Data Theft Archives • Daily CyberSecurity

Academic Exposure: The Unpatched Flaw Siphoning Student Data from DRC INSIGHT

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Academic Exposure: The Unpatched Flaw Siphoning Student Data from DRC INSIGHT

Do Son April 24, 2026

A security vulnerability has been unearthed in the DRC INSIGHT software—a platform widely used for proctoring academic...

Game Over: “RenEngine” Malware Hides in Pirated Visual Novels RenEngine Malware Pirated Games Security

Game Over: “RenEngine” Malware Hides in Pirated Visual Novels

Do Son February 17, 2026

A new malware campaign is turning the quest for free games into a nightmare for players. A...

Smishing Alert: Telegram Bots Power New PNB MetLife Phishing Campaign PNB MetLife Phishing Telegram Exfiltration

Smishing Alert: Telegram Bots Power New PNB MetLife Phishing Campaign

Do Son January 22, 2026

A new, highly aggressive phishing campaign has been uncovered targeting policyholders of PNB MetLife Insurance, blending mobile-first...

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs AuraStealer, Scam-Yourself

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs

Do Son December 22, 2025

A deep-dive analysis by Gen Digital (Gen Threat Labs) has unveiled AuraStealer, an emerging Malware-as-a-Service (MaaS) that...

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning

Do Son December 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo...

Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor Mysterious Elephant APT, WhatsApp Data Theft

Mysterious Elephant APT, WhatsApp Data Theft

Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor

Do Son October 16, 2025

Researchers at Kaspersky’s Global Research and Analysis Team (GReAT) have published a detailed report on a newly...

Red Hat Confirms Breach of GitLab Instance, Customer Network Blueprints Stolen Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Red Hat Confirms Breach of GitLab Instance, Customer Network Blueprints Stolen

Do Son October 5, 2025

IBM’s enterprise Linux subsidiary, Red Hat, has confirmed that its managed repository—hosted on the GitLab platform—was compromised...

Trinity of Chaos: How LAPSUS$, Scattered Spider, and ShinyHunters Forged a Cybercrime Alliance WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Trinity of Chaos: How LAPSUS$, Scattered Spider, and ShinyHunters Forged a Cybercrime Alliance

Do Son September 29, 2025

A new report from Resecurity sheds light on the growing convergence between three of the most notorious...

FBI Alert: Two Cybercriminal Groups Are Actively Compromising Salesforce TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

FBI Alert: Two Cybercriminal Groups Are Actively Compromising Salesforce

Do Son September 15, 2025

The Federal Bureau of Investigation (FBI), in coordination with DHS/CISA, has released a new FLASH Alert (FLASH-20250912-001)...

A New Threat to Artists: Hackers Threaten to Feed Stolen Art to AI AI extortion, artists' rights

A New Threat to Artists: Hackers Threaten to Feed Stolen Art to AI

Do Son September 8, 2025

For content creators, the unauthorized scraping of their work by AI companies for training artificial intelligence models...

Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens Salesforce data theft

Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens

Do Son August 28, 2025

The Google Threat Intelligence Group (GTIG) has issued an urgent advisory on a widespread data theft campaign...

A New AI Frontier: Claude’s Chrome Extension Opens the Door to New Dangers Anthropic valuation $350 billion AI agent, prompt injection

A New AI Frontier: Claude’s Chrome Extension Opens the Door to New Dangers

Do Son August 27, 2025

Recently, Anthropic introduced a Chrome-based extension for Claude Max users, designed to read active web pages and...

The Underground Ransomware Gang Is Back with a Vicious New Global Campaign

Do Son August 27, 2025

The Underground ransomware gang is intensifying its operations, launching continuous ransomware attacks against companies worldwide, including high-profile...

RedLine Stealer Unleashed: Inno Setup Installers Abused for Stealthy Data Theft & Cryptowallet Draining RedLine Stealer, Inno Setup Exploit

RedLine Stealer Unleashed: Inno Setup Installers Abused for Stealthy Data Theft & Cryptowallet Draining

Do Son July 8, 2025

In a recent technical deep dive, the Splunk Threat Research Team (STRT) dissected a multi-stage malware campaign...

Chinese Student Jailed for Smishing: Operated Covert “SMS Blaster” in Car for Mass Phishing Smishing, SMS Blaster

Chinese Student Jailed for Smishing: Operated Covert “SMS Blaster” in Car for Mass Phishing

Do Son July 2, 2025

A Chinese student has been sentenced to over a year in prison by Inner London Crown Court...

CoinMarketCap Hacked: “Doodle” Graphic Delivers Malware, Stealing $43K+ from User Wallets CoinMarketCap Hack, Inferno Drainer CVE-2024-53677 PoC Exploit

CoinMarketCap Hack, Inferno Drainer CVE-2024-53677 PoC Exploit

CoinMarketCap Hacked: “Doodle” Graphic Delivers Malware, Stealing $43K+ from User Wallets

Do Son June 23, 2025

On June 20, 2025, CoinMarketCap (CMC)—a trusted name in the crypto ecosystem—fell victim to a highly coordinated...

New Malware Duo HijackLoader & DeerStealer Surge: Bypassing Defenses for Data Theft Attack chain diagram

New Malware Duo HijackLoader & DeerStealer Surge: Bypassing Defenses for Data Theft

Do Son June 16, 2025

Recently, eSentire’s Threat Response Unit (TRU) uncovered an alarming surge in campaigns leveraging a malware duo: HijackLoader...

CyberEye RAT: Plug-and-Play Espionage via Telegram-Powered Malware

Do Son June 12, 2025

CyberEye, also known as TelegramRAT, has emerged as a powerful and modular .NET-based remote access trojan (RAT)...

Behind the Followers: Malicious Python Package Harvests Instagram Credentials Instagram Malware, Credential Harvesting

Behind the Followers: Malicious Python Package Harvests Instagram Credentials

Do Son June 10, 2025

Socket’s Threat Research Team has uncovered ‘imad213’, a credential-harvesting tool masquerading as an Instagram booster. Behind its...

Beware Katz Stealer: Sophisticated Malware-as-a-Service Steals Everything

Do Son May 29, 2025

A newly analyzed variant of the Katz Stealer malware has been dissected by the Nextron Threat Research...

Critical Alert 1 Active Exploit Detected Today