#DataTheft

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 day ago

Telus Digital Confirms Massive Data Breach by ShinyHunters Telus Digital has confirmed a security incident after the ShinyHunters extortion group claimed to have breached its systems using Google Cloud Platform credentials obtained from a prior third-party data theft. The actor alleges nearly 1 petabyte of internal and customer data was exfiltrated and is demanding a $65 million ransom to...

Telus Digital confirms a major breach by ShinyHunters who exploited Google Cloud credentials from a previous third-party hack. Nearly 1 petabyte of data, including call records and source code, stolen; $65M ransom demanded. #DataTheft #Canada

iT4iNT SERVER

@it4intserver.bsky.social

2 days ago

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT. PixRevolution, according to

iT4iNT SERVER Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets VDS VPS Cloud #AndroidMalware #Cybersecurity #BankingApps #CryptoWallets #DataTheft

Defensorum

@defensorum.bsky.social

3 days ago

Former Nuance Employee Pleads Guilty to Unauthorized Access of Geisinger Patient Records - Defensorum A former Nuance Communications employee pleaded guilty in federal court to obtaining information from a protected computer without authorization after accessing and copying data associated with more t...

🚨 Former Nuance employee pleads guilty to accessing 1.2M Geisinger patient records 🔒Employee exploited existing credentials after termination 📊 Names, birth dates, medical record numbers copied #InsiderThreat #Healthcare #DataTheft 👉 www.defensorum.com/nuance-emplo...

LaneSystems

@lanesystems.bsky.social

3 days ago

ShinyHunters claims yet another Salesforce customers breach : And they abused a Mandiant-developed open source tool in the attacks

#ShinyHunters claims more high-profile victims in latest #Salesforce customers data heist
www.theregister.com/2026/03/09/s...

#Cybercrime outfit says it has stolen data from ~100 high-profile companies, including Salesforce itself.
#CyberSecurity #InfoSec #DataBreach #DataTheft

LaneSystems

@lanesystems.bsky.social

3 days ago

Fake job applications pack malware that disables EDR : Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

#Fake job applications pack #malware that kills EDR before stealing data
www.theregister.com/2026/03/10/m...

Russian-speaking cyber criminal targeting corporate HR teams for #DataTheft.
#CyberSecurity #InfoSec #CyberCrime #BlackSanta #BringYourOwnVulnerableDriver #BYOVD

RealOnionWars

@onionwars.bsky.social

4 days ago

#DOGEBag #GavinKilger is now running data and #AI for the Department of Defense.

This is the guy that was personally responsible for gutting a few agencies, and may have been involved in massive #DataTheft at SSA 🫤

#NotGreat

en.wikipedia.org/wiki/Gavin_K...

The Daily Tech Feed

@thedailytechfeed.com

4 days ago

Alert: A popular Chrome extension turned malicious after ownership change, leading to data theft and code injection. Users advised to remove suspicious extensions immediately. #CyberSecurity #ChromeExtension #DataTheft Link: thedailytechfeed.com/chrome-exten...

iT4iNT SERVER

@it4intserver.bsky.social

5 days ago

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below - QuickLens - Search Screen with

iT4iNT SERVER Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft VDS VPS Cloud #Malware #CyberSecurity #DataTheft #GoogleChrome #CodeInjection

