Suspected Chinese Threat Group Targets Universities via Vulnerable Roundcube Servers
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials
KELA claims infostealers remained the primary access vector for attacks in 2025
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks
An eSentire report showed credential theft accounted for 74% of all observed cyber threats in 2025
A Minnesota man has pleaded guilty to a credential stuffing scheme that compromised over 60,000 accounts
Beazley Security data finds the top cause of initial access for ransomware in Q3 was compromised VPN credentials
Socura finds 460,000 compromised credentials belonging to FTSE 100 company employees
Flashpoint data points to a surge in data breaches fueled by compromised credentials, ransomware and exploits
Kela researchers 330 million compromised credentials to infostealer activity on over four million machines in 2024
Hudson Rock has found evidence that infostealers have compromised hundreds of US military and defense contractor credentials
Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts
Identity-related crimes declined 16% annually in 2023 with the majority related to compromised credentials
A Barracuda report found that 92% of organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023
A British Library report found the most likely source of the incident was the compromise of third-party account credentials and no MFA was in place to stop the attackers
Kaspersky reported a 231% surge in compromised accounts from 4.7 million in 2021 to 15.5 million in 2023
Cloudflare revealed suspected nation-state attackers compromised its systems and accessed source code using credentials stolen in the Okta breach
Resecurity discovered over 1572 compromised customers from RIPE, APNIC, AFRINIC and LACNIC
But IBM warns credential compromise is number one initial access vector