Weedhack MaaS Targets Minecraft Players to Steal Credentials and Hijack Accounts
Weedhack, a Malware-as-a-Service (MaaS) operation specifically engineered to prey on Minecraft players, that has been active since at least January 2026. The...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1078 — Valid Accounts (Initial Access)
Clear filter50 articles found
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
Phishing has always been a numbers game. AI has turned it into a volume machine.
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens
A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-link...
What 2026 DBIR Confirms: Attacks Are Living in the Browser
Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveal...
Cybercriminals Are Targeting the FIFA World Cup 2026
FortiGuard Labs research shows how cybercriminals are exploiting the demand for the FIFA World Cup 2026 through phishing, fake tickets, malware, impersonatio...
Stock Exchange Executive’s Outlook Targeted in Credential Theft Attack
A prolonged and highly targeted espionage campaign has been uncovered involving the compromise of a senior executive’s Microsoft Outlook account at a major g...
Agent Threat Rules: Open detection rule format for AI agent security threats
AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, ...
Why supply chain attacks work and what detection can actually do about it
Here’s what to do in a world where credential theft has been automated and turned into a commodity.
Stolen Gemini API Keys Fuel Automated Telegram Influence Campaign
A long-running Telegram influence and fraud campaign where a solo threat actor leveraged stolen Google Gemini API keys and jailbroken AI to automate content ...
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of devel...
MokN raises $15 million to combat identity-based cyber threats
MokN's approach utilizes ultra-realistic decoy access points, a technique they call "phish-back," designed to trap threat actors and allow organizations to n...
MokN Raises $15 Million for “Phish-Back” Platform
MokN's platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abus...
JINX-0164 Uses LinkedIn Lures to Deploy Custom macOS Malware
A newly identified threat actor tracked as JINX-0164 is targeting cryptocurrency organizations through sophisticated LinkedIn-based social engineering campai...
The Credential Crisis: How Stolen Credentials Defeat Modern Security
As AI accelerates phishing, session hijacking, and credential abuse, security teams are racing to close the gap between attacker speed and defensive response...
Phishing Campaigns Exploit RCS and iMessage to Evade SMS Security Filters
Phishing campaigns are entering a new phase as attackers abandon traditional SMS delivery and static credential theft in favor of encrypted messaging channel...
Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in atta...
Jailbroken Gemini AI Abused in Credential Theft and Crypto Wallet Heist
Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, a...
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and id...
5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours
SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft.
Defenders fall behind, as AI rewrites the rules of a data breach
For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations...