Security Affairs

JUNE 17, 2025

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post. A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security.

Accountability 107

Accountability Cyber Attacks Media Hacking 107

Krebs on Security

NOVEMBER 21, 2024

That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina. Click to enlarge. A Scattered Spider phishing lure sent to Twilio employees.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Malwarebytes

JUNE 18, 2025

From there, it’s likely the scammers will empty the bank account and move on to their next victim. These scammers demand immediate payment or action to avoid further impacts, which can dupe individuals into inadvertently sending money to a fraudulent account. On X we see invites like these several times a week.

Banking 135

Banking Scams Advertising Media 135

The Hacker News

JUNE 24, 2025

The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. Embassy said every visa application review is a "national security decision."

Media 86

Media Accountability 86

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. The service in question — kopeechka[.]store ” “Are you working on large volumes and are costs constantly growing? The service in question — kopeechka[.]store

Accountability 262

Accountability Scams Cryptocurrency Advertising 262

Security Affairs

JUNE 9, 2025

OpenAI banned ChatGPT accounts tied to Russian and Chinese hackers using the tool for malware, social media abuse, and U.S. OpenAI banned ChatGPT accounts that were used by Russian-speaking threat actors and two Chinese nation-state actors. We banned the OpenAI accounts used by this adversary.”

Accountability 76

Accountability Social Engineering Media Penetration Testing 76

Malwarebytes

JUNE 19, 2025

Take the 184 million logins for social media accounts we reported about recently. But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for: Account takeovers : Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts.

Identity Theft 139

Identity Theft Passwords Phishing Accountability 139

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. The gang targets high-value victims, also called “mammoths,” for digital asset theft, including cryptocurrencies, payment cards, online banking accounts, and non-fungible tokens (NFTs).

Scams 87

Scams Media Cryptocurrency Cybercrime 87

Malwarebytes

JANUARY 3, 2025

The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility. One of the main interests for the stealers seem to be Discord credentials which can be used to expand the network of compromised accounts.

Scams 142

Scams Identity Theft Cryptocurrency Accountability 142

Malwarebytes

JANUARY 21, 2025

But the investigative journalists from 404 Media report thatthe tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women. Now GeoSpy has closed off public access to the tool, after 404 Media asked him for a comment.

Media 143

Media Identity Theft Artificial Intelligence Surveillance 143

Krebs on Security

DECEMBER 11, 2024

wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work The site Verif dot work, which processes payments through Cryptomus, sells financial accounts, including debit and credit cards. work and kopeechka[.]store store ; -anonymity or “proxy” providers like crazyrdp[.]com

Cryptocurrency 288

Cryptocurrency Banking Cybercrime Advertising 288

Security Boulevard

MARCH 21, 2025

Matthew Weiss, former football coach for the University of Michigan and the Baltimore Ravens, for almost 10 years accessed the social media and other online accounts of thousands of student athletes and downloaded personal information and intimate images, said prosecutors who indicted for illegal computer access and identity theft.

Accountability 61

Accountability Identity Theft Hacking Media 61

Krebs on Security

JANUARY 31, 2025

Department of Justice refers to the cybercrime group as Saim Raza , after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media. “These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes.

Phishing 272

Phishing Cybercrime Advertising Malware 272

Schneier on Security

OCTOBER 5, 2023

Countries trying to influence each other’s elections entered a new era in 2016, when the Russians launched a series of social media disinformation campaigns targeting the US presidential election. Many of those elections matter a lot to the countries that have run social media influence operations in the past.

Media 340

Media Artificial Intelligence Accountability Internet 340

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. The ransomware gang claims to have stolen sensitive data including accounting info and contracts. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware 127

Ransomware Hacking Accountability Cyber Attacks 127

Schneier on Security

NOVEMBER 17, 2022

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. This is not a good sign.

Authentication 363

Authentication Passwords Accountability Media 363

The Hacker News

MAY 29, 2025

We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its quarterly Adversarial Threat Report. This included a network of 658 accounts on Facebook, 14 Pages, and

Threat Reports 116

Threat Reports Media Authentication Accountability 116

Security Affairs

NOVEMBER 30, 2024

A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. “It is true our accounts were hacked into but not to the extent of what is being reported. Local media reported that the threat actors that call themselves “Waste” is responsible for the attack.

