Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybercriminals. Show all posts
Personal Data
Cyber Security cybercriminals Data Privacy data security data stealing Discord user data leak Impersonation Personal Data

Cybercriminals Exploit Law Enforcement Data Requests to Steal User Information

 

While most of the major data breaches occur as a result of software vulnerabilities, credit card information theft, or phishing attacks, increasingly, identity theft crimes are being enacted via an intermediary source that is not immediately apparent. Some of the biggest firms in technology are knowingly yielding private information to what they believe are lawful authorities, only to realize that the identity thieves were masquerading as such.  

Technology firms such as Apple, Google, and Meta are mandated by law to disclose limited information about their users to the relevant law enforcement agencies in given situations such as criminal investigations and emergency situations that pose a threat to human life or national security. Such requests for information are usually channeled through formal systems, with a high degree of priority since they are often urgent. All these companies possess detailed information about their users, including their location history, profiles, and gadget data, which is of critical use to law enforcement. 

This process, however, has also been exploited by cybercriminals. These individuals try to evade the security measures that safeguard data by using law enforcement communication mimicking. One of the recent tactics adopted by cyber criminals is the acquisition of typosquatting domains or email addresses that are almost similar to law enforcement or governmental domains, with only one difference in the characters. These malicious parties then send sophisticated emails to companies’ compliance or legal departments that look no different from law enforcement emails. 

In more sophisticated attacks, the perpetrators employ business email compromise to break into genuine email addresses of law enforcement or public service officials. Requests that appear in genuine email addresses are much more authentic, which in turn multiplies the chances of companies responding positively. Even though this attack is more sophisticated, it is also more effective since it is apparently coming from authentic sources. These malicious data requests can be couched in the terms of emergency disclosures, which could shorten the time for verification. 

This emergency request is aimed at averting real damage that could occur immediately, but the attacker takes advantage of the urgency in convincing companies to disclose information promptly. Using such information, identity theft, money fraud, account takeover, or selling on dark markets could be the outcome. Despite these dangers, some measures have been taken by technology companies to ensure that their services are not abused. Most of the major companies currently make use of law enforcement request portals that are reviewed internally before any data sharing takes place. Such requests are reviewed for their validity, authority, and compliance with the law before any data is shared. 

This significantly decreased the number of cases of data abuse but did not eradicate the risk. As more criminals register expertise in impersonation schemes that exploit trust-based systems, it is evident that the situation also embodies a larger challenge for the tech industry. It is becoming increasingly difficult to ensure a good blend of legal services to law-enforcement agencies with the need to safeguard the privacy of services used by users. Abuse of law-enforcement data request systems points to the importance of ensuring that sensitive information is not accessed by criminals.
Read more »
Personal Information
cybercriminals Data Breach Data Leak Data protection data security Financial Information Personal Information

Where Your Data Goes After a Breach and How to Protect Yourself

 

Data breaches happen every day—and they’re almost never random. Most result from deliberate, targeted cyberattacks or the exploitation of weak security systems that allow cybercriminals to infiltrate networks and steal valuable data. These breaches can expose email addresses, passwords, credit card details, Social Security numbers, medical records, and even confidential business documents. While it’s alarming to think about, understanding what happens after your data is compromised is key to knowing how to protect yourself.  

Once your information is stolen, it essentially becomes a commodity traded for profit. Hackers rarely use the data themselves. Instead, they sell it—often bundled with millions of other records—to other cybercriminals who use it for identity theft, fraud, or extortion. In underground networks, stolen information has its own economy, with prices fluctuating depending on how recent or valuable the data is. 

The dark web is the primary marketplace for stolen information. Hidden from regular search engines, it provides anonymity for sellers and buyers of credit cards, logins, and personal identifiers. Beyond that, secure messaging platforms such as Telegram and Signal are also used to trade stolen data discreetly, thanks to their encryption and privacy features. Some invite-only forums on the surface web also serve as data exchange hubs, while certain hacktivists or whistleblowers may release stolen data publicly to expose unethical practices. Meanwhile, more sophisticated cybercriminal groups operate privately, sharing or selling data directly to trusted clients or other hacker collectives. 

