Advertisement
Angelo Martino Pleads Guilty to Aiding BlackCat Ransomware Attacks
Angelo Martino pleaded guilty to collaborating with BlackCat (ALPHV) ransomware operators, facilitating credential-based breaches and high-stakes negotiations.
Python Infostealer Targeting Browser Credentials and Discord Tokens
Technical analysis of a Python-based infostealer leveraging Discord webhooks for exfiltration, targeting browser credentials and session tokens.
Vercel Breach: Third-Party Context.ai Compromise Leads to Data Exposure
Vercel reports a security incident where a compromised third-party AI tool, Context.ai, allowed attackers to access internal Google Workspace accounts.
Identity-First Zero Trust Strategies to Prevent Credential Theft
Learn how Zero Trust architecture mitigates stolen credentials and lateral movement by enforcing device trust, least privilege, and continuous verification.
VIP Credential Monitoring: Defending High-Value Targets
Learn how VIP credential monitoring protects high-privilege users from account takeover by tracking exposures across personal and corporate email domains.
FBI and Indonesia Dismantle W3LL Phishing Infrastructure
Law enforcement dismantles the W3LL phishing toolkit infrastructure responsible for $20M in fraud attempts and thousands of credential thefts globally.
Detecting Credential-Based Attacks: Moving Beyond Signatures
Identity-based attacks leverage valid credentials to mimic legitimate activity, requiring a shift toward behavioral detection and identity-centric monitoring.
CVE-2025-55182: Hackers Exploit React2Shell in Next.js Applications
Security researchers observe automated credential theft campaigns exploiting the React2Shell vulnerability (CVE-2025-55182) in vulnerable Next.js frameworks.
Telnyx PyPI Package Compromised by TeamPCP via Steganography
TeamPCP threat actors distributed malicious Telnyx Python package versions 4.87.1 and 4.87.2 on PyPI to harvest credentials using hidden WAV files.
TikTok for Business Phishing Campaign Evades Security Bots
A new TikTok for Business phishing campaign uses sophisticated bot-evasion techniques to steal corporate credentials and hijack advertising assets.
Underground Markets Pivot to Premium AI Account Trading
Cybercriminals are increasingly trading stolen premium AI accounts to enhance social engineering, automate malware creation, and bypass safety filters.
SVG-Based Phishing: Using Scalable Vector Graphics for Credential Theft
Discover how threat actors leverage SVG files to bypass email filters and execute credential theft through embedded JavaScript and HTML forms.