Security News

HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft
2024-12-18 14:10

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure...

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
2024-12-13 20:00

A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000...

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
2024-12-12 14:24

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as...

Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
2024-12-09 16:15

ShinyHunters-linked heist thought to have been ongoing since March Exclusive A massive online heist targeting AWS customers during which digital crooks abused misconfigurations in public websites...

New Windows zero-day exposes NTLM credentials, gets unofficial patch
2024-12-06 16:32

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. [...]

Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security?
2024-12-04 17:04

Datadog advises Australian and APAC companies to phase out long-lived cloud credentials.

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
2024-12-03 09:51

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately...

VPN vulnerabilities, weak credentials fuel ransomware attacks
2024-11-28 05:00

Attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks, according to Corvus Insurance. According...

Google's New Restore Credentials Tool Simplifies App Login After Android Migration
2024-11-25 14:22

Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's...

Preventing credential theft in the age of AI
2024-11-21 04:30

In this Help Net Security video, Tina Srivastava, MIT Lecturer and CEO of Badge, discusses a 20-year cryptography problem – using biometrics for authentication without storing a face/finger/voice...