According to reports from cybersecurity firm PrivacyAffairs, dark web markets offer everything from bank login credentials to passports and crypto wallets. Payment card data—often used in “carding” scams—remains one of the most traded items. Similarly, stolen social media and email accounts are in high demand, as they allow attackers to launch phishing campaigns or impersonate victims. Even personal documents such as birth certificates or national IDs are valuable for identity theft schemes. 

Although erasing your personal data from the internet entirely is nearly impossible, there are ways to limit your exposure. Start by using strong, unique passwords managed through a reputable password manager, and enable multi-factor authentication wherever possible. A virtual private network (VPN) adds another layer of protection by encrypting your internet traffic and preventing data collection by third parties. 

It’s also wise to tighten your social media privacy settings and avoid sharing identifiable details such as your workplace, home address, or relationship status. Be cautious about what information you provide to websites and services—especially when signing up or making purchases. Temporary emails, one-time payment cards, and P.O. boxes can help preserve your anonymity online.  

If you discover that your data was part of a breach, act quickly. Monitor all connected accounts for suspicious activity, reset compromised passwords, and alert your bank or credit card provider if financial details were involved. For highly sensitive leaks, such as stolen ID numbers, consider freezing your credit report to prevent identity fraud. Data monitoring services can also help by tracking the dark web for mentions of your personal information.

In today’s digital world, data is currency—and your information is one of the most valuable assets you own. Staying vigilant, maintaining good cyber hygiene, and using privacy tools are your best defenses against becoming another statistic in the global data breach economy.
Read more »
Online Retailers
Cyber Attacks Cyber Breaches Cyber Security Ransomware Attacks cybercriminals Cybersecurity In Retail Cybersecurity Precautions Hacker attack Online Retailers

Retail Cyberattacks Surge as Service Desks Become Prime Targets

 

In recent months, reports of retail data breaches have surfaced with alarming frequency, showing that both luxury and high-street retailers are under relentless attack. During the second quarter of 2025, ransomware incidents publicly disclosed in the global retail sector rose by 58 percent compared with the first quarter, with businesses in the United Kingdom facing the worst consequences. The outcomes of such breaches vary, but the risks are consistently severe, ranging from loss of revenue and service disruptions to long-term reputational damage. 

One recent example that highlights this growing threat is the cyberattack on Marks & Spencer (M&S), one of Britain’s most recognized retailers. Employing over 64,000 people across more than 1,000 stores, M&S reportedly fell victim to hackers believed to be part of the group Scattered Spider. The attackers infiltrated the company’s systems in February, deploying ransomware that encrypted vital infrastructure and severely disrupted operations. By impersonating employees, the cybercriminals manipulated IT help desk staff into resetting passwords and turning off multi-factor authentication. This gave them access to internal systems, where they stole a file containing password hashes from Active Directory. The fallout was severe, including a five-day suspension of online sales that cost an estimated £3.8 million per day, along with a drop of more than £500 million in market value. 

The method used against M&S was not unique. Similar techniques were applied in attacks on other UK retailers, including Co-op and Harrods. In the case of Co-op, attackers also pretended to be employees to trick IT staff into granting them access. Although Co-op managed to prevent the full deployment of ransomware by shutting down parts of its infrastructure, the company still faced major operational disruption, proving that even partial breaches can have wide-reaching effects. 

The common thread in these cases is the vulnerability of service desks. These teams often have privileged access to systems, including the ability to manage user accounts, reset credentials, and disable authentication tools. Their focus on quick support and customer service can leave them more exposed to sophisticated social engineering tactics. Because they are frequently overlooked in broader cybersecurity strategies, service desks represent a weak point that attackers are increasingly exploiting. 

To address this issue, organizations must shift their approach from reactive to proactive defense. Service desks, while designed to solve problems efficiently, need to be supported with advanced training, strong verification procedures, and layered defenses that reduce the likelihood of manipulation. Investing in security awareness, modern authentication practices, and continuous monitoring of unusual account activity is now essential. 

