Hundreds of e-commerce sites have been compromised in a supply-chain attack that allowed malware to execute malicious code in visitors' browsers, potentially stealing sensitive payment information. The attack involved at least three software providers and may have affected up to 1,000 sites, with the malware remaining dormant for six years before activation. Security firm Sansec reported limited global remediation efforts for the affected customers, including a major multinational company.

A new report reveals that the Chinese threat group known as JewelBug has been operating quietly, focusing on cyber espionage and the theft of sensitive data from various industries. The group employs sophisticated tactics to infiltrate networks and evade detection, posing a significant risk to national security and corporate information.

The article discusses the emergence of a new macOS malware known as "AppleProcessHub," which is designed to steal user credentials and sensitive data. It highlights the tactics used by the malware, including its ability to bypass security measures and target specific applications. The piece also emphasizes the importance of user awareness and security practices to mitigate risks associated with such threats.

An Oregon agency has announced that hackers successfully stole sensitive data during a recent cyberattack. The breach has raised concerns about the security of personal information and the measures being taken to protect it moving forward.

Hackers breached Salesloft to steal OAuth tokens from its Drift integration with Salesforce, enabling them to exfiltrate sensitive data including AWS access keys and passwords. The attacks, attributed to the threat group UNC6395, occurred between August 8 and August 18, 2025, leading to a coordinated response that involved revoking access tokens and requiring customer re-authentication. Ongoing investigations reveal connections to broader social engineering tactics targeting Salesforce instances, linked to the ShinyHunters group.

A new type of Android malware, dubbed "Godfather," is capable of bypassing sandbox detection to steal sensitive user data from applications, including banking and cryptocurrency wallets. Researchers have noted its ability to impersonate legitimate apps and extract credentials, posing a significant threat to Android users.

Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.

A new malware named SparkKitty has been discovered, targeting iOS and Android devices to steal sensitive images from users' photo galleries, particularly those containing cryptocurrency wallet seed phrases. It has been distributed through official app stores and malicious sites, showcasing advanced techniques to exploit app provisioning systems.

The latest version of the 'Crocodilus' Android malware now includes a feature that adds fake contacts to infected devices, allowing attackers to spoof trusted callers and enhance their social engineering tactics. Initially identified in Turkey, the malware has expanded its reach globally and incorporates advanced evasion techniques to avoid detection while stealing sensitive data. Android users are advised to exercise caution and download only from trusted sources to mitigate risks.

ShadowLeak is a new AI-driven data theft method that operates undetected, posing significant risks to organizations. It allows malicious actors to extract sensitive information without triggering traditional security alerts, making it a formidable threat in the cybersecurity landscape. As AI continues to evolve, the implications for data protection are profound, necessitating enhanced security measures.

DragonForce ransomware group has claimed responsibility for a cyberattack on Belk, resulting in the theft of over 150 gigabytes of data. The attack, which occurred in May, led to significant disruptions in both online and physical operations for the department store chain. Belk has since taken measures to secure its systems, including disconnecting affected networks and rebuilding compromised systems.

The FBI has issued a warning about two cybercriminal groups, UNC6040 and UNC6395, that are exploiting Salesforce environments to steal data and extort organizations. These groups have employed various tactics, including social engineering and the use of compromised OAuth tokens, impacting many well-known companies and revealing sensitive information in their attacks. The FBI has released indicators of compromise to help organizations bolster their defenses against these threats.

Hackers have exploited a deserialization vulnerability in Gladinet CentreStack's file-sharing software, tracked as CVE-2025-30406, to breach storage servers since March 2025. The flaw, caused by a hardcoded machineKey, allows attackers to inject malicious payloads and execute code on affected systems. Gladinet has released security updates and recommends users upgrade or rotate the machineKey to mitigate risks.

The article discusses the misuse of AI agents for data theft, highlighting how malicious actors exploit AI technologies to automate and enhance their cybercriminal activities. It emphasizes the need for robust security measures and awareness to combat these evolving threats in the digital landscape.

Over 100 malicious Chrome browser extensions disguised as legitimate tools, including VPNs and AI assistants, have been identified as part of a campaign to steal user information and execute remote scripts. These extensions can hijack browser cookies and modify network traffic, posing significant security risks to users. Despite the removal of many of these extensions by Google, some remain available, highlighting the ongoing threat to unsuspecting users.

Researchers from King's College London warn that large language model (LLM) chatbots can be easily manipulated into malicious tools for data theft, even by individuals with minimal technical knowledge. By using "system prompt" engineering, these chatbots can be instructed to act as investigators, significantly increasing their ability to elicit personal information from users while bypassing existing privacy safeguards. The study highlights a concerning gap in user awareness regarding privacy risks associated with these AI interactions.

Conor Brian Fitzpatrick, the creator of the BreachForums hacking forum, has been resentenced to three years in prison after violating pretrial release conditions and pleading guilty to multiple charges, including conspiracy to commit access device fraud and possession of child pornography. His initial sentence of time served and 20 years of supervised release was overturned by an appeals court, leading to the new prison term. BreachForums was known for facilitating the trade of stolen data and illegal cybercrime services.

A new form of cyber attack known as "choicejacking" has emerged, allowing hackers to exploit public charging stations to steal data from mobile devices. Users may unknowingly grant access to their personal information when connecting to compromised chargers, highlighting the importance of being cautious about public charging options.

More than 31,000 banking passwords from Australian customers of major banks have been stolen and are being traded online, primarily due to malware infections on users' devices. Cybersecurity experts warn that these stolen credentials pose a significant risk of financial theft, as infostealer malware can capture a wide range of sensitive information. The rise in infostealer infections highlights the ongoing threat to personal security and the need for effective protective measures.

The Russian Market has gained popularity as a cybercrime marketplace for stolen credentials, particularly after the takedown of the Genesis Market. With a majority of sold credentials recycled from existing sources, the market features a significant number of logs containing sensitive information, including SaaS and SSO credentials. The rise of new infostealers like Acreed is noted, following the disruption of the Lumma stealer, indicating a dynamic landscape in cybercrime activities.

A structured defensive framework is presented to protect SaaS platforms, particularly Salesforce, from the financially motivated threat cluster UNC6040, which exploits social engineering tactics like voice phishing to gain unauthorized access. The article outlines proactive hardening measures, identity verification processes, and logging protocols to enhance security against such threats.

Europcar Mobility Group suffered a breach of its GitLab repositories, resulting in the theft of source code for its mobile applications and personal data of up to 200,000 customers, including names and email addresses. The hacker attempted to extort the company by threatening to release 37GB of data, although more sensitive information like financial details was not compromised. Europcar is currently assessing the damage and notifying affected customers.

Researchers have discovered a new data-stealing malware called "Banana Squad" that is being distributed through GitHub repositories. This malware targets sensitive user information and is linked to various malicious activities, raising concerns about the safety of open-source software hosting platforms. Users are advised to be vigilant and avoid downloading suspicious repositories to protect their data.

The hacking group known as Scattered Spider, which previously caused significant disruption in Las Vegas, has returned to target U.K. retailers. Recent cyberattacks have impacted stores like Harrods and Marks & Spencer, leading to disruptions in online sales and potential customer data theft.

Two malicious RubyGems packages masquerading as Fastlane plugins have been discovered, intercepting Telegram API requests to steal sensitive data such as chat IDs, message content, and bot tokens. The packages, which typosquat legitimate Fastlane plugins, redirect data to attacker-controlled servers, posing a significant risk to developers using these tools. Affected users are advised to remove the malicious gems and rotate their bot tokens immediately.

A significant smishing campaign attributed to a Chinese-speaking threat actor, known as the Smishing Triad, has exploited over 194,000 domains to gather sensitive information, including Social Security numbers. The campaign impersonates various services, targeting users worldwide, and employs a decentralized approach to evade detection.

A widespread data theft campaign targeting Salesforce instances via the Salesloft Drift application has been uncovered, with the threat actor UNC6395 compromising OAuth tokens to exfiltrate sensitive data. Organizations using Salesloft Drift are urged to treat their credentials as compromised and take immediate remediation steps, including revoking tokens and investigating potential unauthorized access.

Fake software activation videos circulating on TikTok are promoting the Vidar stealer malware, which compromises user data and credentials. Users are lured into downloading malicious software disguised as legitimate tools, leading to significant security risks and potential data breaches. The article highlights the importance of cybersecurity awareness in the face of such deceptive tactics on social media platforms.