steal

  • Blog
    digitpatrox6 days ago
    25

    Hackers use fake Ledger apps to steal Mac users’ seed phrases

    Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. Ledger is a popular hardware-based wallet designed to store cryptocurrency offline (cold storage) and in a secure manner. A seed or recovery phrase is a set of 12 or 24 random…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    41

    CoGUI phishing platform sent 580 million emails to steal credentials

    A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. The messages impersonate major brands like Amazon, Rakuten, PayPal, Apple, tax agencies, and banks. The activity culminated in January 2025, where 170 campaigns sent 172,000,000 phishing messages to targets, but the following months maintained…

    Read More »
  • Blog
    digitpatroxApril 26, 2025
    52

    Craft CMS RCE exploit chain used in zero-day attacks to steal data

    Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The vulnerabilities were discovered by Orange Cyberdefense’s CSIRT, which was called in to investigate a compromised server. As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS were exploited to breach the…

    Read More »
  • Blog
    digitpatroxApril 22, 2025
    45

    Ripple’s recommended XRP library xrpl.js hacked to steal wallets

    The recommended Ripple cryptocurrency NPM JavaScript library named “xrpl.js” was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets. Malicious code was added to versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of the xrpl NPM package and published to the NPM…

    Read More »
  • Blog
    digitpatroxApril 9, 2025
    50

    This potent malware variant can hijack your Windows PC, steal passwords, and more: Neptune RAT is spreading on GitHub, Telegram, and even YouTube – and experts warn ‘anyone could use it to launch attacks’

    A new version of the Neptune RAT malware has emerged, security researchers have warned, and is spreading on GitHub, Telegram, and even YouTube. The remote access trojan is ‘an extremely serious threat’ being offered on the ransomware-as-a-service model, according to researchers at Cyfirma. Affecting Windows devices, it hijacks Chromium-based browsers including Chrome, Brave, and Opera using a Chromium.dll attack that…

    Read More »
  • Blog
    digitpatroxMarch 21, 2025
    77

    Fake Semrush ads used to steal SEO professionals’ Google accounts

    A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. Malwarebytes researcher Jerome Segura and SEO strategist Elie Berreby believe that the threat actor is after Google Ads accounts that would enable them to create new malvertising campaigns. This type of “cascading fraud” has been gaining traction recently, as Malwarebytes uncovered in January a…

    Read More »
  • Blog
    digitpatroxMarch 18, 2025
    79

    Blockchain gaming platform WEMIX hacked to steal $6.1 million

    Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. During a press conference held yesterday, WEMIX’s CEO Kim Seok-Hwan confirmed the incident occurred on February 28, 2025, explaining that the delay in issuing a public announcement wasn’t an attempt to cover it up, but rather…

    Read More »
  • Blog
    digitpatroxFebruary 23, 2025
    185

    Fake CS2 tournament streams used to steal crypto, Steam accounts

    Threat actors are exploiting major Counter-Strike 2 (CS2) competitions, like IEM Katowice 2025 and PGL Cluj-Napoca 2025, to defraud gamers and steal their Steam accounts and cryptocurrency. Although CS2 first launched 13 years ago, it still maintains a massive community of plays and an active professional competition landscape with multi-million rewards. Characteristically, earlier this month, CS2 achieved a new peak…

    Read More »
  • Blog
    digitpatroxFebruary 15, 2025
    165

    Hackers steal emails in device code phishing attacks

    An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat actors behind the device code…

    Read More »
  • Blog
    digitpatroxFebruary 4, 2025
    251

    A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFA

    Hackers are targeting organizations around the world that rely on Microsoft’s Active Directory Federation Services (ADFS) secure access system in an ongoing phishing campaign, according to new research. Analysis from Abnormal Security describes how Microsoft’s ADfS, a legacy single-sign-on (SSO) solution that allows employees to use one set of credentials to authenticate across multiple applications and environments, is being mimicked…

    Read More »
Load More
Back to top button
close