Banking 143

Banking Government Accountability Hacking 143

Troy Hunt

JUNE 21, 2025

If you want to follow along with travels, most of the pics I post these days are going to a public Facebook account (such is the fragmented social media world today) Catch me in Rome next week for the DotNetCode Italy meetup (that'll be the last public event of the tour) Was it really 16B passwords?

Media 190

Media Passwords Accountability 190

Malwarebytes

APRIL 24, 2025

ELUSIVE COMET targets its victims by luring them into a Zoom video call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets. The group typically approaches victims with a supposed media opportunity to get them interested, and then sets up an introductory Zoom call. He took the bait.

Malware 138

Malware Media Accountability Cryptocurrency 138

Malwarebytes

DECEMBER 5, 2024

The FBI official added: “People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant multi-factor authentication for email, social media, and collaboration tool accounts.”

Encryption 142

Encryption Identity Theft Media Telecommunications 142

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 140

Cybercrime Social Engineering Accountability Government 140

Malwarebytes

FEBRUARY 11, 2025

Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accountstesting whether, say, an email account password is the same one used for a victims online banking system, their mortgage payment platform, or their Social Security portal.

Phishing 129

Phishing Passwords Authentication Mobile 129

Security Affairs

JUNE 11, 2025

After the operation, the authorities alerted over 216,000 victims to help them quickly secure their accounts and prevent further unauthorized access. ” As part of Operation Secure, Vietnamese police arrested 18 suspects and seized cash, SIMs, and documents tied to a scheme selling corporate accounts. .”

Cybercrime 114

Cybercrime Data collection Scams Cyber threats 114

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business 89

Small Business Cybersecurity Scams Passwords 89

Security Affairs

NOVEMBER 3, 2024

The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts. Some of these clusters specifically target Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. These routers are used to relay brute-force attacks on Microsoft 365 accounts.

Passwords 136

Passwords Wireless VPN Accountability 136

Krebs on Security

JANUARY 17, 2024

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. Images from Punchmade Dev’s Twitter/X account show him displaying bags of cash and wearing a functional diamond-crusted payment card skimmer. Punchmade Dev’s shop.

Cybercrime 332

Cybercrime Media Banking Accountability 332

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Security Affairs

OCTOBER 16, 2024

Among them, it was possible to identify tax registration, email addresses, registered domains, IP addresses, social media accounts, telephone number and city. The man used of the same email and phrases across social media and forums. “All information related to the cybercriminal has already been handed over to the authorities.

Data breaches 130

Data breaches Media Cybercrime Accountability 130

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing 363

Phishing Password Management Passwords Banking 363

eSecurity Planet

MAY 11, 2025

At the center of this disturbing new trend is a previously unknown infostealer called Noodlophile Stealer, now being secretly distributed through fraudulent websites promoted on social media. It often comes bundled with tools labeled Get Cookie + Pass, used for hijacking user accounts. The account was created on March 16.

Malware 103

Malware Scams Media Artificial Intelligence 103

Krebs on Security

AUGUST 7, 2024

A partial selfie posted by Puchmade Dev to his Twitter account. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Incredibly, Turner acknowledges that PNC told him his account was flagged for attention from law enforcement officials.

Banking 307

Banking Cybercrime Accountability Retail 307

Security Affairs

OCTOBER 29, 2024

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts. Report stolen data : Notify relevant parties if sensitive details (e.g.,

Identity Theft 128

Identity Theft Malware Passwords Banking 128

Malwarebytes

OCTOBER 15, 2024

Unlike any other season in America, election season might bring the highest volume of advertisements sent directly to people’s homes, phones, and email accounts—and the accuracy and speed at which they come can feel invasive. The reasons could be obvious. of survey participants said they “have not received any election related ads” this year.

Scams 139

Scams Identity Theft Cybercrime Accountability 139

Krebs on Security

MAY 28, 2025

A report from the Pakistani media outlet Dawn states that authorities there arrested 21 people alleged to have operated Heartsender, a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me.

Malware 196

Malware Cybercrime Antivirus Scams 196

Troy Hunt

SEPTEMBER 15, 2022

wasn't (why is this still getting media attention?!) Sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.

Media 314

Media Accountability 314

Security Affairs

NOVEMBER 30, 2024

A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. “It is true our accounts were hacked into but not to the extent of what is being reported. Local media reported that the threat actors that call themselves “Waste” is responsible for the attack.

Banking 98

Banking Government Accountability Hacking 98