Malware, Media and Passwords - Cyber Security Informer

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. ” concludes Microsoft.

Passwords

Passwords Wireless VPN Accountability

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

eSecurity Planet

MAY 11, 2025

Technical support consultant using programming to upgrade artificial intelligence simulation model As AI tools boom in popularity, cyberthieves are exploiting the excitement with fake AI video editing platforms that lure users into downloading malware. The Noodlophile Stealer is a new malware strain.

Malware

Malware Scams Media Artificial Intelligence

Microsoft Authenticator will soon ditch passwords for passkeys - here's what to do

Zero Day

JUNE 30, 2025

PT ZDNET Those of you who use Microsoft Authenticator as a password manager will have to find another option, and soon. That's because an upcoming change will pull the plug on the ability to use the Authenticator app to store and autofill passwords. You have several options.

Authentication

Authentication Passwords Password Management Artificial Intelligence

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Malwarebytes

JUNE 19, 2025

Take the 184 million logins for social media accounts we reported about recently. These malware variants silently extract credentials stored in browsers, email clients, messaging apps, and even crypto wallets, and send the data to cybercriminals. Do not reuse passwords across different sites and services. billion records each.

Identity Theft

Identity Theft Passwords Phishing Accountability

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015.

Phishing

Phishing Cybercrime Advertising Malware

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. A scan of social media networks showed this is not an uncommon scam. .” The phony booking.com website generated by visiting the link in the text message.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Security Affairs

JUNE 6, 2025

offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. “Maxim Alexandrovich Rudometov (Максим Александрович Рудомётов), born in 1999 in the Luhansk region of Ukraine, developed and has sold “information stealer” malware known as RedLine.”

Malware

Malware Passwords Identity Theft Government

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. as a media sharing device on a local network that was somehow exposed to the Internet. Image: spur.us.

Malware

Malware Passwords Accountability Advertising

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally. The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking.

Identity Theft

Identity Theft Malware Passwords Banking

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Zero Day

JUNE 22, 2025

Close Home Tech Security 16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself Wondering if your information is posted online from a data breach? If we have made an error or published misleading information, we will correct or clarify the article. Sounds scary, right?

Passwords

Passwords Data breaches Password Management Accountability

“Can you try a game I made?” Fake game sites lead to information stealers

Malwarebytes

JANUARY 3, 2025

If interested, the victim will receive a download link and a password for the archive containing the promised installer. The Nova Stealer and the Ageo Stealer are a Malware-as-a-Service (MaaS) stealer where criminals rent out the malware and the infrastructure to other criminals. At which point they will easily set up a new one.

Scams

Scams Identity Theft Cryptocurrency Accountability

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Our free Digital Footprint scan searches the dark web, social media, and other online sources, to tell you where your data has been exposed. Use a different password for every online account. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Phishing

Phishing Malware Passwords Password Management

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Zero Day

JUNE 20, 2025

Close Home Tech Security Heard about the 16 billion passwords leak? In the headline for a recent story published by Cybernews , the cybersecurity media outlet said that 16 billion passwords were exposed in a record-breaking data breach, opening access to Facebook, Google, Apple, and any other service imaginable.

Passwords

Passwords Data breaches Password Management Identity Theft

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Antivirus

You should probably delete any sensitive screenshots you have in your phone right now. Here's why

Zero Day

JUNE 26, 2025

Here's why A new Trojan malware is targeting sensitive information, including crypto wallet seed phrases. Also: How Avast's free AI-powered Scam Guardian protects you from online con artists According to Kaspersky, the malware targets iOS and Android devices. Here's how the malware works. What is SparkKitty?

Password Management

Password Management Small Business Passwords Artificial Intelligence

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

Attackers also used it for code debugging assistance. “The tasks the CyberAv3ngers asked our models in some cases focused on asking for default username and password combinations for various PLCs. This included working on malware that was still in development, and looking for information on potential targets.”

Malware

Malware Social Engineering Engineering Hacking

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

These messages frequently warn recipients about a problem with their accounts, like a password that needs to be updated, a policy change that requires a login, or a delayed package that has to be approved. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

Small Business

Small Business Cybersecurity Scams Passwords

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. They dont crack into password managers or spy on passwords entered for separate apps. The requests are bogus and simply a method for harvesting passwords.