The rise in attacks on retailers like M&S, Co-op, and Harrods demonstrates that hackers are targeting service desks with growing precision, causing significant financial and operational harm. These incidents show the urgent need for companies to reassess their cybersecurity strategies, placing greater emphasis on the human element within IT support functions. While organizations cannot control who attackers choose to target, they can strengthen their defenses to ensure resilience when confronted with such threats.
Read more »
Phishing Scams
Credit Union Customer Data Customer Data Exposed Cyber Attacks cybercriminals Data Leak data security Hacker attack Personal Data Phishing Scams

Blackpool Credit Union Cyberattack Exposes Customer Data in Cork

 

A Cork-based credit union has issued a warning to its customers after a recent cyberattack exposed sensitive personal information. Blackpool Credit Union confirmed that the breach occurred late last month and subsequently notified members through a formal letter. Investigators determined that hackers may have gained access to personal records, including names, contact information, residential addresses, dates of birth, and account details. While there is no evidence that any funds were stolen or PIN numbers compromised, concerns remain that the stolen data could be misused. 

The investigation raised the possibility that cybercriminals may publish the stolen records on underground marketplaces such as the dark web. This type of exposure increases the risk of identity theft or secondary scams, particularly phishing attacks in which fraudsters impersonate trusted organizations to steal additional details from unsuspecting victims. Customers were urged to remain vigilant and to treat any unsolicited communication requesting personal or financial information with caution. 

The Central Bank of Ireland has been briefed on the situation and is monitoring developments. It has advised any members with concerns to reach out directly to Blackpool Credit Union through its official phone line. Meanwhile, a spokesperson for the credit union assured the public that services remain operational and that members can continue to access assistance in person, by phone, or through email. The organization emphasized that safeguarding customer data remains a priority and expressed regret over the incident. Impacted individuals will be contacted directly for follow-up support. 

The Irish League of Credit Unions reinforced the importance of caution, noting that legitimate credit unions will never ask members to verify accounts through text messages or unsolicited communications. Fraudsters often exploit publicly available details to appear convincing, setting up sophisticated websites and emails to lure individuals into disclosing confidential information. Customers were reminded to independently verify the authenticity of any suspicious outreach and to rely on official registers when dealing with financial services.  

Experts warn that people who have already fallen victim to scams are more likely to be targeted again. Attackers often pressure individuals into making hasty decisions, using the sense of urgency to trick them into disclosing sensitive information or transferring money. Customers were encouraged to take their time before responding to unexpected requests and to trust their instincts if something feels unusual or out of place.

The Central Bank reiterated its awareness of the breach and confirmed that it is in direct communication with Blackpool Credit Union regarding the response measures. Members seeking clarification were again directed to the credit union’s official helpline for assistance.
Read more »
Phishing Attack
Browser Security Browser Vulnerability Cyber Attacks cybercriminals data attacks data security Data Theft Phishing Attack

Browser-Based Attacks in 2025: Key Threats Security Teams Must Address

 

In 2025, the browser has become one of the primary battlefields for cybercriminals. Once considered a simple access point to the internet, it now serves as the main gateway for employees into critical business applications and sensitive data. This shift has drawn attackers to target browsers directly, exploiting them as the weakest link in a highly connected and decentralized work environment. With enterprises relying heavily on SaaS platforms, online collaboration tools, and cloud applications, the browser has transformed into the focal point of modern cyberattacks, and security teams must rethink their defenses to stay ahead. 

The reason attackers focus on browsers is not because of the technology itself, but because of what lies beyond them. When a user logs into a SaaS tool, an ERP system, or a customer database, the browser acts as the entryway. Incidents such as the Snowflake customer data breach and ongoing attacks against Salesforce users demonstrate that attackers no longer need to compromise entire networks; they simply exploit the session and gain direct access to enterprise assets. 

Phishing remains one of the most common browser-driven threats, but it has grown increasingly sophisticated. Attackers now rely on advanced Attacker-in-the-Middle kits that steal not only passwords but also active sessions, rendering multi-factor authentication useless. These phishing campaigns are often cloaked with obfuscation and hosted on legitimate SaaS infrastructure, making them difficult to detect. In other cases, attackers deliver malicious code through deceptive mechanisms such as ClickFix, which disguises harmful commands as verification prompts. Variants like FileFix are spreading across both Windows and macOS, frequently planting infostealer malware designed to harvest credentials and session cookies. 

Another growing risk comes from malicious OAuth integrations, where attackers trick users into approving third-party applications that secretly provide them with access to corporate systems. This method proved devastating in recent Salesforce-related breaches, where hackers bypassed strong authentication and gained long-term access to enterprise environments. Similarly, compromised or fraudulent browser extensions represent a silent but dangerous threat. These can capture login details, hijack sessions, or inject malicious scripts, as highlighted in the Cyberhaven incident in late 2024. 

File downloads remain another effective attack vector. Malware-laced documents, often hidden behind phishing portals, continue to slip past traditional defenses. Meanwhile, stolen credentials still fuel account takeovers in cases where multi-factor authentication is weak, absent, or improperly enforced. Attackers exploit these gaps using ghost logins and bypass techniques, highlighting the need for real-time browser-level monitoring. 

As attackers increasingly exploit the browser as a central point of entry, organizations must prioritize visibility and control at this layer. By strengthening browser security, enterprises can reduce identity exposure, close MFA gaps, and limit the risks of phishing, malware delivery, and unauthorized access. The browser has become the new endpoint of enterprise defense, and protecting it is no longer optional.
Read more »
PWA
Browser Browser Security Client Accounts Cyber Attacks cybercriminals Data protection data security Data Theft Mobile Security PWA

Cybercriminals Escalate Client-Side Attacks Targeting Mobile Browsers

 

Cybercriminals are increasingly turning to client-side attacks as a way to bypass traditional server-side defenses, with mobile browsers emerging as a prime target. According to the latest “Client-Side Attack Report Q2 2025” by security researchers c/side, these attacks are becoming more sophisticated, exploiting the weaker security controls and higher trust levels associated with mobile browsing. 

Client-side attacks occur directly on the user’s device — typically within their browser or mobile application — instead of on a server. C/side’s research, which analyzed compromised domains, autonomous crawling data, AI-powered script analysis, and behavioral tracking of third-party JavaScript dependencies, revealed a worrying trend. Cybercriminals are injecting malicious code into service workers and the Progressive Web App (PWA) logic embedded in popular WordPress themes. 

When a mobile user visits an infected site, attackers hijack the browser viewport using a full-screen iframe. Victims are then prompted to install a fake PWA, often disguised as adult content APKs or cryptocurrency apps, hosted on constantly changing subdomains to evade takedowns. These malicious apps are designed to remain on the device long after the browser session ends, serving as a persistent backdoor for attackers. 

Beyond persistence, these apps can harvest login credentials by spoofing legitimate login pages, intercept cryptocurrency wallet transactions, and drain assets through injected malicious scripts. Some variants can also capture session tokens, enabling long-term account access without detection. 

To avoid exposure, attackers employ fingerprinting and cloaking tactics that prevent the malicious payload from triggering in sandboxed environments or automated security scans. This makes detection particularly challenging. 

Mobile browsers are a favored target because their sandboxing is weaker compared to desktop environments, and runtime visibility is limited. Users are also more likely to trust full-screen prompts and install recommended apps without questioning their authenticity, giving cybercriminals an easy entry point. 

To combat these threats, c/side advises developers and website operators to monitor and secure third-party scripts, a common delivery channel for malicious code. Real-time visibility into browser-executed scripts is essential, as relying solely on server-side protections leaves significant gaps. 

End-users should remain vigilant when installing PWAs, especially those from unfamiliar sources, and treat unexpected login flows — particularly those appearing to come from trusted providers like Google — with skepticism. As client-side attacks continue to evolve, proactive measures on both the developer and user fronts are critical to safeguarding mobile security.
Read more »
Katz
Atlantis AIO CaaS Credentials Theft CyberCrime cybercriminals Cybersecurity Data Breach Data Harvesting SDK data security Data Theft Flashpoint infostealers Katz

Cybercrime-as-a-Service Drives Surge in Data Breaches and Stolen Credentials

 

The era of lone cybercriminals operating in isolation is over. In 2025, organized cybercrime groups dominate the threat landscape, leveraging large-scale operations and sophisticated tools to breach global organizations. Recent intelligence from Flashpoint reveals a troubling surge in cyberattacks during just the first half of the year, showing how professionalized cybercrime has become — particularly through the use of Cybercrime-as-a-Service (CaaS) offerings. 

