data theft

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) 2025-10-06 at 15:28 By Zeljka Zorz The Cl0p extortion gang exploited multiple Oracle E-Business Suite (EBS) vulnerabilities, including one zero-day flaw (CVE-2025-61882), “to steal large amounts of data from several victim[s] in August 2025,” Charles Carmakal, CTO at Mandiant – Google Cloud, stated […]

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) Read More »

Hackers claim to have plundered Red Hat’s GitHub repos

Hackers claim to have plundered Red Hat’s GitHub repos 2025-10-02 at 20:00 By Zeljka Zorz The Crimson Collective, an emerging extortion / hacker group, has made a bombshell claim on their Telegram channel: they have gained access to Red Hat’s GitHub and have exfiltrated data from over 28,000 internal repositories connected to the company’s consulting

Hackers claim to have plundered Red Hat’s GitHub repos Read More »

Salesforce AI Hack Enabled CRM Data Theft

Salesforce AI Hack Enabled CRM Data Theft 2025-09-25 at 21:26 By Eduard Kovacs Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak. The post Salesforce AI Hack Enabled CRM Data Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Salesforce AI Hack Enabled CRM Data Theft Read More »

ChatGPT Targeted in Server-Side Data Theft Attack

ChatGPT Targeted in Server-Side Data Theft Attack 2025-09-18 at 18:49 By Eduard Kovacs OpenAI has fixed this zero-click attack method called by researchers ShadowLeak. The post ChatGPT Targeted in Server-Side Data Theft Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

ChatGPT Targeted in Server-Side Data Theft Attack Read More »

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers 2025-09-09 at 09:46 By Zeljka Zorz Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers Read More »

Salesloft Drift data breach: Investigation reveals how attackers got in

Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat

Salesloft Drift data breach: Investigation reveals how attackers got in Read More »

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius Read More »

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices 2025-08-18 at 16:12 By Zeljka Zorz Attackers pushing the Noodlophile infostealer are targeting businesses with spear-phishing emails threatening legal action due to copyright or intellectual property infringement, Morphisec researchers have warned. The campaign The emails, ostensibly sent by a law firm, are tailored to

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices Read More »

Trojanized SonicWall NetExtender app exfiltrates VPN credentials

Trojanized SonicWall NetExtender app exfiltrates VPN credentials 2025-06-24 at 15:00 By Zeljka Zorz Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote

Trojanized SonicWall NetExtender app exfiltrates VPN credentials Read More »

Researchers unearth keyloggers on Outlook login pages

Researchers unearth keyloggers on Outlook login pages 2025-06-17 at 18:37 By Zeljka Zorz Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source:

Researchers unearth keyloggers on Outlook login pages Read More »

Attackers fake IT support calls to steal Salesforce data

Attackers fake IT support calls to steal Salesforce data 2025-06-04 at 17:47 By Zeljka Zorz Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat Intelligence Group (GTIG) has warned. The attackers in question – currently tracked as UNC6040 – are masters

Attackers fake IT support calls to steal Salesforce data Read More »

Lumma Stealer Malware-as-a-Service operation disrupted

Lumma Stealer Malware-as-a-Service operation disrupted 2025-05-21 at 21:21 By Zeljka Zorz A coordinated action by US, European and Japanese authorities and tech companies like Microsoft and Cloudflare has disrupted the infrastructure behind Lumma Stealer, the most significant infostealer threat at the moment. What is Lumma Stealer? Lumma Stealer is Malware-as-a-Service offering beloved by a wide

Lumma Stealer Malware-as-a-Service operation disrupted Read More »

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected 2025-04-15 at 17:21 By Zeljka Zorz American car rental company Hertz has suffered a data breach linked to last year’s exploitation of Cleo zero-day vulnerabilities by a ransomware gang. The breach resulted in information of an unknown number of customers of Hertz and

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected Read More »

North Korean IT workers set their sights on European organizations

North Korean IT workers set their sights on European organizations 2025-04-02 at 13:05 By Zeljka Zorz North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also increasingly attempting to

North Korean IT workers set their sights on European organizations Read More »

Stealthy StilachiRAT steals data, may enable lateral movement

Stealthy StilachiRAT steals data, may enable lateral movement 2025-03-18 at 15:48 By Zeljka Zorz While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat. “[The malware] demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” Microsoft threat analysts have warned on

Stealthy StilachiRAT steals data, may enable lateral movement Read More »

Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)

Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) 2025-02-05 at 18:49 By Zeljka Zorz XE Group, a cybercriminal outfit that has been active for over a decade, has been quietly exploiting zero-day vulnerabilities (CVE-2025-25181, CVE-2024-57968) in VeraCore software, a popular solution for warehouse management and order fulfillment. According to Intezer and Solis Security

Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) Read More »

Casio UK site compromised, equipped with web skimmer

Casio UK site compromised, equipped with web skimmer 2025-02-04 at 13:20 By Zeljka Zorz Japanese electronics maker Casio has had its UK website injected with a web skimmer that collected buyers’ personal and payment card information, Jscrambler has discovered. The company says that the same skimmer has been added to at least seventeen (and possibly

Casio UK site compromised, equipped with web skimmer Read More »

DeepSeek’s popularity exploited to push malicious packages via PyPI

DeepSeek’s popularity exploited to push malicious packages via PyPI 2025-02-03 at 15:33 By Zeljka Zorz Two malicious packages leveraging the DeepSeek name have been published to the Python Package Index (PyPI) package repository, and in the 30 minutes or so they were up, they have been downloaded 36 times. The malicious packages The attack started

DeepSeek’s popularity exploited to push malicious packages via PyPI Read More »

North Korean IT workers are extorting employers, FBI warns

North Korean IT workers are extorting employers, FBI warns 2025-01-24 at 16:48 By Zeljka Zorz The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world. While corporate espionage comes to mind first, the threat goes beyond that: “In

North Korean IT workers are extorting employers, FBI warns Read More »

Scroll to Top