ARC Labs recently analyzed a phishing email used in a credential harvesting campaign that leveraged a lure notifying the target they received a voice message and needed to visit a link to access it. Analysis of the payload revealed heavily obfuscated HTML data which executed JavaScript code embedded within an SVG image when the page […]
PetSmart, a major pet retail company, has issued a warning to customers about credential stuffing attacks aimed at breaching their accounts. As a precaution, passwords for accounts logged in during the attack have been reset.
The Akira ransomware gang breached BHI Energy’s network through a stolen VPN credential and stole a significant amount of data, including the personal information of employees.
The hacker responsible for launching a credential stuffing attack against biotechnology company 23andMe to steal users’ personal data has leaked more data stolen in the cyber attack via the dark web. The data leaked to the notorious dark web forum, BreachForums, includes the genetic data profiles of 4.1 million people across Great Britain and Germany. […]
The hacker responsible for launching a credential stuffing attack against biotechnology company 23andMe to steal users’ personal data has leaked more data stolen in the cyber attack via the dark web. The data leaked to the notorious dark web forum, BreachForums, includes the genetic data profiles of 4.1 million people across Great Britain and Germany. […]
A credential harvesting campaign is targeting Citrix NetScaler gateways that have not been patched against a recent vulnerability, IBM reports. Tracked as CVE-2023-3519 (CVSS score of 9.8), the vulnerability was disclosed in July, but had been exploited since June 2023, with some of the attacks targeting critical infrastructure organizations. By mid-August, threat actors exploited this […]