Fileless Phantom Stealer Targets Browser Credentials
In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to evade detection.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to evade detection.
In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.
The massive amount of junk code that hides the malware's logic from security scans was almost certainly generated by AI, researchers say.
Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering.
A malware-free phishing campaign targets corporate inboxes and asks employees to view "request orders," ultimately leading to Dropbox credential theft.
"Fancy Bear" relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations.
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks.
The enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud financial institutions in the region.
The poisoned package, purporting to be a JavaScript utility, threatens the software supply chain with a highly obsfuscated credential stealer.
A new infostealing malware making the rounds can exfiltrate credentials and other system data even from browsing software considered more privacy-focused than mainstream options.
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.
LummaC2 formerly accounted for almost 92% of Russian Market's credential theft log alerts. Now, the Acreed infostealer has replaced its market share.
LummaC2 formerly accounted for almost 92% of Russian Market's credential theft log alerts. Now, the Acreed infostealer has replaced its market share.
Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim's computer.
The sneaky malware packs capabilities for system reconnaissance as well as credential and cryptocurrency theft.
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.
GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.
Remember when hackers used to write their own malware? Kids these days don't want to work, they just want freely available tools to do it for them.
The malware substitutes genuine apps with compromised versions, enabling attackers to pilfer credentials and recovery phrases, thus gaining access to wallets and their contents.
In separate targeted incidents, threat actors tried to upload malware into the Node Package Manager registry to gain access and steal credentials.