One of the most alarming findings is the 235% rise in data breaches globally, with the United States accounting for two-thirds of these incidents. These breaches exposed an astounding 9.45 billion records. However, this number is eclipsed by the dramatic 800% increase in stolen login credentials. In total, threat actors using information-stealing malware compromised more than 1.8 billion credentials in just six months. 

These tools — such as Katz Stealer or Atlantis AIO — are widely accessible to hackers for as little as $30, yet they offer devastating capabilities, harvesting sensitive data from commonly used browsers and applications. Flashpoint’s report emphasizes that unauthorized access, largely facilitated by infostealers, was the initial attack vector in nearly 78% of breach cases. 

These tools enable threat actors to infiltrate organizations and pivot across networks and supply chains with ease. Because of their low cost and high effectiveness, infostealers are now the top choice for initial access among cybercriminals. This rise in credential theft coincides with a 179% surge in ransomware attacks during the same period. 

According to Ian Gray, Vice President of Cyber Threat Intelligence Operations at Flashpoint, this dramatic escalation highlights the industrial scale at which cybercrime is now conducted. The report suggests that to counter this growing threat, organizations must adopt a dual strategy: monitor stolen credential datasets and set up alert systems tied to specific compromised domains.  

Furthermore, the report advocates for moving beyond traditional password-based authentication. Replacing passwords and basic two-factor authentication (2FA) with passkeys or other robust methods can help reduce risk. 

As cybercriminal operations grow increasingly professional, relying on outdated security measures only makes organizations more vulnerable. With CaaS tools making sophisticated attacks more accessible than ever, companies must act swiftly to enhance identity protection, tighten access controls, and build real-time breach detection into their infrastructure. 

The rapid evolution of cybercrime in 2025 is a stark reminder that prevention and preparedness are more critical than ever.
Read more »
Malware Attack
AI Models AI Prompt AI prompt injection attack Cyber Security cybercriminals DNS DNS attacks DNS Hacking DOH DoT Hacker attack Malware Attack

Hackers Use DNS Records to Hide Malware and AI Prompt Injections

 

Cybercriminals are increasingly leveraging an unexpected and largely unmonitored part of the internet’s infrastructure—the Domain Name System (DNS)—to hide malicious code and exploit security weaknesses. Security researchers at DomainTools have uncovered a campaign in which attackers embedded malware directly into DNS records, a method that helps them avoid traditional detection systems. 

DNS records are typically used to translate website names into IP addresses, allowing users to access websites without memorizing numerical codes. However, they can also include TXT records, which are designed to hold arbitrary text. These records are often used for legitimate purposes, such as domain verification for services like Google Workspace. Unfortunately, they can also be misused to store and distribute malicious scripts. 

In a recent case, attackers converted a binary file of the Joke Screenmate malware into hexadecimal code and split it into hundreds of fragments. These fragments were stored across multiple subdomains of a single domain, with each piece placed inside a TXT record. Once an attacker gains access to a system, they can quietly retrieve these fragments through DNS queries, reconstruct the binary code, and deploy the malware. Since DNS traffic often escapes close scrutiny—especially when encrypted via DNS over HTTPS (DOH) or DNS over TLS (DOT)—this method is particularly stealthy. 

Ian Campbell, a senior security engineer at DomainTools, noted that even companies with their own internal DNS resolvers often struggle to distinguish between normal and suspicious DNS requests. The rise of encrypted DNS traffic only makes it harder to detect such activity, as the actual content of DNS queries remains hidden from most monitoring tools. This isn’t a new tactic. Security researchers have observed similar methods in the past, including the use of DNS records to host PowerShell scripts. 

However, the specific use of hexadecimal-encoded binaries in TXT records, as described in DomainTools’ latest findings, adds a new layer of sophistication. Beyond malware, the research also revealed that TXT records are being used to launch prompt injection attacks against AI chatbots. These injections involve embedding deceptive or malicious prompts into files or documents processed by AI models. 

In one instance, TXT records were found to contain commands instructing a chatbot to delete its training data, return nonsensical information, or ignore future instructions entirely. This discovery highlights how the DNS system—an essential but often overlooked component of the internet—can be weaponized in creative and potentially damaging ways. 

As encryption becomes more widespread, organizations need to enhance their DNS monitoring capabilities and adopt more robust defensive strategies to close this blind spot before it’s further exploited.
Read more »
Subscribe to: Comments (Atom)