FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

A joint law enforcement operation has dismantled LeakBase , one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice DoJ, had over 142,000 members and more than 215,000 messages between...

EUVD-2017-3226

Malware in sbrugna...

EUVD-2017-3303

Malware in sbrugna...

EUVD-2017-3304

Malware in sbrugna...

EUVD-2011-4688

Malware in sbrugna...

EUVD-2024-36873

Malicious code in bioql PyPI...

EUVD-2025-32213

Malicious code in bioql PyPI...

Ransomware attack at blood center: Org tells users their data’s been stolen

A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center’s NYBC suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a...

CVE-2017-11614

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilize...

CVE-2011-4770

The QIWI Wallet ru.mw application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application...

Free AI editor lures in victims, installs information stealer instead on Windows and Mac

A large social media campaign was launched to promote a free Artificial Intelligence AI video editor. If the "free" part of that campaign sounds too good to be true, then that's because it was. Instead of the video editor, users got information stealing malware. Lumma Stealer was installed on...

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in...

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for various online...

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented...

Planned Parenthood partly offline after ransomware attack

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group. Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provid...

New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards

Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as...

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

A 27-year-old Russian national has been sentenced to over three years in prison in the U.S. for peddling financial information, login credentials, and other personally identifying information PII on a now-defunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, plead...

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC. The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass...

Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from...

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system CMS platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment...