RedTiger is a new malware designed to steal data from Discord users, particularly targeting French gamers. It captures authentication tokens, payment information, and can even access webcams. The malware operates stealthily, evading detection and maintaining access even if passwords are changed.

Coinbase reported an insider breach involving a contractor who accessed data of about thirty customers in December. This incident follows the release of internal screenshots by a group called "Scattered Lapsus Hunters," though it's unclear if they were involved in the breach. Coinbase has informed affected users and relevant regulators.

France's Interior Ministry confirmed a significant cyberattack that compromised its email systems and potentially sensitive internal files. The hacker, known as Indra, claims deeper access to law enforcement databases and has threatened to sell the data unless contacted by the government. A 22-year-old suspect has been arrested, but authorities have not confirmed if he is Indra.

WorldLeaks claims to have stolen 1.4TB of internal data from Nike, focusing on design and manufacturing files rather than customer information. Nike is currently investigating the potential breach but has not confirmed the theft or whether a ransom will be paid. The incident highlights the growing risk for sportswear companies amidst rising data theft targeting their internal processes.

A recent investigation revealed over thirty vulnerabilities in major AI-integrated IDEs, exposing them to data theft and remote code execution. The flaws stem from how AI agents interact with existing IDE features, creating new attack vectors that attackers can exploit. Immediate mitigations are possible, but a fundamental redesign of IDEs is necessary for long-term security.

Researchers from Varonis discovered a flaw in Microsoft’s Copilot AI that allowed attackers to steal sensitive user data with a single click. By embedding malicious instructions in a legitimate URL, they extracted information like user names and locations without needing further user interaction. The exploit bypassed standard security measures.

Researchers have uncovered a new Windows malware campaign using Pulsar RAT and Stealerv37. This malware can steal passwords, crypto, and gaming accounts while allowing hackers to interact with victims through a live chat window. It evades detection by running entirely in memory and hijacking trusted system tools.

The article details a sophisticated malware operation by North Korean threat actors using npm packages to deliver malicious code. It explains how they utilize GitHub and Vercel to manage and deploy payloads, highlighting various tactics for data theft, including clipboard access, keylogging, and file exfiltration.

Arizona Attorney General Kris Mayes has filed a lawsuit against the Chinese retailer Temu, accusing it of stealing sensitive customer data and misleading consumers about its products. The lawsuit also raises concerns about Temu's compliance with Chinese laws that could force it to share data with the government. Mayes recommends that Arizonans delete their Temu accounts and check their devices for malware.

A long-running campaign by a group called ShadyPanda has infected 4.3 million users of Chrome and Edge with spyware hidden in legitimate-looking browser extensions. Some of these extensions, still available on the Edge store, allow attackers to track user behavior and steal sensitive data. Researchers warn that the infrastructure for attacks remains active even after the extensions have been removed.

Hundreds of e-commerce sites have been compromised in a supply-chain attack that allowed malware to execute malicious code in visitors' browsers, potentially stealing sensitive payment information. The attack involved at least three software providers and may have affected up to 1,000 sites, with the malware remaining dormant for six years before activation. Security firm Sansec reported limited global remediation efforts for the affected customers, including a major multinational company.

A new report reveals that the Chinese threat group known as JewelBug has been operating quietly, focusing on cyber espionage and the theft of sensitive data from various industries. The group employs sophisticated tactics to infiltrate networks and evade detection, posing a significant risk to national security and corporate information.

The article discusses the emergence of a new macOS malware known as "AppleProcessHub," which is designed to steal user credentials and sensitive data. It highlights the tactics used by the malware, including its ability to bypass security measures and target specific applications. The piece also emphasizes the importance of user awareness and security practices to mitigate risks associated with such threats.

An Oregon agency has announced that hackers successfully stole sensitive data during a recent cyberattack. The breach has raised concerns about the security of personal information and the measures being taken to protect it moving forward.

Hackers breached Salesloft to steal OAuth tokens from its Drift integration with Salesforce, enabling them to exfiltrate sensitive data including AWS access keys and passwords. The attacks, attributed to the threat group UNC6395, occurred between August 8 and August 18, 2025, leading to a coordinated response that involved revoking access tokens and requiring customer re-authentication. Ongoing investigations reveal connections to broader social engineering tactics targeting Salesforce instances, linked to the ShinyHunters group.

A new type of Android malware, dubbed "Godfather," is capable of bypassing sandbox detection to steal sensitive user data from applications, including banking and cryptocurrency wallets. Researchers have noted its ability to impersonate legitimate apps and extract credentials, posing a significant threat to Android users.

The latest version of the 'Crocodilus' Android malware now includes a feature that adds fake contacts to infected devices, allowing attackers to spoof trusted callers and enhance their social engineering tactics. Initially identified in Turkey, the malware has expanded its reach globally and incorporates advanced evasion techniques to avoid detection while stealing sensitive data. Android users are advised to exercise caution and download only from trusted sources to mitigate risks.

Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.

A new malware named SparkKitty has been discovered, targeting iOS and Android devices to steal sensitive images from users' photo galleries, particularly those containing cryptocurrency wallet seed phrases. It has been distributed through official app stores and malicious sites, showcasing advanced techniques to exploit app provisioning systems.

ShadowLeak is a new AI-driven data theft method that operates undetected, posing significant risks to organizations. It allows malicious actors to extract sensitive information without triggering traditional security alerts, making it a formidable threat in the cybersecurity landscape. As AI continues to evolve, the implications for data protection are profound, necessitating enhanced security measures.

DragonForce ransomware group has claimed responsibility for a cyberattack on Belk, resulting in the theft of over 150 gigabytes of data. The attack, which occurred in May, led to significant disruptions in both online and physical operations for the department store chain. Belk has since taken measures to secure its systems, including disconnecting affected networks and rebuilding compromised systems.

The FBI has issued a warning about two cybercriminal groups, UNC6040 and UNC6395, that are exploiting Salesforce environments to steal data and extort organizations. These groups have employed various tactics, including social engineering and the use of compromised OAuth tokens, impacting many well-known companies and revealing sensitive information in their attacks. The FBI has released indicators of compromise to help organizations bolster their defenses against these threats.

The article discusses the misuse of AI agents for data theft, highlighting how malicious actors exploit AI technologies to automate and enhance their cybercriminal activities. It emphasizes the need for robust security measures and awareness to combat these evolving threats in the digital landscape.

Hackers have exploited a deserialization vulnerability in Gladinet CentreStack's file-sharing software, tracked as CVE-2025-30406, to breach storage servers since March 2025. The flaw, caused by a hardcoded machineKey, allows attackers to inject malicious payloads and execute code on affected systems. Gladinet has released security updates and recommends users upgrade or rotate the machineKey to mitigate risks.

Over 100 malicious Chrome browser extensions disguised as legitimate tools, including VPNs and AI assistants, have been identified as part of a campaign to steal user information and execute remote scripts. These extensions can hijack browser cookies and modify network traffic, posing significant security risks to users. Despite the removal of many of these extensions by Google, some remain available, highlighting the ongoing threat to unsuspecting users.

Researchers from King's College London warn that large language model (LLM) chatbots can be easily manipulated into malicious tools for data theft, even by individuals with minimal technical knowledge. By using "system prompt" engineering, these chatbots can be instructed to act as investigators, significantly increasing their ability to elicit personal information from users while bypassing existing privacy safeguards. The study highlights a concerning gap in user awareness regarding privacy risks associated with these AI interactions.

A new form of cyber attack known as "choicejacking" has emerged, allowing hackers to exploit public charging stations to steal data from mobile devices. Users may unknowingly grant access to their personal information when connecting to compromised chargers, highlighting the importance of being cautious about public charging options.

A structured defensive framework is presented to protect SaaS platforms, particularly Salesforce, from the financially motivated threat cluster UNC6040, which exploits social engineering tactics like voice phishing to gain unauthorized access. The article outlines proactive hardening measures, identity verification processes, and logging protocols to enhance security against such threats.

The Russian Market has gained popularity as a cybercrime marketplace for stolen credentials, particularly after the takedown of the Genesis Market. With a majority of sold credentials recycled from existing sources, the market features a significant number of logs containing sensitive information, including SaaS and SSO credentials. The rise of new infostealers like Acreed is noted, following the disruption of the Lumma stealer, indicating a dynamic landscape in cybercrime activities.

More than 31,000 banking passwords from Australian customers of major banks have been stolen and are being traded online, primarily due to malware infections on users' devices. Cybersecurity experts warn that these stolen credentials pose a significant risk of financial theft, as infostealer malware can capture a wide range of sensitive information. The rise in infostealer infections highlights the ongoing threat to personal security and the need for effective protective measures.

Conor Brian Fitzpatrick, the creator of the BreachForums hacking forum, has been resentenced to three years in prison after violating pretrial release conditions and pleading guilty to multiple charges, including conspiracy to commit access device fraud and possession of child pornography. His initial sentence of time served and 20 years of supervised release was overturned by an appeals court, leading to the new prison term. BreachForums was known for facilitating the trade of stolen data and illegal cybercrime services.

Europcar Mobility Group suffered a breach of its GitLab repositories, resulting in the theft of source code for its mobile applications and personal data of up to 200,000 customers, including names and email addresses. The hacker attempted to extort the company by threatening to release 37GB of data, although more sensitive information like financial details was not compromised. Europcar is currently assessing the damage and notifying affected customers.

Researchers have discovered a new data-stealing malware called "Banana Squad" that is being distributed through GitHub repositories. This malware targets sensitive user information and is linked to various malicious activities, raising concerns about the safety of open-source software hosting platforms. Users are advised to be vigilant and avoid downloading suspicious repositories to protect their data.

The hacking group known as Scattered Spider, which previously caused significant disruption in Las Vegas, has returned to target U.K. retailers. Recent cyberattacks have impacted stores like Harrods and Marks & Spencer, leading to disruptions in online sales and potential customer data theft.

Two malicious RubyGems packages masquerading as Fastlane plugins have been discovered, intercepting Telegram API requests to steal sensitive data such as chat IDs, message content, and bot tokens. The packages, which typosquat legitimate Fastlane plugins, redirect data to attacker-controlled servers, posing a significant risk to developers using these tools. Affected users are advised to remove the malicious gems and rotate their bot tokens immediately.

A significant smishing campaign attributed to a Chinese-speaking threat actor, known as the Smishing Triad, has exploited over 194,000 domains to gather sensitive information, including Social Security numbers. The campaign impersonates various services, targeting users worldwide, and employs a decentralized approach to evade detection.

A widespread data theft campaign targeting Salesforce instances via the Salesloft Drift application has been uncovered, with the threat actor UNC6395 compromising OAuth tokens to exfiltrate sensitive data. Organizations using Salesloft Drift are urged to treat their credentials as compromised and take immediate remediation steps, including revoking tokens and investigating potential unauthorized access.

Fake software activation videos circulating on TikTok are promoting the Vidar stealer malware, which compromises user data and credentials. Users are lured into downloading malicious software disguised as legitimate tools, leading to significant security risks and potential data breaches. The article highlights the importance of cybersecurity awareness in the face of such deceptive tactics on social media platforms.