Security Affairs

JUNE 28, 2025

The FBI reports that the cybercrime group Scattered Spider is now targeting the airline sector. In many cases, threat actors employed methods to bypass multi-factor authentication (MFA), by tricking victims’ help desk services to add unauthorized MFA devices to compromised accounts.

Social Engineering 86

Social Engineering Cybercrime Engineering Authentication 86

SecureWorld News

FEBRUARY 14, 2025

Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day. If you spot an offer and need to verify it, go back to the original retailer's website instead of clicking through links," Machin said. However genuine it looks, or tempting an offer, don't click on links from unknown senders. "If

Scams 84

Scams Cybercrime Phishing Social Engineering 84

Security Affairs

MAY 15, 2025

Exposed data included contact details, partial SSNs and bank info, ID images, account history, and limited internal documents. Compromised data includes: Name, address, phone, and email; Masked Social Security (last 4 digits only); Masked bank-account numbers and some bank account identifiers; GovernmentID images (e.g.,

Data breaches 91

Data breaches Banking Accountability Retail 91

Security Affairs

JULY 28, 2025

The cybercrime group Scattered Spider (aka 0ktapus , Muddled Libra , Octo Tempest , and UNC3944 ) is targeting VMware ESXi hypervisors in retail, airline, and transportation sectors across North America. Key mitigations include prohibiting phone-based resets for privileged accounts and hardening sensitive systems and documentation.

Social Engineering 52

Social Engineering Engineering Cybercrime Backups 52

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. These are real threats, but they are not novel. The truth is that AI is here to stay.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

Webroot

APRIL 22, 2025

Here are some of the most likely targets for access to consumer data: Healthcare organizations : Healthcare companies are a prime target for cybercrime due to the large amounts of sensitive data they store, which includes personal information and medical records. They can rack up charges on your credit cards and even drain your bank accounts.

Data breaches 75

Data breaches Identity Theft Passwords eCommerce 75

Malwarebytes

APRIL 24, 2025

Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. It’s how tap-to-pay machines found in retailers and ATMs work their magic. Got an Android phone? Got a tap-to-pay card?

Malware 94

Malware Banking Software Social Engineering 94

Security Affairs

MARCH 30, 2025

These stores operate on a bulk retail model, offering members discounted prices on a wide range of products, including electronics, clothing, food, and household items. This represents a significant portion of Walmart’s overall earnings, as Sam’s Club accounts for about 13% of Walmart’s consolidated net sales.

Ransomware 122

Ransomware Data breaches Software Hacking 122

Security Affairs

JUNE 30, 2025

Ahold Delhaize is a Dutch-Belgian multinational retail and wholesale holding company. A ransomware attack on grocery giant Ahold Delhaize led to a data breach that affected more than 2.2 million people. A ransomware attack on Dutch grocery giant Ahold Delhaize has led to a data breach affecting over 2.2 million people.

Data breaches 93

Data breaches eCommerce Retail Accountability 93

Zero Day

JUNE 22, 2025

We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. Here's how to check if your accounts are at risk and what to do next.

Passwords 101

Passwords Data breaches Password Management Identity Theft 101

Security Affairs

MAY 4, 2025

CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog Ireland’s DPC fined TikTok 530M for sending EU user data to China Microsoft sets all new accounts passwordless by default Luxury department store Harrods suffered a cyberattack U.S.

Cybercrime 77

Cybercrime Cyber Attacks Malware Phishing 77

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Consumers remained the primary target of financial cyberthreats, accounting for 73.69% of attacks. Mamont was the most active Android malware family, accounting for 36.7% million detections compared to 5.84

Phishing 72

Phishing Banking Scams Mobile 72

Security Affairs

MAY 13, 2025

M&S is a major British multinational retailer headquartered in London. However, importantly, the data does not include useable card or payment details, and it also does not include any account passwords.” The company did not share technical details about the attack.

Data breaches 65

Data breaches Cyber Attacks Passwords Social Engineering 65

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Cloud services alerts increased by 20% due to rising cloud account usage, while malicious file alerts in phishing attacks remain high, exploiting users’ tendencies to open files.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

SecureWorld News

JULY 10, 2025

The World Economic Forum warns that AI-powered cybercrime is among the top concerns shaping the 2025 threat landscape. Organizations today utilize an average of 131 third-party APIs in their systems, and APIs now account for over 70% of all web traffic. million user accounts to theft. Treasury Department's network.

Manufacturing 70

Manufacturing Software Energy and Utilities Risk 70

Security Affairs

MAY 18, 2025

officials Shields up US retailers. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Scattered Spider threat actors can target them U.S.

