Hackread

Hacker Leaks 144GB of Royal Mail Group Data, Blames Supplier Spectos

Royal Mail Group, the UK’s centuries-old postal institution, has allegedly suffered a massive data breach resulting in the leak of 144GB of internal files, customer information, and marketing data.

Hackers Hide VenomRAT Malware Inside Virtual Hard Disk Image Files

In this campaign, cybercriminals deliver the dangerous VenomRAT hidden inside a virtual hard disk image file (.vhd) instead of the usually infected documents or executable files.

Fake Binance Wallet Email Promises TRUMP Coin, Installs Malware

The phishing emails, sent under the name “Binance,” urge recipients to claim newly launched Trump-themed cryptocurrency. A link directs users to a counterfeit Binance website that mimics official branding.

Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts

According to SlashNext’s research, the Astaroth phishing kit is designed to bypass two-factor authentication (2FA) through a combination of session hijacking and real-time credential interception.

Scammers Use Fake Facebook Copyright Notices to Hijack Accounts

This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.

New ValleyRAT Malware Variant Spreads via Fake Chrome Downloads

Cybersecurity researchers at Morphisec Threat Lab discovered a new version of the sophisticated ValleyRAT malware distributed through various channels including phishing emails, instant messaging platforms, and compromised websites.

Double-Entry Web Skimming Attack Campaign Hits 17 Websites

Interestingly, unlike typical skimmers that target checkout pages, this one targeted the cart page. It intercepted the checkout button click and presented users with a fake, multi-step payment form within a pop-up window.

Lumma Stealer Found in Fake Crypto Tools and Game Mods on GitHub

Researchers revealed a network of malicious repositories offering seemingly legitimate content such as game hacks, cracked software, and free cryptocurrency tools, all designed to lure unsuspecting users into downloading and executing harmful code.

Hackers Use XWorm RAT to Exploit Script Kiddies, Pwning 18,000 Devices

This campaign resulted in compromising over 18,459 devices globally. The stolen data included sensitive information like browser credentials, Discord tokens, Telegram data, and system information from the compromised devices.

Malicious Kong Ingress Controller Image Found on DockerHub

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account and replaced the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags