Security news aggregator

Latest coverage for Theft

Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.

26 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.

Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.

Showing 20 most recent headlines of 26 Filtered view

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks.

System prompt engineering turns benign AI assistants into 'investigator' and 'detective' roles that bypass privacy guardrails A team of boffins is warning that AI chatbots built on large language models (LLM) can be tuned into malicious agents to autonomously harvest users’ personal data, even by attackers with "minimal technical expertise”, thanks to "system prompt" customization tools from OpenAI and others.…

Some custom malware, some legit software tools At least a dozen ransomware gangs have incorporated kernel-level EDR killers into their malware arsenal, allowing them to bypass almost every major endpoint security tool on the market, escalate privileges, and ultimately steal and encrypt data before extorting victims into paying a ransom.…

Also: Spain Defies Pressure to Eject Huawei, Hackers Leak North Korea Kimsuky DataThis week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.

Proof-of-Concept Attack Demonstrates FIDO Downgrade Against Microsoft Entra IDThe FIDO standard, a bulwark against credential-stealing phishing attacks, has an implementation chink that's poised for commoditization by cybercriminals, say security researchers in news that's good for phishing-as-a-service providers but terrible for everyone else.

Also: Trump Signs Pro-Crypto EO, Credix Disappears After $4.5M HackEvery week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, includes Do Kwon's guilty plea, Trump's crypto-linked executive order, Credix's post-hack disappearance, $7M Odin.fun exploit and hackers using fake Firefox crypto wallet extensions for theft.

Minnesota’s capital is the latest to feature on Interlock’s leak blog after late-July cyberattack The Interlock ransomware gang has flaunted a 43GB haul of files allegedly stolen from the city of Saint Paul, following a late-July cyberattack that forced the Minnesota capital to declare a state of national emergency.…

Clinical Diagnostics Lab Hack Among Latest Recent Cyberattacks in the NetherlandsA Dutch population health research agency is notifying 485,000 participants of a cervical cancer screening program of a hacking incident at a clinical diagnostics laboratory that potentially compromised patients' personal and health information, including lab test results.

And yes, there’s the usual credit monitoring Global staffing firm Manpower confirmed ransomware criminals broke into its Lansing, Michigan franchise's network and stole personal information belonging to 144,189 people, months after the extortionists claimed that they pilfered "all of [the company's] confidential data." …

An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show

Healthcare led all industries in 2024 breaches—over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep care running. Try it free for 1 month. [...]

At Least 918K Affected in 2024 BianLian Data Theft AttackA New York-based pediatric practice and its managed services vendor have agreed to pay $5.15 million to settle a proposed class action lawsuit stemming from a 2024 data theft attack affecting more than 918,000 people and allegedly carried out by cybercrime gang BianLian.

Loading more headlines...