Data breaches 67

Data breaches Cybercrime Ransomware Cyber Attacks 67

Zero Day

JUNE 20, 2025

We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. Here's how to check if your accounts are at risk and what to do next.

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Krebs on Security

JULY 10, 2025

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods , and the British food retailer Co-op Group. KrebsOnSecurity has learned the identities of two of the suspects. In November 2024, U.S.

Cybercrime 242

Cybercrime Social Engineering Retail Mobile 242

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages. cloud providers.

Accountability 281

Accountability Scams Passwords Data collection 281

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market.

Phishing 324

Phishing Mobile Scams Banking 324

Security Affairs

JULY 14, 2025

Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. According to the report, the security breach may be linked to a third-party service provider account.

Data breaches 81

Data breaches Retail Ransomware Phishing 81

Security Affairs

MAY 11, 2025

CVSS) in IOS XE That Enables Root Exploits via JWT Internet tracking: How and why were followed online Google to pay Texas $1.4

Spyware 67

Spyware DDOS Malware Ransomware 67

Krebs on Security

AUGUST 7, 2024

A partial selfie posted by Puchmade Dev to his Twitter account. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data.

Banking 329

Banking Cybercrime Accountability Retail 329

Krebs on Security

APRIL 18, 2023

.'” MRMURZA Faceless is a project from MrMurza , a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. was used for an account “Hackerok” at the accounting service klerk.ru

Malware 325

Malware Accountability Passwords Advertising 325

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. Prior to the demise of Google+ , the email address dugidox@gmail.com mapped to an account with the nickname “ Netwire wwl.”

DNS 336

DNS Cybercrime Passwords Accountability 336

Security Affairs

OCTOBER 17, 2022

Australian retail giant Woolworths disclosed a data breach that impacted approximately 2.2 Bad news for the customers of the MyDeal online marketplace, the Australian retail giant Woolworths disclosed a data breach that impacted approximately 2.2 Also, no customer account passwords were accessed. million MyDeal customers.

Data breaches 141

Data breaches Retail Passwords Accountability 141

Krebs on Security

APRIL 30, 2020

Most online retailers years ago stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. A screen shot from a user account at “Snowden,” a long-running reshipping mule service.

Cybercrime 362

Cybercrime Computers and Electronics Marketing Scams 362

Krebs on Security

APRIL 29, 2022

Google has for years accepted requests to remove certain sensitive data such as bank account or credit card numbers from search results. The login page for perhaps the most bustling cybercrime store for stolen payment card data. BriansClub has long abused my name and likeness to pimp its wares on the hacking forums.

Identity Theft 364

Identity Theft Cybercrime Hacking Government 364

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. Pierluigi Paganini. SecurityAffairs – hacking, Zerologon).

Cybercrime 142

Cybercrime Security Intelligence Authentication Banking 142

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. said investigators determined the breach began on Aug. ” On Oct.

Identity Theft 330

Identity Theft Banking Cybercrime Hacking 330

Security Affairs

NOVEMBER 12, 2021

Retail giant Costco Wholesale Corporation notified its customers of a data breach that might have exposed their payment card information. The retail giant has 737 membership-only retail stores across the U.S., it is the fifth-largest retailer in the world and the 10th-largest corporation in the country by total revenue.

Retail 122

Retail Data breaches eCommerce Hacking 122

Krebs on Security

JULY 29, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source.

Cybercrime 343

Cybercrime Backups Software VPN 343

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. Coop is one of the largest retail and grocery providers in Sweden, with approximately 800 stores across the country. The stores are co-owned by 3.5 million members in 29 consumer associations.

Retail 143

Retail Ransomware Encryption Hacking 143

Security Affairs

MAY 5, 2021

A new cybercrime gang, tracked as UNC2529 , has targeted many organizations in the US and other countries using new sophisticated malware. FireEye’s Mandiant unit observed two distinct waves of attacks carried out by the cybercrime group in December 2020. The post UNC2529, a new sophisticated cybercrime gang that targets U.S.

Cybercrime 140

Cybercrime Malware Manufacturing Phishing 140

Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. Joker’s sold cards stolen in a steady drip of breaches at U.S.

Cryptocurrency 333

Cryptocurrency Cybercrime Government Retail 333

Krebs on Security

JUNE 30, 2020

On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space.

Banking 357

Banking Hacking Retail Cybercrime 357

Krebs on Security

OCTOBER 15, 2020

Multiple companies that track the sale in stolen payment card data say they have confirmed with card-issuing financial institutions that the accounts for sale in the BlazingSun batch have one common theme: All were used at various Dickey’s BBQ locations over the past 13-15 months.

Data breaches 363

Data breaches Cybercrime Retail Banking 363