Phishing

Phishing Passwords Authentication Mobile

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

Malwarebytes

MAY 27, 2025

While the sheer volume of exposed dataincluding emails, passwords, and authorization URLsis alarming, the real concern is not just about the exposure itself, but in how cybercriminals collect and weaponize these credentials. Infostealers have evolved beyond simple password grabbers. Use unique, complex passwords for every service.

Identity Theft

Identity Theft Passwords Accountability Phishing

Strengthen your digital defenses on World Password Day

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords

Passwords Password Management Accountability Malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs

MARCH 2, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Architecture IoT Cryptocurrency

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

Shopping Scams Fake online shops, social media ads, or marketplace listings. in parking lots) redirect to malware ridden websites. MFA Bypass Methods: SIM swaps, malware, or phishing sites that trick you into revealing or approving access. Avoid reusing passwords across different services. But it happens all the time.

Scams

Scams Password Management Passwords Banking

Macs targeted by info stealers in new era of cyberthreats

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. These findings come from the 2025 State of Malware report. By 2018, TrickBot was the largest threat to businesses.

Malware

Malware Software Passwords Cryptocurrency

Facebook's new passkey support could let you ditch your password once and for all

Zero Day

JUNE 19, 2025

PT NurPhoto / Contributor/Getty For all of us who hate passwords, passkeys represent a simpler and safer way of authenticating online accounts. PT NurPhoto / Contributor/Getty For all of us who hate passwords, passkeys represent a simpler and safer way of authenticating online accounts.

Passwords

Passwords Password Management Small Business Mobile

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Social media beats TV as top American news source for first time, study finds

Zero Day

JUNE 18, 2025

Also: How new Facebook policies incentivize spreading misinformation For the first time this year (the RISJ has released a media report every year since 2012), the No. 1 spot, or the largest proportion of respondents who used a particular source in the past week, went to social media, with 54%.

Media

Media Password Management Small Business Artificial Intelligence

Malware attack disguises itself as DeepSeek installer

Graham Cluley

JUNE 12, 2025

Skip to content Graham Cluley Cybersecurity and AI keynote speaker BOOK ME Speaking · Writing · Podcasts · Video · Contact · About · Games 🔍 ⁠This weeks sponsor: Proton Pass - Easily create unique, secure passwords. How are the bad guys spreading the malware? Integrated 2FA.

Malware

Malware Cryptocurrency Accountability Advertising

86 million AT&T customer records reportedly up for sale on the dark web

Zero Day

JUNE 6, 2025

Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more Individually, any one of those pieces of data can be exploited by the wrong people. The hackers say that the dates of birth and social security numbers were originally encrypted but have since been decrypted and are now visible in plain text.

Password Management

Password Management Passwords Identity Theft Software

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. What else do we know about the cause of these incidents?

Hacking

Hacking Social Engineering Phishing Scams

How Does One Get Hired by a Top Cybercrime Gang?

Krebs on Security

JUNE 15, 2021

Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. 6 in Miami, Fla.

Cybercrime

Cybercrime Ransomware Passwords Banking

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

The Last Watchdog

MARCH 19, 2025

Attackers now have access to extensive identity data from multiple sourcesincluding data breaches, infostealer malware infections, phishing campaigns, and combolistsposing a challenge for organizations whose security measures have not yet adapted to address the full scope of interconnected identity exposures holistically.

Cyber Risk

Cyber Risk Risk Phishing Cybercrime

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Your Brother printer might have a critical security flaw - how to check and what to do next

Zero Day

JULY 3, 2025

First noticed by Rapid7 in May and publicly disclosed on June 25 , this unpatchable vulnerability lets an attacker who knows -- or can find out -- your printer's serial number generate its default administrator password. But the "good" news is you can still protect yourself by changing that default password today.

Password Management

Password Management Passwords Artificial Intelligence Firmware

Arcane stealer: We want all your data

SecureList

MARCH 19, 2025

What’s intriguing about this malware is how much it collects. The malicious actor behind Arcane went on to release a similarly named loader, which supposedly downloads cheats and cracks, but in reality delivers malware to the victim’s device. Send your videos to the #MEDIA chat 2. Personal server role 3.

Passwords

Passwords Media Malware VPN

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

The Last Watchdog

NOVEMBER 19, 2023

Professional networking and social media platforms continue to prove a rich landscape for phone numbers, locations, hobbies, dates of birth, family members, and friendships. Fluent in American English, a gang member convinced a help desk worker to provide a one-time password to log into the systems.

