaS Threat Plundering Digital Identities Undetected Katz Stealer, Info-Stealer MaaS

Katz Stealer: The $100/Month MaaS Threat Plundering Digital Identities Undetected

Do Son July 21, 2025

In the crowded arena of information-stealing malware, Katz Stealer is quickly establishing itself as one of the...

SilentRoute: Trojanized SonicWall VPN Client Used to Steal Enterprise Credentials SonicWall Malware, Supply Chain Attack

SilentRoute: Trojanized SonicWall VPN Client Used to Steal Enterprise Credentials

Do Son July 21, 2025

In a newly uncovered software supply chain attack, threat actors have successfully deployed a backdoored version of...

SonicWall SMA Devices Under Attack: UNC6148 Deploys OVERSTEP Rootkit for Persistent Access SonicWall Hack, Rootkit

SonicWall SMA Devices Under Attack: UNC6148 Deploys OVERSTEP Rootkit for Persistent Access

Do Son July 17, 2025

Google’s Threat Intelligence Group (GTIG) uncovers a stealthy, sophisticated campaign led by a financially motivated actor tracked...

Red Bull Job Scam Exposed: Phishing Campaign Spoofs Brands, Uses “Slow Kill” Tactics to Steal Credentials

Do Son July 14, 2025

Phishing remains one of the most enduring threats to cybersecurity—not for a lack of technological defense, but...

Anatsa Resurfaces: Banking Trojan Targets North America via Google Play

Do Son July 9, 2025

The Anatsa Android banking trojan, one of the most advanced mobile malware threats active today, is back...

Phishing Alert: Fake WeTransfer & HunCERT Pages Hosted on AWS S3 & Cloudflare Turnstile Stealing Credentials Phishing, File Sharing Scam

Phishing Alert: Fake WeTransfer & HunCERT Pages Hosted on AWS S3 & Cloudflare Turnstile Stealing Credentials

Do Son July 8, 2025

The Cyble Research and Intelligence Labs (CRIL) has exposed an active and highly targeted phishing campaign that...

Snake Keylogger Exploits Geopolitical Tensions with Oil-Themed Spearphishing Campaign

Do Son June 30, 2025

The S2 Group’s intelligence team has uncovered a new and sophisticated phishing campaign deploying Snake Keylogger, a...

SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign SonicWall NetExtender, Trojanized VPN Client

SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign

Do Son June 25, 2025

SonicWall, in collaboration with Microsoft Threat Intelligence (MSTIC), has uncovered a sophisticated campaign that distributes a Trojanized...

APT36 Unleashes Advanced Phishing Against Indian Defense Personnel: New Anti-Analysis Malware & NIC Impersonation APT36, Indian Defense Cyberattack

APT36 Unleashes Advanced Phishing Against Indian Defense Personnel: New Anti-Analysis Malware & NIC Impersonation

Do Son June 25, 2025

CYFIRMA has released an in-depth analysis detailing a highly targeted phishing campaign by APT36, also known as...

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials WordPress Malware, Credit Card Skimming

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Do Son June 25, 2025

The Wordfence Threat Intelligence Team has unveiled a powerful malware framework operating under the guise of a...

Prometei Botnet Evolves: Linux Variant Returns With Stealthier Payloads and Monero Mining Focus Prometei Botnet, Linux Malware

Prometei Botnet Evolves: Linux Variant Returns With Stealthier Payloads and Monero Mining Focus

Do Son June 23, 2025

In March 2025, researchers at Palo Alto Networks’ Unit 42 uncovered a resurgence of the Prometei botnet,...

UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack

Do Son June 9, 2025

CERT Polska has sounded the alarm after uncovering a spear phishing campaign that targeted Polish organizations using...

UNC6040 Threat Actor Exploits Salesforce via Vishing and Malicious Data Loader Apps Salesforce Gainsight Breach AppExchange Security Vishing, Salesforce Attack UNC6040

Salesforce Gainsight Breach AppExchange Security Vishing, Salesforce Attack UNC6040

UNC6040 Threat Actor Exploits Salesforce via Vishing and Malicious Data Loader Apps

Do Son June 6, 2025

Google Threat Intelligence Group (GTIG) has sounded the alarm on UNC6040, a financially motivated threat cluster waging...

Haozi Returns: The Phishing-as-a-Service Platform Making Cybercrime Easy Haozi Phishing, PhaaS

Haozi Returns: The Phishing-as-a-Service Platform Making Cybercrime Easy

Do Son June 3, 2025

A new report from Netcraft has exposed the alarming return of Haozi, a Chinese-language Phishing-as-a-Service (PhaaS) platform...

How to Detect Microsoft 365 Phishing Attacks on Your Business Microsoft 365 Phishing, Interactive Sandbox

How to Detect Microsoft 365 Phishing Attacks on Your Business

Do Son June 3, 2025

What if one fake login page could give an outsider access to your company’s most sensitive data?...

New Phishing-as-a-Service Kits Bypass MFA & Target Microsoft 365 Users Globally! Phishing-as-a-Service, AiTM

New Phishing-as-a-Service Kits Bypass MFA & Target Microsoft 365 Users Globally!

Do Son May 31, 2025

Since September 2023, Trustwave’s Threat Intelligence Team has been tracking a sophisticated phishing ecosystem operated by Storm-1575,...

Dark Web Alert: Genesis Market Returns with Stealthy Browser Extension Attack Attack Tree

Dark Web Alert: Genesis Market Returns with Stealthy Browser Extension Attack

Do Son May 23, 2025

The Genesis Market, a notorious dark web marketplace dismantled by law enforcement in early 2023, appears to...

Critical Flaws in AI Browse Agents: Exposed to Credential Theft and Hijacking Prompt injection, agent hijacking

Critical Flaws in AI Browse Agents: Exposed to Credential Theft and Hijacking

Do Son May 22, 2025

As AI-powered browsing agents increasingly automate complex web tasks—from booking travel to managing emails—they’re becoming both indispensable...

Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials KeePass trojan Malvertising attack

Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials

Do Son May 19, 2025

Recently, WithSecure’s Threat Intelligence team uncovered a sophisticated malware campaign where the open-source password manager KeePass was...