The Hacker News.

"Leaked credentials up 160%:  What attackers are doing with them."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 08 August 2025, 1431 UTC.

Content and Source:  "The Hacker News."

URL-- https://thehackernews.com/

Please check URL or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Leaked Credentials Up 160%: What Attackers Are Doing With Them

Aug 08, 2025Identity Protection / Endpoint Security

When an organization's credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password. According to Verizon's 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches in 2024, outpacing phishing and even software exploitation. That's nearly a quarter of all incidents, initiated not through zero-days or advanced persistent threats, but by logging in through the front door. This quiet and persistent threat has been growing. New data compiled by Cyberint—an external risk management and threat intelligence company recently acquired by Check Point—shows a 160% increase in leaked credentials in 2025 compared to the previous year. The report, titled The Rise of Leaked Credentials , provides a look into not just the volume of these leaks, but how they are exploi...

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

Aug 08, 2025Malware / Supply Chain Security

A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users. The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively, the gems have been downloaded more than 275,000 times. That said, it bears noting that the figure may not accurately represent the actual number of compromised systems, as not every download results in execution, and it's possible several of these gems have been downloaded to a single machine. "Since at least March 2023, a threat actor using the aliases zon, nowon, kwonsoonje, and soonje has published 60 malicious gems posing as automation tools for Instagram, Twitter/X, TikTok, WordPress, Telegram, Kakao, and Naver," security researcher Kirill Boychenko said . While the identified gems offered t...

GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions

Aug 08, 2025Cryptocurrency / Browser Security

A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said. What makes the activity notable is the threat actor's use of a technique that the cybersecurity company called Extension Hollowing to bypass safeguards put in place by Mozilla and exploit user trust. It's worth noting that some aspects of the campaign were first documented by security researcher Lukasz Olejnik last week. "Rather than trying to sneak malicious extensions past initial reviews, they build legitimate-seeming extension portfolios first, then weaponize them later when nobody's watching," Admoni said in a report published Thursday. To achieve this, the attackers first create ...

5 Critical Google Workspace Security Settings You Could Be Missing

Nudge SecurityWorkspace Security / IT Security

Learn the essential steps you can take today to improve your Google Workspace security posture.

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

Aug 07, 2025Malware / Threat Intelligence

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations," Silent Push said in an analysis. SocGholish, also called FakeUpdates, is a JavaScript loader malware that's distributed via compromised websites by masquerading as deceptive updates for web browsers like Google Chrome or Mozilla Firefox, as well as other software such as Adobe Flash Player or Microsoft Teams. It's attributed to a threat actor called TA569, which is also tracked as Gold Prelude, Mustard Tempest, Purple Vallhund, and UNC1543. Attack chains involve deploying SocGholish to establish initial access and broker that compromised system access to a diverse clientele, includ...

Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need

Aug 07, 2025DevSecOps / Supply Chain Security

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn't write. But in 2025, that trust comes with a serious risk. Every few weeks, we're seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until after they've caused real harm. One of the most dangerous recent examples? In December 2024, attackers quietly compromised the Ultralytics YOLO package, widely used in computer vision applications. It was downloaded thousands of times before anyone noticed. This wasn't an isolated event. This is the new normal. Python supply chain attacks are rising fast—and your next pip install could be the weakest link. Join our webinar to learn what's really happening, what's coming next, and how to secure your code with confidence. Don't wait for a breach. Watch this webinar now and take control. . What's Really Going ...

2025 Gartner® MQ Report for Endpoint Protection Platforms (July 2025 Edition)

SentinelOneUnified Security / Endpoint Protection

Compare leading Endpoint Protection vendors and see why SentinelOne is named a 5x Leader

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Aug 07, 2025Malware / Threat Intelligence

Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security researcher Olivia Brown said . The list of identified packages is below - github.com/stripedconsu/linker github.com/agitatedleopa/stm github.com/expertsandba/opt github.com/wetteepee/hcloud-ip-floater github.com/weightycine/replika github.com/ordinarymea/tnsr_ids github.com/ordinarymea/TNSR_IDS github.com/cavernouskina/mcp-go github.com/lastnymph/gouid github.com/sinfulsky/gouid github.com/briefinitia/gouid

