Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials
Stolen credentials can enable account takeover and lateral movement; phishing-resistant MFA, password managers, and rapid revocation reduce the risk.
Search across headline titles and summaries.
Background for this topic.
Credentials are the data used to verify a user's identity to a system, commonly including usernames, passwords, security tokens, or biometric identifiers. They serve as gatekeepers for access to accounts, applications, and sensitive information. Attackers target credentials to impersonate users, escalate privileges, or gain unauthorized system access.
Compromise of credentials can occur through phishing, credential stuffing, or theft from insecure storage. Effective defenses include enforcing strong, unique passwords, implementing multi-factor authentication (MFA), and securely storing credentials using hashing or encryption. Monitoring for unusual login patterns and promptly revoking compromised credentials are also critical to limit attacker impact.
Weekly headline count for the current query.
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials
CISA reveals how it responded after sensitive AWS GovCloud credentials and internal data were exposed in a public GitHub repository
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets
Verizon DBIR finds 31% of data breaches began with software flaws last year
Cifas says that 13% of employees admit selling company credentials to a former colleague
Microsoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwide
Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials
KELA claims infostealers remained the primary access vector for attacks in 2025
Malicious npm packages spread via worm-like propagation and steal developer credentials
Chrome’s Device Bound Session Credentials is designed to block infostealers from harvesting session cookie
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration
Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams