data theft

Google uncovers malware using LLMs to operate and evade detection

APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, Google, Hot stuff, LLMs, Malware, News, Threat Intelligence /

Google uncovers malware using LLMs to operate and evade detection 2025-11-05 at 20:53 By Zeljka Zorz PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that […]

React to this headline:

Loading spinner

Google uncovers malware using LLMs to operate and evade detection Read More »

Claude AI APIs Can Be Abused for Data Exfiltration

AI, Anthropic, API, Artificial Intelligence, Claude, data theft, Featured /

Claude AI APIs Can Be Abused for Data Exfiltration 2025-11-03 at 15:57 By Ionut Arghire An attacker can inject indirect prompts to trick the model into harvesting user data and sending it to the attacker’s account. The post Claude AI APIs Can Be Abused for Data Exfiltration appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Claude AI APIs Can Be Abused for Data Exfiltration Read More »

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)

Darktrace, data theft, Don't miss, Eye Security, Hot stuff, Huntress, Malware, News, Palo Alto Networks, Sophos, Windows Server /

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) 2025-10-30 at 15:46 By Zeljka Zorz Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band update Last week’s release of an emergency fix for CVE-2025-59287, a Windows Server Update Services (WSUS) remote code execution vulnerability,

React to this headline:

Loading spinner

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) Read More »

Ransomware, extortion groups adapt as payment rates reach historic lows

Coveware, data theft, Don't miss, extortion, Hot stuff, Insider Threat, News, Ransomware, remote access, social engineering, trends /

Ransomware, extortion groups adapt as payment rates reach historic lows 2025-10-27 at 15:12 By Zeljka Zorz Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no encryption, the payment rate dropped to just 19 percent, according

React to this headline:

Loading spinner

Ransomware, extortion groups adapt as payment rates reach historic lows Read More »

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info

CrowdStrike, data breach, data theft, Don't miss, F5 Networks, Hot stuff, IOActive, Mandiant, NCC Group, NCSC, networking, News, source code /

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info 2025-10-15 at 18:39 By Zeljka Zorz US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security products, the company confirmed today. BIG-IP vulnerabilities are often

React to this headline:

Loading spinner

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info Read More »

F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data

Big-IP, China, Data Breaches, data theft, F5, Featured, Nation-State, source code /

F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data 2025-10-15 at 18:18 By Eduard Kovacs F5 has not shared too much information on the threat actor, but the attack profile seems to point to China. The post F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data appeared first on

React to this headline:

Loading spinner

F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data Read More »

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)

data theft, Don't miss, exploit, extortion, Hot stuff, Mandiant, News, Oracle, Resecurity, WatchTowr /

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) 2025-10-07 at 15:36 By Zeljka Zorz Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the attackers were Cl0p or LAPSUS$, both, or even additional threat actors is still unknown,

React to this headline:

Loading spinner

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) Read More »

Hackers launch data leak site to extort 39 victims, or Salesforce

Data leak, data theft, Don't miss, extortion, Hot stuff, News, Salesforce, social engineering /

Hackers launch data leak site to extort 39 victims, or Salesforce 2025-10-06 at 17:44 By Zeljka Zorz Scattered Lapsus$ Hunters launched a data leak site over the weekend, aiming to pressure organizations whose Salesforce databases they have plundered into paying to prevent the stolen data from being released. Screenshot of Scattered Lapsus$ Hunters data leak

React to this headline:

Loading spinner

Hackers launch data leak site to extort 39 victims, or Salesforce Read More »

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)

data theft, Don't miss, extortion, Hot stuff, Mandiant, News, Oracle /

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) 2025-10-06 at 15:28 By Zeljka Zorz The Cl0p extortion gang exploited multiple Oracle E-Business Suite (EBS) vulnerabilities, including one zero-day flaw (CVE-2025-61882), “to steal large amounts of data from several victim[s] in August 2025,” Charles Carmakal, CTO at Mandiant – Google Cloud, stated

React to this headline:

Loading spinner

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) Read More »

