Cybercriminals Exploit AI Hype in Social Engineering Attacks

Cybercriminals are cleverly exploiting our curiosity about AI to launch sophisticated social engineering attacks, using trusted AI names and urgent lures to trick victims into divulging sensitive info or downloading malware. By tapping into our desire to stay ahead of the curve, attackers are able to bypass our usual caution and…

https://osintsights.com/cybercriminals-exploit-ai-hype-in-social-engineering-attacks?utm_source=mastodon&utm_medium=social

#SocialEngineering #AiPhishing #CredentialTheft #MalwareDelivery #Malvertising

Credential Theft Spurs Demand for Secure Identity Verification

Credential theft skyrocketed 160% in 2025, fueling a critical need for secure identity verification solutions that can outsmart AI-driven attacks. To stay ahead, robust multi-factor authentication is a must-have, combining unique factors like something you know, have, and are to fortify defenses.

https://osintsights.com/credential-theft-spurs-demand-for-secure-identity-verification?utm_source=mastodon&utm_medium=social

#CredentialTheft #IdentityVerification #MultifactorAuthentication #Mfa #AidrivenThreats

Fake Claude code installers are delivering credential-stealing malware - AI hype is becoming a powerful lure for attackers. Verify before you install. 🤖⚠️ #CredentialTheft #SupplyChainRisk

https://www.esecurityplanet.com/threats/fake-claude-code-installers-deliver-credential-stealing-malware/

🔑 Credential Theft Alert: OAuth tokens stolen via SSO redirect attacks

Attackers exploiting OAuth 2.0 redirect URI bypasses to hijack SSO sessions on enterprise cloud platforms. Mandatory MFA alone isn't enough when token injection bridges the gap between auth and session.

Full guide → https://cyber.murati.net
#cybersecurity #infosec #SSO #OAuth #credentialtheft

Malicious NuGet Package Exfiltrates Sicoob Banking Credentials

A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.

https://osintsights.com/malicious-nuget-package-exfiltrates-sicoob-banking-credentials?utm_source=mastodon&utm_medium=social

#MaliciousNugetPackage #SupplyChainAttack #CredentialTheft #EmergingThreats #Brazil

🚨 New #ClickFix IOC domains observed:

• bigblower[.]click
• ganiballektor[.]cfd
• lenders[.]digital
• pusanik[.]shop

Related research points to exposed / publicly accessible ClickFix infrastructure and operational dashboards tied to ongoing malware delivery and social engineering activity.

Read more: https://potato.id/en/posts/weak-secops-exposed-clickfix-dashboard/

#ThreatIntel #IOC #CyberSecurity #Infosec #DFIR #SOC #ThreatHunting #OSINT #Malware #Phishing #ClickFix #LummaStealer #DarkGate #CredentialTheft #BlueTeam #CTI #DetectionEngineering #IncidentResponse

Chinese phishing campaigns are using live credential harvesting to capture accounts in real time - faster, stealthier, and harder to stop. Identity is still the primary target. 🎣⚠️ #CredentialTheft #PhishingThreats

https://www.infosecurity-magazine.com/news/chinese-phishing-live-credential/

GitHub Breach Exposes 3,800 Repositories via Malicious VS Code Extension

GitHub's security chief confirms that customer data remains safe, with no evidence of impact outside of GitHub's internal repositories. The breach originated from a poisoned VS Code extension installed on a compromised employee device, allowing attackers to steal credentials.

https://osintsights.com/github-breach-exposes-3800-repositories-via-malicious-vs-code-extension?utm_source=mastodon&utm_medium=social

#GithubBreach #MaliciousVsCodeExtension #SupplyChain #EmergingThreats #CredentialTheft

Developer Workstations Expose Software Supply Chain to Credential Theft

In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise…

https://osintsights.com/developer-workstations-expose-software-supply-chain-to-credential-theft?utm_source=mastodon&utm_medium=social

#CredentialTheft #SupplyChain #CicdPipelines #ApiKeyTheft #CloudCredentials

Avada Builder Flaws Expose WordPress Sites to Credential Theft

A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

https://osintsights.com/avada-builder-flaws-expose-wordpress-sites-to-credential-theft?utm_source=mastodon&utm_medium=social

#Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection