New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1078 — Valid Accounts (Initial Access)
Clear filter26 articles found
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
Cyberattacks powered by stolen credentials on the rise
Cybersecurity incidents are increasingly centered on identity abuse, where stolen login credentials serve as the primary entry point for attackers, and the g...
Security awareness is not a control: Rethinking human risk in enterprise security
Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essen...
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development env...
Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks
Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to de...
TeamPCP Moves From OSS to AWS Environments
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Mo...
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
Russian Hackers Deploy “CTRL” for RDP Hijacking
Russian hackers are using a new remote access toolkit called “CTRL” to silently hijack Remote Desktop Protocol (RDP) sessions via FRP-based reverse tunnels, ...
LiteLLM supply chain attack exposes millions to credential theft
Researchers at Endor Labs, have discovered a supply chain attack on the popular Python package LiteLLM on PyPI, with malicious code injected into versions 1.82.
U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog
The U.S.
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior ...
Preventing Account Takeovers: A Practical Guide to Detection and Response
Yesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driv...
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
PyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware f...
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method.
A Latte Trouble: Starbucks HR Accounts Hit in Credential Theft Incident
Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing emplo...
2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025
Recorded Future's 2025 Identity Threat Landscape Report analyzes hundreds of millions of compromised credentials to reveal how infostealer malware is evolvin...
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by a...