CySecurity News

@cysecuritynews.bsky.social

1 week ago

Coruna Exploit Kit Targets iPhones With 23 Vulnerabilities Across Multiple iOS Versions  Security researchers have identified a powerful exploit framework targeting Apple iPhones running older versions of the iOS operating system.  The toolkit, called Coruna and also known as CryptoWaters, includes multiple exploit chains capable of targeting devices running iOS versions from 13.0 through 17.2.1, according to researchers from Google’s Threat Intelligence Group.  The framework contains five full exploit chains and a total of 23 vulnerabilities. Researchers said the exploit kit is not effective against the most recent versions of iOS.  “The core technical value of this exploit kit lies in its comprehensive collection of iOS exploits, with the most advanced ones using non public exploitation techniques and mitigation bypasses,” Google researchers said.  They added that the infrastructure supporting the kit is carefully designed and integrates several exploit components into a unified framework.  “The framework surrounding the exploit kit is extremely well engineered. The exploit pieces are all connected naturally and combined together using common utility and exploitation frameworks.”  According to researchers, the exploit kit has circulated among several types of threat actors since early 2025.  The toolkit first appeared in a commercial surveillance operation before being used by a government backed attacker.  By late 2025, it had reached a financially motivated threat group operating from China. Investigators say the movement of the exploit kit between groups suggests a growing underground market where previously developed zero day tools are resold and reused.  Security firm iVerify said the spread of Coruna demonstrates how advanced surveillance tools can move beyond their original operators.  “Coruna is one of the most significant examples we’ve observed of sophisticated spyware grade capabilities proliferating from commercial surveillance vendors into the hands of nation state actors and ultimately mass scale criminal operations,” the company said.  Researchers first detected elements of the exploit chain in early 2025 when a surveillance customer used it within a JavaScript framework that had not been previously documented.  The framework gathers information about the targeted device including the model and the iOS version running on it. Based on this fingerprinting data, the framework delivers a suitable WebKit remote code execution exploit.  One of the vulnerabilities used in the chain was CVE-2024-23222, a type confusion flaw in Apple’s WebKit browser engine that was patched in January 2024.  The framework appeared again in July 2025 when it was discovered on a domain used to deliver malicious content through hidden iframes on compromised websites in Ukraine.  These sites included pages related to industrial tools, retail services and e commerce platforms.  Researchers believe a suspected Russian espionage group tracked as UNC6353 was responsible for that activity. The exploit framework was delivered only to certain users based on their geographic location and device characteristics.  A third wave of activity was identified in December 2025. In that campaign, attackers used a network of fake Chinese websites related to financial topics to distribute the exploit kit.  Visitors were encouraged to access the sites from iPhones or iPads for a better browsing experience. Once accessed from an Apple device, the websites inserted a hidden iframe that triggered the Coruna exploit kit. This campaign has been linked to a threat cluster tracked as UNC6691.  Further investigation uncovered a debug version of the exploit kit along with several exploit samples spanning five complete attack chains.  Researchers said the kit includes vulnerabilities affecting several generations of iOS. These include exploits targeting iOS 13 through iOS 17.2.1 using vulnerabilities such as CVE-2020-27932, CVE-2022-48503, CVE-2023-32409 and CVE-2024-23222.  Some of the vulnerabilities in the toolkit had previously been used as zero day exploits in earlier operations.  “Photon and Gallium are exploiting vulnerabilities that were also used as zero days as part of Operation Triangulation,” Google researchers said.  Once a device is compromised, attackers can deploy additional malware components. In the case of the UNC6691 campaign, the exploit chain delivered a stager called PlasmaLoader.  The program is designed to decode QR codes embedded in images and retrieve additional modules from external servers. These modules can then collect sensitive data from cryptocurrency wallet applications including Base, Bitget Wallet, Exodus and MetaMask.  Researchers said the malware contains hard coded command and control servers along with a fallback system that generates domain names automatically using a domain generation algorithm seeded with the word lazarus.  A notable characteristic of the Coruna exploit kit is that it avoids running on devices using Apple’s Lockdown Mode or devices browsing in private mode. Security researchers recommend that iPhone users update their devices to the latest version of iOS and enable Lockdown Mode when additional protection is needed.

Coruna Exploit Kit Targets iPhones With 23 Vulnerabilities Across Multiple iOS Versions #Apple #CyberSecurity #DataTheft

LaneSystems

@lanesystems.bsky.social

1 week ago

French DIY etailer ManoMano admits customer data stolen : Crooks claim they helped themselves to over 37M accounts during January hit on subcontractor

French DIY etailer #ManoMano admits customer data stolen
www.theregister.com/2026/02/27/m...