Hackers claim to have plundered Red Hat’s GitHub repos

data breach, data theft, Don't miss, GitHub, Hot stuff, News, Red Hat /

Hackers claim to have plundered Red Hat’s GitHub repos 2025-10-02 at 20:00 By Zeljka Zorz The Crimson Collective, an emerging extortion / hacker group, has made a bombshell claim on their Telegram channel: they have gained access to Red Hat’s GitHub and have exfiltrated data from over 28,000 internal repositories connected to the company’s consulting

React to this headline:

Loading spinner

Hackers claim to have plundered Red Hat’s GitHub repos Read More »

Salesforce AI Hack Enabled CRM Data Theft

AI, AI hack, Artificial Intelligence, data theft, prompt injection, Salesforce AI /

Salesforce AI Hack Enabled CRM Data Theft 2025-09-25 at 21:26 By Eduard Kovacs Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak. The post Salesforce AI Hack Enabled CRM Data Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Salesforce AI Hack Enabled CRM Data Theft Read More »

ChatGPT Targeted in Server-Side Data Theft Attack

AI, Artificial Intelligence, ChatGPT, data theft, Deep Research, Featured, server side, ShadowLeak /

ChatGPT Targeted in Server-Side Data Theft Attack 2025-09-18 at 18:49 By Eduard Kovacs OpenAI has fixed this zero-click attack method called by researchers ShadowLeak. The post ChatGPT Targeted in Server-Side Data Theft Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

ChatGPT Targeted in Server-Side Data Theft Attack Read More »

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers

Arctic Wolf Networks, data theft, Don't miss, enterprise, Hot stuff, malvertising, Malware, malware analysis, News, SMBs /

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers 2025-09-09 at 09:46 By Zeljka Zorz Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for

React to this headline:

Loading spinner

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers Read More »

Salesloft Drift data breach: Investigation reveals how attackers got in

credentials, data theft, Don't miss, Hot stuff, Mandiant, News, Salesforce, Salesloft, supply chain compromise /

Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat

React to this headline:

Loading spinner

Salesloft Drift data breach: Investigation reveals how attackers got in Read More »

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Anthropic, APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, ESET, extortion, Hot stuff, LLMs, News, North Korea /

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation

React to this headline:

Loading spinner

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius

AppOmni, cloud security, credentials, data theft, Don't miss, Google, Hot stuff, News, OAuth, Salesforce, third party compromise /

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395

React to this headline:

Loading spinner

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius Read More »

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices

Asia, cybercrime, data theft, Don't miss, Europe, Hot stuff, Malware, Morphisec, News, spear-phishing, USA /

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices 2025-08-18 at 16:12 By Zeljka Zorz Attackers pushing the Noodlophile infostealer are targeting businesses with spear-phishing emails threatening legal action due to copyright or intellectual property infringement, Morphisec researchers have warned. The campaign The emails, ostensibly sent by a law firm, are tailored to

React to this headline:

Loading spinner

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices Read More »

Trojanized SonicWall NetExtender app exfiltrates VPN credentials

data theft, Don't miss, Hot stuff, Microsoft, News, SonicWall, trojan, VPN /

Trojanized SonicWall NetExtender app exfiltrates VPN credentials 2025-06-24 at 15:00 By Zeljka Zorz Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote

React to this headline:

Loading spinner

Trojanized SonicWall NetExtender app exfiltrates VPN credentials Read More »

Researchers unearth keyloggers on Outlook login pages

credentials, data theft, Don't miss, Government, Hot stuff, Microsoft Exchange, News, Outlook, Positive Technologies /

Researchers unearth keyloggers on Outlook login pages 2025-06-17 at 18:37 By Zeljka Zorz Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source:

React to this headline:

Loading spinner

Researchers unearth keyloggers on Outlook login pages Read More »

Attackers fake IT support calls to steal Salesforce data

data theft, Don't miss, enterprise, extortion, Google, Hot stuff, News, Salesforce, social engineering, vishing /

Attackers fake IT support calls to steal Salesforce data 2025-06-04 at 17:47 By Zeljka Zorz Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat Intelligence Group (GTIG) has warned. The attackers in question – currently tracked as UNC6040 – are masters

React to this headline:

Loading spinner

Attackers fake IT support calls to steal Salesforce data Read More »

Scroll to Top