Tag

Data Theft

All articles tagged with #data theft

computing1 month ago•81 min saved

108 Chrome extensions quietly exfiltrate data and inject ads across sites — remove them now

Security researchers found 108 malicious Chrome extensions—designed as games, utilities, or add-ons—that quietly siphon user data and inject ads across every site. Despite different publishers, all stolen data is sent to a single command-and-control server; 54 extensions harvest Gmail addresses, full names, and Google 'sub' IDs to build a persistent profile. If you have any of these extensions installed, delete them via Chrome or Edge extensions manager. To stay safe, download only trusted extensions, inspect permissions, enable Enhanced Safe Browsing, and consider antivirus and identity protection to guard against similar threats.

via Tom's Guide|

#chrome #computing #data-theft

security2 months ago•6 min saved

ShinyHunters claim new Salesforce Aura breach via misconfigured guest access

Salesforce warns customers that misconfigured Experience Cloud guest access can let unauthenticated visitors query CRM data, while ShinyHunters claims to be exploiting a bug with a modified AuraInspector to steal data. Salesforce stresses there is no platform flaw and urges admins to audit guest permissions, set org defaults to private, disable API access for guest profiles, turn off self-registration, and monitor Aura Event Monitoring. Mandiant confirms AuraInspector misuse and notes that detection in logs does not guarantee a breach.

via BleepingComputer|

#aura #data-theft #experience-cloud

technology3 months ago•1 min saved

Anthropic accuses Chinese rivals of industrial-scale AI capability theft via distillation

Anthropic says three Chinese labs used a distillation technique to siphon Claude's capabilities through about 16 million exchanges and 24,000 fake accounts, circumventing export controls and raising national-security concerns; OpenAI has issued similar charges, prompting calls for coordinated industry and government action to counter illicit access and safeguard safety guardrails.

via The Guardian|

#artificial-intelligence #china #data-theft

threat-intelligence7 months ago•2 min saved

Oracle Releases Emergency Patch for CVE-2025-61882 Amid Cl0p Data Theft Attacks

Oracle released an emergency patch for a critical vulnerability (CVE-2025-61882) in its E-Business Suite, which has been exploited by the Cl0p ransomware group in recent data theft attacks. The flaw allows remote code execution without authentication, and indicators suggest involvement of the LAPSUS$ group. Organizations are advised to check for compromises, as exploitation has already occurred.

via The Hacker News|

#cl0p #cve-2025-61882 #data-theft

technology7 months ago•5 min saved

Oracle and Cybercriminals: Recent EBS Security Breaches and Extortion Attacks

Oracle has issued a critical security update for a zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, actively exploited by the Clop ransomware gang to steal data. The flaw allows unauthenticated remote code execution and has been linked to recent data theft attacks, with threat actors sharing exploit code and indicators of compromise. Oracle urges immediate patching to prevent further exploitation.

via BleepingComputer|

#clop #data-theft #e-business-suite

cybersecurity8 months ago•3 min saved

FBI Alerts on Cyber Threats Targeting Salesforce Platforms

The FBI has issued alerts about two cybercriminal groups, UNC6040 and UNC6395, targeting Salesforce platforms through various methods, including OAuth token exploitation and vishing campaigns, leading to data theft and extortion activities, with threat groups like ShinyHunters potentially re-emerging after a recent shutdown.

via The Hacker News|

#cybersecurity #data-theft #fbi

world8 months ago•1 min saved

FBI Warns of Extensive Chinese Cyberattacks Targeting Global and U.S. Data

China's Salt Typhoon cyberattack, spanning years and targeting over 80 countries, may have stolen data from nearly every American, highlighting China's advanced cyber capabilities and potential for global surveillance.

via The New York Times|

#china #cyberattack #data-theft

world9 months ago•2 min saved

Nevada Faces Rising Cyber Threats Impacting State Services

Federal and state officials are investigating a ransomware attack in Nevada that disrupted key government services and resulted in data theft, with ongoing efforts to analyze the stolen information and restore security, involving CISA and FBI assistance.

via Cybersecurity Dive|

#cyberattack #data-theft #government-services

technology9 months ago•2 min saved

Hidden Data-Theft Prompts Exploit AI Image Resizing

Researchers have discovered a new AI attack that embeds hidden instructions in images through downscaling, which can lead to data theft and unauthorized actions when processed by AI systems. The attack exploits artifacts created during image resampling to hide malicious prompts that are interpreted by AI models, potentially compromising user data and system integrity. Mitigation strategies include imposing image dimension limits, providing preview feedback, and requiring user confirmation for sensitive operations. The researchers also released an open-source tool to demonstrate the attack.

via BleepingComputer|

#ai-security #data-theft #image-manipulation

technology10 months ago•2 min saved

Critical Zero-Day Flaw Exposes CrushFTP Servers to Hijack Attacks

Over 1,000 CrushFTP servers are vulnerable to hijack attacks due to a critical security flaw (CVE-2025-54309) affecting versions below 10.8.5 and 11.3.4_23, with attackers exploiting the bug for potential data theft and unauthorized access. The vendor recommends updating and monitoring logs, as unpatched servers remain at risk, and ongoing attacks have been observed in the wild.

via BleepingComputer|

#crushftp #cve-2025-54309 #data-theft

business11 months ago•3 min saved

Aflac Reports Data Breach Amid Industry-Wide Cyberattacks

Aflac disclosed a cybersecurity breach likely caused by the Scattered Spider group, targeting insurance companies across the U.S., potentially exposing sensitive personal and health information. The company responded quickly, confirming no ransomware impact and continuing normal operations, while external experts investigate the incident.

via BleepingComputer|

#aflac #business #cybersecurity-breach

cybersecurity11 months ago•4 min saved

Fake Minecraft Mods on GitHub Stealing Player Data and Malware

A malware campaign targeting Minecraft players involves malicious GitHub repositories masquerading as mods, delivering Java loaders that download second-stage stealers capable of exfiltrating credentials, tokens, and system information, affecting over 1,500 devices and highlighting risks in gaming communities.

via The Hacker News|

#cybersecurity #data-theft #github

cybersecurity1 year ago•5 min saved

Malicious npm and VS Code Packages Exploiting Developers and Stealing Data

Researchers have uncovered over 70 malicious npm and VS Code packages used for data theft, cryptomining, and destructive payloads, with threat actors deploying sophisticated techniques including masquerading as legitimate tools, evading sandbox detection, and using multi-stage infection chains to compromise developers' systems and steal sensitive information.

via The Hacker News|

#cryptocurrency #cybersecurity #data-theft

cybersecurity2 years ago•3 min saved

"SoumniBot: Evading Detection and Exploiting Android Weaknesses"

A new Android banking malware called SoumniBot is evading detection by exploiting weaknesses in the Android manifest extraction and parsing procedure, allowing it to steal information from infected devices. The malware uses three different methods to manipulate the manifest file's compression and size, tricking Android's parser and evading security checks. SoumniBot targets Korean users, hides its icon after installation, and remains active in the background, uploading data from the victim. Kaspersky has informed Google about the evasion methods, and provides indicators of compromise for the malware.

via BleepingComputer|

#android #cybersecurity #data-theft

sports2 years ago•4 min saved

Timberwolves Executive Charged with Theft of 'Strategic NBA Information' Hard Drive

The Minnesota Timberwolves executive had a hard drive stolen containing "strategic NBA information" that was later copied, leading to legal charges being filed.

via Star Tribune|

#data-theft #executive #legal-charges