- AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victimsby info@thehackernews.com (The Hacker News) on 08/08/2025 at 16:14
Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign. The activity involves the creation of lookalike sites imitating Brazil's State
- Leaked Credentials Up 160%: What Attackers Are Doing With Themby info@thehackernews.com (The Hacker News) on 08/08/2025 at 11:00
When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password. According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches
- RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changesby info@thehackernews.com (The Hacker News) on 08/08/2025 at 10:58
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users. The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively, the gems have been
- GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensionsby info@thehackernews.com (The Hacker News) on 08/08/2025 at 07:16
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said. What makes the
- SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Othersby info@thehackernews.com (The Hacker News) on 07/08/2025 at 18:26
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations," Silent Push