Bogus Avast website fakes virus scan, installs Venom Stealer instead A fake Avast-branded website performs a staged “virus scan” that prompts users to download a malicious file (Avast_system_cleaner.exe) which is actually Venom Stealer, a data-stealing payload that harvests browser credentials, session cookies, and cryptocurrency wallet data. The malware masquerades as a Chrome service (v20svc.exe), is packed with a crypter to evade...

A fake Avast website performs a staged virus scan that forces users to download “Avast_system_cleaner.exe,” actually Venom Stealer malware stealing browser credentials, cookies, and crypto wallet data via disguised Chrome service. #DataTheft #MalwareAttack

UK sanctions Xinbi marketplace linked to Asian scam centers The U.K.'s FCDO has sanctioned Xinbi, a Telegram-based marketplace that sells stolen data and satellite internet equipment and provides cryptocurrency services used to support scam centres and launder proceeds. The action also targets the Cambodia-linked '#8 Park' compound and its operator Legend Innovation Co to disrupt large-scale investment and romance scam operations tied to the Prince Group and illicit crypto flows. #Xinbi #8Park #PrinceGroup #LegendInnovationCo #Chainalysis #ByexExchange #ChenZhi

The UK’s FCDO sanctions Xinbi, a Telegram marketplace selling stolen data and crypto services linked to Southeast Asian scam centers, targeting Cambodia's #8Park and the Prince Group’s illicit operations. #UK #CryptoFraud #DataTheft

It's Official: Elon Must Face DOGE "Power Overreach" Lawsuit

#DOGE #WasteFraudAbuse #Lawsuit #Theft #Sabotage #cybersecurity #DataTheft #overreach #DEI

youtube.com/watch?v=-tqL...

A Close Look under the DNS Hood of CoolClient Securelist uncovered a new HoneyMyte campaign that uses an updated CoolClient backdoor to deploy browser login stealers and multiple data-theft and reconnaissance scripts. Researchers refined the initial CoolClient network IoCs to six verified indicators (three domains, two subdomains, one IP) and identified additional related artifacts including 57 email-connected domains and two IPs linked to malicious activity. #HoneyMyte #CoolClient

HoneyMyte upgraded the CoolClient backdoor in 2025, deploying browser login stealers and advanced data theft scripts. Researchers identified 6 network IoCs and 57 email-related domains linked to this campaign. #HoneyMyte #DataTheft #China

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

winbuzzer.com/2026/03/21/g...

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

#AI #Ghostclaw #OpenClaw #JFrog #npm #Cybersecurity #Malware #macOS #GitHub #Cybercrime #Hackers #Cyberattacks #DataTheft

New Android malware 'Perseus' exploits note apps to steal sensitive data. Stay vigilant and protect your devices. #CyberSecurity #AndroidMalware #Perseus #DataTheft Link: thedailytechfeed.com/perseus-malw...

Ex-data analyst stole company data in $2.5M extortion scheme A North Carolina contractor, 27-year-old Cameron Curry, was found guilty of extorting Brightly Software (formerly SchoolDude) by stealing payroll and corporate data and threatening to leak employees' PII unless paid $2.5 million. Brightly paid $7,540 in Bitcoin, reported the incident leading to an FBI search and Curry's indictment, and the company had previously disclosed an unrelated April 2023 breach that affected nearly 3 million SchoolDude users. #BrightlySoftware #CameronCurry

A former NC contractor stole sensitive Brightly Software data, sending 60+ extortion emails demanding $2.5M. Company paid $7,540 in Bitcoin before FBI's intervention. Over 3M users affected by an earlier breach. #DataTheft #ExtortionCase

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers Speagle hijacks the functionality and infrastructure of the legitimate Cobra DocGuard document protection software to stealthily harvest and exfiltrate sensitive information from infected systems. The campaign, tracked as Runningcrab and linked to prior supply-chain abuses of Cobra DocGuard, uses compromised servers and legitimate client drivers for C2 and cleanup, suggesting deliberate...

Speagle malware exploits Cobra DocGuard’s legitimate software and servers to stealthily steal system info, browser history, autofill data, and files. Linked to Runningcrab supply-chain abuses with possible espionage ties. #SpeagleMalware #DataTheft

DarkSword: Researchers uncover another iOS exploit kit - Help Net Security DarkSword is an iOS exploit toolkit used since late 2025 to hack iPhones via zero-day flaws and steal sensitive data and cryptocurrency.

DarkSword: Researchers uncover another iOS exploit kit

📖 Read more: www.helpnetsecurity.com/2026/03/19/d...

#cybersecurity #cybersecuritynews #cyberespionage #datatheft #iOS #iPhone

Ransomware tactics are evolving as profits decline. Data theft is now a primary extortion method. Stay informed and strengthen your defenses. #CyberSecurity #Ransomware #DataTheft Link: thedailytechfeed.com/ransomware-p...

Inside a network of 20,000+ fake shops More than 20,000 fraudulent online stores—many running on Sellvia WordPress templates and concentrated on 36 IP addresses—were mapped as part of an industrialized scam ecosystem that harvests payment credentials and personal data under polished storefronts and aggressive sale tactics. Researchers linked large campaigns such as FraudWear and BogusBazaar to this activity...

Over 20,000 fake online stores using Sellvia templates tied to 36 IP addresses were uncovered, linked to scams like FraudWear and BogusBazaar that steal payment and personal data through polished fronts. #EcommerceFraud #DataTheft #USA

DOGE Deposition Leaks & Gets Deleted After Exposing Gross Incompetence

#DOGE #Saboteurs #Thieves #Racists #Monsters #Morons #Spies #DataTheft #Elon #GreenNewScam #CleanEnergy #SocialSecurity

youtube.com/watch?v=cJhE...

The Social Security Administration is investigating a new complaint against DOGE alleging that a former employee claimed he had access to two highly sensitive databases and planned to share the information with his new employer #DOGE #Saboteurs #Spies #Thieves #DataTheft

youtube.com/watch?v=bUfd...

Telus Digital Confirms Massive Data Breach by ShinyHunters Telus Digital has confirmed a security incident after the ShinyHunters extortion group claimed to have breached its systems using Google Cloud Platform credentials obtained from a prior third-party data theft. The actor alleges nearly 1 petabyte of internal and customer data was exfiltrated and is demanding a $65 million ransom to...

Telus Digital confirms a major breach by ShinyHunters who exploited Google Cloud credentials from a previous third-party hack. Nearly 1 petabyte of data, including call records and source code, stolen; $65M ransom demanded. #DataTheft #Canada

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT. PixRevolution, according to

iT4iNT SERVER Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets VDS VPS Cloud #AndroidMalware #Cybersecurity #BankingApps #CryptoWallets #DataTheft

Former Nuance Employee Pleads Guilty to Unauthorized Access of Geisinger Patient Records - Defensorum A former Nuance Communications employee pleaded guilty in federal court to obtaining information from a protected computer without authorization after accessing and copying data associated with more t...

🚨 Former Nuance employee pleads guilty to accessing 1.2M Geisinger patient records 🔒Employee exploited existing credentials after termination 📊 Names, birth dates, medical record numbers copied #InsiderThreat #Healthcare #DataTheft 👉 www.defensorum.com/nuance-emplo...

ShinyHunters claims yet another Salesforce customers breach : And they abused a Mandiant-developed open source tool in the attacks

#ShinyHunters claims more high-profile victims in latest #Salesforce customers data heist
www.theregister.com/2026/03/09/s...

#Cybercrime outfit says it has stolen data from ~100 high-profile companies, including Salesforce itself.
#CyberSecurity #InfoSec #DataBreach #DataTheft

Fake job applications pack malware that disables EDR : Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

#Fake job applications pack #malware that kills EDR before stealing data
www.theregister.com/2026/03/10/m...

Russian-speaking cyber criminal targeting corporate HR teams for #DataTheft.
#CyberSecurity #InfoSec #CyberCrime #BlackSanta #BringYourOwnVulnerableDriver #BYOVD

Gavin Kliger - Wikipedia

#DOGEBag #GavinKilger is now running data and #AI for the Department of Defense.

This is the guy that was personally responsible for gutting a few agencies, and may have been involved in massive #DataTheft at SSA 🫤

#NotGreat

en.wikipedia.org/wiki/Gavin_K...

Alert: A popular Chrome extension turned malicious after ownership change, leading to data theft and code injection. Users advised to remove suspicious extensions immediately. #CyberSecurity #ChromeExtension #DataTheft Link: thedailytechfeed.com/chrome-exten...

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below - QuickLens - Search Screen with

iT4iNT SERVER Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft VDS VPS Cloud #Malware #CyberSecurity #DataTheft #GoogleChrome #CodeInjection

Coruna Exploit Kit Targets iPhones With 23 Vulnerabilities Across Multiple iOS Versions  Security researchers have identified a powerful exploit framework targeting Apple iPhones running older versions of the iOS operating system.  The toolkit, called Coruna and also known as CryptoWaters, includes multiple exploit chains capable of targeting devices running iOS versions from 13.0 through 17.2.1, according to researchers from Google’s Threat Intelligence Group.  The framework contains five full exploit chains and a total of 23 vulnerabilities. Researchers said the exploit kit is not effective against the most recent versions of iOS.  “The core technical value of this exploit kit lies in its comprehensive collection of iOS exploits, with the most advanced ones using non public exploitation techniques and mitigation bypasses,” Google researchers said.  They added that the infrastructure supporting the kit is carefully designed and integrates several exploit components into a unified framework.  “The framework surrounding the exploit kit is extremely well engineered. The exploit pieces are all connected naturally and combined together using common utility and exploitation frameworks.”  According to researchers, the exploit kit has circulated among several types of threat actors since early 2025.  The toolkit first appeared in a commercial surveillance operation before being used by a government backed attacker.  By late 2025, it had reached a financially motivated threat group operating from China. Investigators say the movement of the exploit kit between groups suggests a growing underground market where previously developed zero day tools are resold and reused.  Security firm iVerify said the spread of Coruna demonstrates how advanced surveillance tools can move beyond their original operators.  “Coruna is one of the most significant examples we’ve observed of sophisticated spyware grade capabilities proliferating from commercial surveillance vendors into the hands of nation state actors and ultimately mass scale criminal operations,” the company said.  Researchers first detected elements of the exploit chain in early 2025 when a surveillance customer used it within a JavaScript framework that had not been previously documented.  The framework gathers information about the targeted device including the model and the iOS version running on it. Based on this fingerprinting data, the framework delivers a suitable WebKit remote code execution exploit.  One of the vulnerabilities used in the chain was CVE-2024-23222, a type confusion flaw in Apple’s WebKit browser engine that was patched in January 2024.  The framework appeared again in July 2025 when it was discovered on a domain used to deliver malicious content through hidden iframes on compromised websites in Ukraine.  These sites included pages related to industrial tools, retail services and e commerce platforms.  Researchers believe a suspected Russian espionage group tracked as UNC6353 was responsible for that activity. The exploit framework was delivered only to certain users based on their geographic location and device characteristics.  A third wave of activity was identified in December 2025. In that campaign, attackers used a network of fake Chinese websites related to financial topics to distribute the exploit kit.  Visitors were encouraged to access the sites from iPhones or iPads for a better browsing experience. Once accessed from an Apple device, the websites inserted a hidden iframe that triggered the Coruna exploit kit. This campaign has been linked to a threat cluster tracked as UNC6691.  Further investigation uncovered a debug version of the exploit kit along with several exploit samples spanning five complete attack chains.  Researchers said the kit includes vulnerabilities affecting several generations of iOS. These include exploits targeting iOS 13 through iOS 17.2.1 using vulnerabilities such as CVE-2020-27932, CVE-2022-48503, CVE-2023-32409 and CVE-2024-23222.  Some of the vulnerabilities in the toolkit had previously been used as zero day exploits in earlier operations.  “Photon and Gallium are exploiting vulnerabilities that were also used as zero days as part of Operation Triangulation,” Google researchers said.  Once a device is compromised, attackers can deploy additional malware components. In the case of the UNC6691 campaign, the exploit chain delivered a stager called PlasmaLoader.  The program is designed to decode QR codes embedded in images and retrieve additional modules from external servers. These modules can then collect sensitive data from cryptocurrency wallet applications including Base, Bitget Wallet, Exodus and MetaMask.  Researchers said the malware contains hard coded command and control servers along with a fallback system that generates domain names automatically using a domain generation algorithm seeded with the word lazarus.  A notable characteristic of the Coruna exploit kit is that it avoids running on devices using Apple’s Lockdown Mode or devices browsing in private mode. Security researchers recommend that iPhone users update their devices to the latest version of iOS and enable Lockdown Mode when additional protection is needed.

