Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users
Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.
Search across headline titles and summaries.
Background for this topic.
Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.
Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users
An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. [...]
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. [...]
The malicious actor used Slack channels as an exfiltration point to upload the stolen data.
In happier news, Ubuntu Pro extended support now goes up to 12 years After multiple waves of cryptocurrency credential-stealing apps were uploaded to the Snap store, Canonical is changing its policies.…
Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total NHS Scotland says it managed to contain a ransomware group's malware to a regional branch, preventing the spread of infection across the entire institution.…
A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [...]
Phishing-as-a-Service Platform Lets Hackers Impersonate More Than 1,100 DomainsA phishing-as-a-service platform that allows cybercriminals to impersonate more than 1,100 domains has over the past half year become one of the most widespread adversary-in-the-middle platforms. Attackers are meeting the rise of multifactor authentication by using tools such as Tycoon 2FA.
Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders Thousands of companies remain vulnerable to a remote-code-execution bug in Ray, an open-source AI framework used by Amazon, OpenAI, and others, that is being abused by miscreants in the wild to steal sensitive data and illicitly mine for cryptocurrency.…
The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland. [...]
Plus: Alleged front sanctioned, UK blames PRC for Electoral Commission theft, and does America need a Cyber Force? The United States on Monday accused seven Chinese men of breaking into computer networks, email accounts, and cloud storage belonging to numerous critical infrastructure organizations, companies, and individuals, including politicians and their political parties.…
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site
A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. [...]