Social Engineering

Social Engineering Passwords Authentication Marketing

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

APRIL 9, 2024

Only three of April’s vulnerabilities earned Microsoft’s most-dire “critical” rating, meaning they can be abused by malware or malcontents to take remote control over unpatched systems with no help from users. Tempering the sheer volume of this month’s patches is the middling severity of many of the bugs.

DNS

DNS Social Engineering Malware Media

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

Why SMS two-factor authentication codes aren't safe and what to use instead

Zero Day

JUNE 17, 2025

Those codes are supposed to serve as two-factor authentication to confirm our identity and prevent scammers from accessing our accounts through a password alone. Also: Got a new password manager? PT kontekbrothers/Getty We've probably all received confirmation codes sent via text message when trying to sign into an account.

Authentication

Authentication Password Management Small Business Passwords

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors. Employees inadvertently exposed their ties through social media. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime

Cybercrime Advertising Phishing Hacking

Digital life protection: How Webroot keeps you safe in a constantly changing world

Webroot

FEBRUARY 21, 2025

It combines multiple security capabilities into one easy-to-use package that includes: Antivirus protection Detects and neutralizes viruses, malware , spyware , and ransomware. Password Manager Ensures your passwords are strong and secure, while also making them easy to access and manage. The answer is a resounding yes.

Antivirus

Antivirus Identity Theft Cyber threats Phishing

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

SpyCloud research reveals that the average individual has as many as 52 unique usernames/emails and 221 passwords exposed on the darknet across their online personal and professional identities. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow.

Cybercrime

Cybercrime Phishing Accountability Malware

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. PPI programs) to generate new installations of their malware.”

Passwords

Passwords Malware Internet Internet

IT threat evolution in Q3 2024. Non-mobile statistics

SecureList

NOVEMBER 29, 2024

Kaspersky solutions worldwide detected this type of malware on 297,485 unique user devices. Attacks on macOS Password stealers were the third quarter’s most noteworthy findings associated with attacks on macOS users. This malware also possessed the capability to install a backdoor on compromised systems. 2 Tajikistan 1.63

Mobile

Mobile Adware Ransomware Malware

How global threat actors are weaponizing AI now, according to OpenAI

Zero Day

JUNE 6, 2025

One of the cases with probable Chinese origins, for example, found ChatGPT accounts generating social media posts in English, Chinese, and Urdu. What the report found In each of the 10 cases outlined in the new report, OpenAI outlined how it detected and addressed the problem.

Artificial Intelligence

Artificial Intelligence Password Management Small Business Passwords

Chinese threat actors use Quad7 botnet in password-spray attacks

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

Trending Sources

Microsoft Authenticator will soon ditch passwords for passkeys - here's what to do

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Booking.com Phishers May Leave You With Reservations

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Giving a Face to the Malware Proxy Service ‘Faceless’

International law enforcement operation dismantled RedLine and Meta infostealers

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

“Can you try a game I made?” Fake game sites lead to information stealers

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

You should probably delete any sensitive screenshots you have in your phone right now. Here's why

Iran and China-linked actors used ChatGPT for preparing attacks

The 3 biggest cybersecurity threats to small businesses

Phishing evolves beyond email to become latest Android app threat

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

Strengthen your digital defenses on World Password Day

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Macs targeted by info stealers in new era of cyberthreats

Facebook's new passkey support could let you ditch your password once and for all

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Social media beats TV as top American news source for first time, study finds

Malware attack disguises itself as DeepSeek installer

86 million AT&T customer records reportedly up for sale on the dark web

When Low-Tech Hacks Cause High-Impact Breaches

How Does One Get Hired by a Top Cybercrime Gang?

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Your Brother printer might have a critical security flaw - how to check and what to do next

Arcane stealer: We want all your data

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

April’s Patch Tuesday Brings Record Number of Fixes

3CX Breach Was a Double Supply Chain Compromise

Why SMS two-factor authentication codes aren't safe and what to use instead

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Digital life protection: How Webroot keeps you safe in a constantly changing world

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Link Between AWM Proxy & the Glupteba Botnet

IT threat evolution in Q3 2024. Non-mobile statistics

How global threat actors are weaponizing AI now, according to OpenAI

Stay Connected