Coruna Exploit Kit Targets iPhones With 23 Vulnerabilities Across Multiple iOS Versions #Apple #CyberSecurity #DataTheft

French DIY etailer ManoMano admits customer data stolen : Crooks claim they helped themselves to over 37M accounts during January hit on subcontractor

French DIY etailer #ManoMano admits customer data stolen
www.theregister.com/2026/02/27/m...

Crooks claim they helped themselves to over 37M accounts during January hit on subcontractor.
#CyberSecurity #InfoSec #CyberCrime #DataBreach #DataTheft #DataProtection #eCommerce

Double whammy: Steaelite RAT bundles data theft, ransomware : Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife

Double whammy: #Steaelite RAT bundles #datatheft, #ransomware in one evil tool
www.theregister.com/2026/02/27/d...

Researchers warn that new remote access trojan being sold on #cybercrime networks for double extortion attacks on #Windows machines.
#CyberSecurity #InfoSec #ThreatIntelligence

winbuzzer.com/2026/02/27/a...

Anthropic's Claude AI Used to Steal 150GB of Mexican Government Data

#AI #Anthropic #Claude #Cybersecurity #Cybercrime #Cyberespionage #DataTheft #Hacking #ThreatIntelligence #AISafety #AgenticAI #Exploits #GambitSecurity

📰 UFP Technologies Ungkap Pencurian Data dalam Insiden Serangan Siber

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/26/ufp-technolog...

#cyberSecurity #dataBreach #dataTheft #hacking #healthcare #itSecurity #manufacturing #ransomware

Anthropic uncovers massive data extraction by Chinese AI firms DeepSeek, Moonshot AI, and MiniMax, violating terms to replicate Claude's capabilities. #AI #CyberSecurity #DataTheft #Anthropic #Claude Link: thedailytechfeed.com/chinese-ai-f...

📰 Arkanix Stealer Muncul sebagai Eksperimen Malware Berbasis AI yang Berumur Pendek

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/24/arkanix-steal...

#artificialIntelligence #cybersecurity #darkWeb #dataTheft #infoStealer #malware

Cyber Bob’s Cyber Safety Tip #130 The Hidden Risk of Browser Autofill (Convenient… But Is It Smart?) 💳 Most of us love convenience. Click a box… and suddenly your name, ad...

Cyber Bob’s Cyber Safety Tip #130
#bob3160 #autofill #browser #security #cybersafety #privacy #creditcard #malware #phishing #protect #datatheft #seniorsafe
bob3160.blogspot.com/2026/02/cybe...