DATE: February 03, 2026 at 08:28AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Do most #ransomware #encryption attacks on #healthcare entities these days also involve #datatheft? https://t.co/bC2hnTeHWo

Here are any URLs found in the article text:

https://t.co/bC2hnTeHWo

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

Pulse ID: 69819ed94efa9a0246614ee5
Pulse Link: https://otx.alienvault.com/pulse/69819ed94efa9a0246614ee5
Pulse Author: Tr1sa111
Created: 2026-02-03 07:08:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DataTheft #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

Threat actors associated with ShinyHunters-branded extortion operations are expanding their tactics, targeting cloud-based SaaS applications for data theft and extortion. The attackers use sophisticated voice phishing and credential harvesting to gain initial access, then exfiltrate sensitive data from various platforms. They employ aggressive extortion tactics, including harassment and DDoS attacks. The activity involves multiple threat clusters (UNC6661, UNC6671, UNC6240) and targets a growing number of cloud platforms. The attackers leverage social engineering to bypass MFA and use tools like ToogleBox Recall to cover their tracks. This activity highlights the effectiveness of social engineering and the importance of phishing-resistant MFA methods.

Pulse ID: 697dc01e979a31197f296e38
Pulse Link: https://otx.alienvault.com/pulse/697dc01e979a31197f296e38
Pulse Author: AlienVault
Created: 2026-01-31 08:41:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CredentialHarvesting #CyberSecurity #DDoS #DataTheft #DoS #Extortion #ICS #InfoSec #MFA #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault

ChatBots "talking" to ChatBots.

1. Ok, we knew this would happen.
2. It has enormous adoption in the geeksphere - not surprising.
3. It's wickedly insecure.
4. Yes, it can steal your Crypto - not surprising!
5. Yes, there is personal information stealing Malware (see #4 above) masquerading as prediction market trading automation tools - not surprising!
6. The odds of a "Challenger level disaster" happening are real - not surprising!
6. Finally, NO ONE knows where this is stuff will end up.

What is the stage beyond wild wild west? That is where this thing is now. https://simonwillison.net/2026/Jan/30/moltbook/ #OpenClaw #Moltbod #Clawdbot #AI #Opensource #Malware #PromptInjection #DigitalAssistent #ChatBot #SocialNetwork #AIAgents #Security #DataProtection #PersonalData #DataTheft #Crypto #PredictionMarket #Claude

When Malware Talks Back

A sophisticated multi-stage malware campaign employs living-off-the-land techniques and in-memory payload delivery to evade security controls. The infection chain begins with a hidden batch file that executes an embedded PowerShell loader, which then injects Donut-generated shellcode into legitimate Windows processes. The final payload is a heavily obfuscated .NET framework implementing advanced anti-analysis techniques, credential harvesting, surveillance capabilities, and remote system control. Data exfiltration occurs via Discord webhooks and Telegram bots. The malware, identified as Pulsar RAT, features live chat functionality and background payload deployment, demonstrating a modern, high-evasion Windows malware operation designed for long-term access and large-scale data theft.

Pulse ID: 697c7ba66b8f43dd7b4370c5
Pulse Link: https://otx.alienvault.com/pulse/697c7ba66b8f43dd7b4370c5
Pulse Author: AlienVault
Created: 2026-01-30 09:36:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CredentialHarvesting #CyberSecurity #DataTheft #Discord #InfoSec #Malware #NET #OTX #OpenThreatExchange #PowerShell #RAT #ShellCode #Telegram #Windows #bot #AlienVault

NFCShare Android Trojan: NFC card data theft via malicious APK

A new Android trojan, named NFCShare, has been discovered targeting Deutsche Bank customers through a phishing campaign. The malware, disguised as a banking app update, prompts users to perform a fake card verification process. It exploits NFC technology to steal card data and PINs, which are then exfiltrated to a remote WebSocket endpoint. The trojan's distribution, user flow, and technical analysis are detailed, including its NFC reading capabilities and string obfuscation techniques. The malware shows links to Chinese-linked tooling and similarities to other NFC-based threats. IOCs include hashes, package details, and network indicators.

Pulse ID: 697c693880e53e3f443b484c
Pulse Link: https://otx.alienvault.com/pulse/697c693880e53e3f443b484c
Pulse Author: AlienVault
Created: 2026-01-30 08:18:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APK #Android #Bank #Chinese #CyberSecurity #DataTheft #Endpoint #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Trojan #bot #AlienVault

Inside a Multi-Stage Windows Malware Campaign

A sophisticated multi-stage malware campaign targeting Windows users in Russia has been identified. The attack chain begins with social engineering lures and progresses to a full system compromise, including security bypass, surveillance, and ransomware delivery. It abuses Defendnot to disable Microsoft Defender and uses modular hosting across cloud services. The attack employs various techniques such as PowerShell scripts, obfuscated VBScript, and COM object manipulation. It deploys Amnesia RAT for data theft and surveillance, Hakuna Matata ransomware for file encryption, and a WinLocker component for system lockout. The campaign demonstrates how full system compromise can be achieved without exploiting software vulnerabilities, instead relying on social engineering and abuse of legitimate Windows features.

Pulse ID: 696fc0723c9020d483708e56
Pulse Link: https://otx.alienvault.com/pulse/696fc0723c9020d483708e56
Pulse Author: AlienVault
Created: 2026-01-20 17:50:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #DataTheft #Encryption #InfoSec #Malware #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #RAT #RansomWare #Russia #SocialEngineering #VBS #Windows #bot #AlienVault

https://winbuzzer.com/2026/01/19/hacker-breaches-supreme-court-posts-victims-data-on-instagram-xcxwbn/

A Hacker Breached the US Supreme Court and Posted Victims' Data on Instagram

#Cybersecurity #Hacking #DataBreach #SupremeCourt #Government #Privacy #CyberAttack #DataTheft #SocialMedia #Instagram #CyberCrime #FederalSecurity #GovernmentHack #SecurityBreach

ValleyRAT_S2 Financial Data Theft Campaign

Pulse ID: 69655ae69953e1b6eaf1b3e4
Pulse Link: https://otx.alienvault.com/pulse/69655ae69953e1b6eaf1b3e4
Pulse Author: cryptocti
Created: 2026-01-12 20:34:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DataTheft #FinancialData #InfoSec #OTX #OpenThreatExchange #RAT #bot #cryptocti