Crooks claim they helped themselves to over 37M accounts during January hit on subcontractor.
#CyberSecurity #InfoSec #CyberCrime #DataBreach #DataTheft #DataProtection #eCommerce

LaneSystems

@lanesystems.bsky.social

1 week ago

Double whammy: Steaelite RAT bundles data theft, ransomware : Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife

Double whammy: #Steaelite RAT bundles #datatheft, #ransomware in one evil tool
www.theregister.com/2026/02/27/d...

Researchers warn that new remote access trojan being sold on #cybercrime networks for double extortion attacks on #Windows machines.
#CyberSecurity #InfoSec #ThreatIntelligence

Winbuzzer

@winbuzzer.com

2 weeks ago

winbuzzer.com/2026/02/27/a...

Anthropic's Claude AI Used to Steal 150GB of Mexican Government Data

#AI #Anthropic #Claude #Cybersecurity #Cybercrime #Cyberespionage #DataTheft #Hacking #ThreatIntelligence #AISafety #AgenticAI #Exploits #GambitSecurity

Ahmandonk

@ahmandonk.bsky.social

2 weeks ago

📰 UFP Technologies Ungkap Pencurian Data dalam Insiden Serangan Siber

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/26/ufp-technolog...

#cyberSecurity #dataBreach #dataTheft #hacking #healthcare #itSecurity #manufacturing #ransomware

The Daily Tech Feed

@thedailytechfeed.com

2 weeks ago

Anthropic uncovers massive data extraction by Chinese AI firms DeepSeek, Moonshot AI, and MiniMax, violating terms to replicate Claude's capabilities. #AI #CyberSecurity #DataTheft #Anthropic #Claude Link: thedailytechfeed.com/chinese-ai-f...

Ahmandonk

@ahmandonk.bsky.social

2 weeks ago

📰 Arkanix Stealer Muncul sebagai Eksperimen Malware Berbasis AI yang Berumur Pendek

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/24/arkanix-steal...

#artificialIntelligence #cybersecurity #darkWeb #dataTheft #infoStealer #malware

bob3160

@bob3160.bsky.social

2 weeks ago

Cyber Bob’s Cyber Safety Tip #130 The Hidden Risk of Browser Autofill (Convenient… But Is It Smart?) 💳 Most of us love convenience. Click a box… and suddenly your name, ad...

Cyber Bob’s Cyber Safety Tip #130
#bob3160 #autofill #browser #security #cybersafety #privacy #creditcard #malware #phishing #protect #datatheft #seniorsafe
bob3160.blogspot.com/2026/02/cybe...

Help Net Security

@helpnetsecurity.com

2 weeks ago

Self-spreading npm malware targets developers in new supply chain attack - Help Net Security In operation SANDWORM_MODE, 19 typosquatting npm packages steal credentials, infect projects, and spread across developer environments.

Self-spreading npm malware targets developers in new supply chain attack

📖 Read more: www.helpnetsecurity.com/2026/02/24/n...

#cybersecurity #cybersecuritnews #datatheft #malware #JavaScript #worms #softwaredevelopment @socket.dev

Defensorum

@defensorum.bsky.social

2 weeks ago

Data-Only Extortion Attacks Increased Eleven Times in 2025 - Defensorum Data-only extortion attacks increased elevenfold between November 2024 and November 2025, representing a measurable shift in cyber extortion activity documented in recent threat reporting. Report Find...

🚨 Data-only extortion attacks surge 1,100% in one year 📊 #ArcticWolf reports jump from 2% to 22% of incidents 💻 Attackers skip encryption, focus on data theft and threats 💊 #Ransomware and #BEC still account for 90%+ of cases #DataTheft #CyberSecurity #Compliance👉 www.defensorum.com/data-extorti...

CyberMaterial

@cybermaterial.bsky.social

2 weeks ago

Arkanix Stealer Emerges As AI Test
Read More: buff.ly/VsKLiLq

#ArkanixStealer #InfoStealer #AIMalware #CyberCrimeTools #DataTheft #ThreatResearch #MalwareEconomy #Infosec

LaneSystems

@lanesystems.bsky.social

2 weeks ago

ShinyHunters demands $1.5M not to leak Wynn Resorts data : What happens in Vegas…

#ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data
www.theregister.com/2026/02/20/s...

#WynnResorts appears to be the latest victim of data-grabbing and extortion gang.
#CyberCrime #CyberSecurity #InfoSec #DataBreach #DataTheft

LaneSystems

@lanesystems.bsky.social

2 weeks ago

Attacker gets into France's DB listing all bank accounts Infosec In Brief: PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more

Attacker gets into France's database listing all bank accounts, makes off with 1.2 million records
www.theregister.com/2026/02/22/f...

Ministry of Economics, Finance and Industrial and Digital Sovereignty reveals January incident.
#CyberSecurity #InfoSec #DataBreach #DataTheft #DataProtection

@kathykadane.bsky.social

3 weeks ago

#SURVEILLANCE
#BACKDOOR
#DATATHEFT

Financial Times US Fri, 20 Feb 2026

Tech bosses to help train ‘elite’ federal team

digitaleditionapp.ft.com/i9DX/z8ox49yh

Winbuzzer

@winbuzzer.com

3 weeks ago

winbuzzer.com/2026/02/19/f...

Fake CAPTCHA Trick Installs StealC on Windows PCs

#Windows #Security #Cybersecurity #StealC #Malware #Cybercrime #Hackers #WindowsSecurity #PowerShell #Scams #DataTheft #ThreatActors #CyberThreats #Cyberattacks #MicrosoftOutlook #Steam #Cryptocurrency

Help Net Security

@helpnetsecurity.com

3 weeks ago

Ex-Google engineers charged with orchestrating high-tech secrets extraction - Help Net Security A federal grand jury has indicted three Silicon Valley engineers on charges in a scheme to steal trade secrets from Google.

Ex-Google engineers charged with orchestrating high-tech secrets extraction

🔗 Read more: www.helpnetsecurity.com/2026/02/20/g...

#Google #datatheft #cyberespionage

LaneSystems

@lanesystems.bsky.social

3 weeks ago

Adidas investigates third-party data breach : 'Potential data protection incident' at an 'independent licensing partner,' we're told

#Adidas investigates third-party #databreach after criminals claim they pwned the sportswear giant
www.theregister.com/2026/02/18/a...

Confirms 'potential #dataprotection incident' at an 'independent licensing partner'.
#CyberSecurity #InfoSec #CyberCrime #DataTheft

LaneSystems

@lanesystems.bsky.social

3 weeks ago

ShinyHunters allegedly drove off with 1.7M CarGurus records : Latest in a rash of grab-and-leak data incidents

#ShinyHunters allegedly drove off with 1.7M #CarGurus records
www.theregister.com/2026/02/18/s...

Latest in a rash of grab-and-leak data incidents
#CyberSecurity #InfoSec #CyberCrime #DataBreach #DataTheft #DataLeak

ReconBee

@reconbee.bsky.social

3 weeks ago

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft are used to create the malicious binaries read more about New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft reconbee.com/new-zerodayr...

#ZeroDayRAT #zerodayattack #zeroday #spyware #datatheft #cyberattack #cybersecurity

LaneSystems

@lanesystems.bsky.social

1 month ago

Dutch telco Odido admits 6.2M customers affected in breach : Names, addresses, bank account numbers accessed – but biz insists passwords and call data untouched

Top Dutch telco #Odido admits 6.2M customers caught in contact system caper
www.theregister.com/2026/02/13/o...

Netherlands' largest mobile network operator warns of #databreach.
#CyberSecurity #InfoSec #CyberCrime #DataTheft #DataProtection

EMPIST

@empist.bsky.social

1 month ago

Fake AI Chrome extensions with 300K users steal credentials, emails A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.

Beware of fake AI Chrome extensions! Over 300K users affected by malicious add-ons stealing credentials, emails, and browsing data. Check your extensions regularly! 🛡️ #CyberSecurity #AI #ChromeExtensions #DataTheft #OnlineSafety snip.ly/p810n2