The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense

Aug 07, 2025Regulatory Compliance / DevOps

Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden: Secure AI embedded in every part of the business. Use AI to defend faster and smarter. Fight AI-powered threats that execute in minutes—or seconds. Security is no longer about balancing speed and safety. In today's cloud-native world, real-time, context-aware defense is a baseline expectation, not a competitive edge. The recent Sysdig Cloud Defense Report 2025 breaks down this tectonic shift. Below, we unpack its key insights for security practitioners aiming to stay ahead of an accelerating threat landscape. AI: The Double-Edged Sword of Cloud Security AI is transforming the security paradigm. It's both empowering defenders while creating entirely new attack surfaces. AI for Security: Fighting Fire with Fire Attackers are automating f...

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

Aug 07, 2025Vulnerability / Threat Detection

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786 , carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug. "In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization's connected cloud environment without leaving easily detectable and auditable traces," the tech giant said in the alert. "This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations." Successful exploitation of the flaw could allow an attacker to escalate privileges within the organization's connected cloud environment without leaving easily detectable and audit...

6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

Aug 07, 2025Vulnerability / Threat Intelligence

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view camera feeds," Claroty researcher Noam Moshe said . "Furthermore, using internet scans of exposed Axis.Remoting services, an attacker can enumerate vulnerable servers and clients, and carry out granular, highly targeted attacks." The list of identified flaws is below - CVE-2025-30023 (CVSS score: 9.0) - A flaw in the communication protocol used between client and server that could lead to an authenticated user performing a remote code execution attack (Fixed in Camera Station Pro 6.9, Camera Station 5.58, and Device Manager 5.32) CVE-2025-30024 (CVSS score: 6.8) - A f...

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

Aug 07, 2025Network Security / Vulnerability

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the company said . "Instead, there is a significant correlation with threat activity related to CVE-2024-40766." CVE-2024-40766 (CVSS score: 9.3) was first disclosed by SonicWall in August 2024, calling it an improper access control issue that could allow malicious actors unauthorized access to the devices. "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and, in specific conditions, causing the firewall to crash," it noted in an advisory at the time. SonicWall also said it's investigating less than 40 incidents related to this activity, and that many of ...

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Aug 06, 2025DevOps / Container Security

Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service ( ECS ) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the Black Hat USA security conference that's being held in Las Vegas. "We identified a way to abuse an undocumented ECS internal protocol to grab AWS credentials belonging to other ECS tasks on the same EC2 instance," Haziz said in a report shared with The Hacker News. "A malicious container with a low‑privileged IAM [Identity and Access Management] role can obtain the permissions of a higher‑privileged container running on the same host." Amazon ECS is a fully-managed container orchestration service that allows users to deploy, manage, and scale containerized ...

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

Aug 06, 2025Malware / Mobile Security

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive analysis shared with The Hacker News. "They released apps under several developer names, including HolaCode, LocoMind, Hugmi, Klover Group, and AlphaScale Media," the company said . "Available in the Google Play and Apple store, these have been downloaded millions of times in aggregate." These fake apps, once installed, deceive users into signing up for subscriptions that are difficult to cancel, flood them with ads, and part with personal information like email addresses. It's worth noting that LocoMind was previously flagged by Cyjax as part of a phishi...

Trending News

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure

UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud

Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach

How the Browser Became the Main Cyber Battleground

Product Walkthrough: A Look Inside Pillar's AI Security Platform

Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Popular Resources

Expert InsightsArticlesVideos

Why SaaS AI Governance Should Be on Every CISO's Agenda

August 4, 2025Read ➝

The New Face of DDoS is Impacted by AI

August 4, 2025Read ➝

EDR Detects, EPM Prevents. Why Using Both is a Winning Formula for Modern Endpoint Protection

July 28, 2025Read ➝

Empower Users and Protect Against GenAI Data Loss

July 22, 2025Read ➝

Cybersecurity Resources

Get Latest News in Your Inbox!

Get the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free.

Email

Connect with us!



926,500 Followers



655,000 Followers



23,500 Subscribers



142,000 Followers



1,890,500 Followers

7,500 Followers