Security News

Australian pension funds hit by wave of credential stuffing attacks
2025-04-04 16:12

Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. [...]

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)
2025-04-03 13:04

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known...

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
2025-03-29 07:28

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a...

New Atlantis AIO platform automates credential stuffing on 140 services
2025-03-26 17:44

A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. [...]

Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
2025-03-26 08:53

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a...

Malicious ads target Semrush users to steal Google account credentials
2025-03-21 12:27

Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials. The fraudulent campaign...

Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
2025-03-18 07:00

Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an...

Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype
2025-03-13 14:01

Credential theft surged 3× in a year—but AI-powered malware? More hype than reality. The Red Report 2025 by Picus Labs reveals attackers still rely on proven tactics like stealth & automation to...

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
2025-03-10 14:47

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect...

Cisco warns of Webex for BroadWorks flaw exposing credentials
2025-03-04 18:40

Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. [...]