TamperedChef infostealer delivered through fraudulent PDF Editor
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. [...]
Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.
Search across headline titles and summaries.
Background for this topic.
Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.
Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. [...]
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity
Cybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef
Google reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access Google Workspace email accounts in addition to Salesforce data. [...]
The credit reporting agency said the breach was "limited to specific data elements" and didn't include credit reports or core credit information.
'The homeland is no longer secure,' says Defense Counterintelligence and Security Agency leader The Pentagon outfit responsible for preventing foriegn agents from infiltrating defense agencies says the US isn't doing a very good job of preventing state secrets from falling into Chinese hands.…
Also: Taiwan Charges 14 in $41M Fraud; 1,200 Arrested in Cybercrime BustThis week, a scammer posed as police to steal bitcon, Taiwan charged 14 in a $41M fraud case, U.S. regulators lifted a consent order on Anchorage Digital, U.S. federal prosecutors said "writing code" alone is not a crime and the U.S. Commodity Futures Trading Commission expanded crypto engagement.
Also: Taiwan Charges 14 in $41M Fraud; 1,200 Arrested in Cybercrime BustThis week, a scammer posed as police to steal bitcon, Taiwan charged 14 in a $41M fraud case, U.S. regulators lifted a consent order on Anchorage Digital, U.S. federal prosecutors said "writing code" alone is not a crime and the U.S. Commodity Futures Trading Commission expanded crypto engagement.
Nevada’s CIO confirmed in a press conference that ransomware actors had exfiltrated data from state networks, amid an ongoing incident investigation
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. [...]
Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems. [...]
A group tracked as UNC6395 engaged in "widespread data theft" via compromised OAuth tokens from a third-party app called Salesloft Drift.
Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.…
Don't let it happen to you Storm-0501, a financially motivated cybercrime crew, recently broke into a large enterprise's on-premises and cloud environments, ultimately exfiltrating and destroying data within the org's Azure environment. The criminals then contacted the victim via a Microsoft Teams account that they'd also compromised in the attack, demanding a ransom payment for the stolen files.…
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025
Attackers steal OAuth tokens to access third-party sales platform, then CRM data in 'widespread campaign' Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft Drift app.…
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent
Google is warning of a new credential theft campaign targeting Salesforce customers via Salesloft Drift
Crime Gang 'Underground' Claimed Data Theft From Healthcare Services GroupA publicly traded Pennsylvania-based firm that provides dining, housekeeping and laundry services to long-term care and skilled nursing facilities is notifying nearly 624,500 people of a 2024 hacking incident that took nearly nine months for the company to investigate.
'Many dozens' targeted in ongoing campaign, CheckPoint researcher tells The Reg Cybercriminals are targeting critical US manufacturers and supply-chain companies, looking to steal sensitive IP and other data while deploying ransomware. Their attack involves a novel twist on phishing — and a photo of White House butlers. …