Recent reports of a massive credentials leak are misleading, as the exposed data comprises previously stolen credentials collected over time from infostealers and data breaches, rather than a new data breach. Users are advised to maintain good cybersecurity practices, including using unique passwords and enabling two-factor authentication to protect their accounts from potential threats.

Oracle has informed clients of a second cybersecurity breach in which a hacker stole old client log-in credentials from its systems. The stolen data, which includes credentials from as recently as 2024, is being investigated by the FBI and cybersecurity firm CrowdStrike, with the company assuring clients that the compromised system has not been in use for eight years, minimizing the risk.

Scammers are targeting LastPass users by sending deceptive messages claiming that the users are deceased in an attempt to extract their login credentials. These phishing attempts exploit users' emotions and trust to gain unauthorized access to their accounts. Users are advised to remain vigilant and report any suspicious communications.

A phishing kit called CoGUI has sent over 580 million emails aimed at stealing credentials and payment data, primarily targeting Japan, but also affecting other countries like the US and Canada. The campaign peaked in January 2025 with 170 campaigns targeting millions of users, and it has been linked to threat actors from China. Researchers warn that the kit's adoption could expand its reach to other cybercriminals and regions.