A new type of Android malware, dubbed "Godfather," is capable of bypassing sandbox detection to steal sensitive user data from applications, including banking and cryptocurrency wallets. Researchers have noted its ability to impersonate legitimate apps and extract credentials, posing a significant threat to Android users.

Hackers breached Salesloft to steal OAuth tokens from its Drift integration with Salesforce, enabling them to exfiltrate sensitive data including AWS access keys and passwords. The attacks, attributed to the threat group UNC6395, occurred between August 8 and August 18, 2025, leading to a coordinated response that involved revoking access tokens and requiring customer re-authentication. Ongoing investigations reveal connections to broader social engineering tactics targeting Salesforce instances, linked to the ShinyHunters group.

The article discusses the emergence of a new macOS malware known as "AppleProcessHub," which is designed to steal user credentials and sensitive data. It highlights the tactics used by the malware, including its ability to bypass security measures and target specific applications. The piece also emphasizes the importance of user awareness and security practices to mitigate risks associated with such threats.

A new malware named SparkKitty has been discovered, targeting iOS and Android devices to steal sensitive images from users' photo galleries, particularly those containing cryptocurrency wallet seed phrases. It has been distributed through official app stores and malicious sites, showcasing advanced techniques to exploit app provisioning systems.

Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.

ShadowLeak is a new AI-driven data theft method that operates undetected, posing significant risks to organizations. It allows malicious actors to extract sensitive information without triggering traditional security alerts, making it a formidable threat in the cybersecurity landscape. As AI continues to evolve, the implications for data protection are profound, necessitating enhanced security measures.

The article discusses the misuse of AI agents for data theft, highlighting how malicious actors exploit AI technologies to automate and enhance their cybercriminal activities. It emphasizes the need for robust security measures and awareness to combat these evolving threats in the digital landscape.

Over 100 malicious Chrome browser extensions disguised as legitimate tools, including VPNs and AI assistants, have been identified as part of a campaign to steal user information and execute remote scripts. These extensions can hijack browser cookies and modify network traffic, posing significant security risks to users. Despite the removal of many of these extensions by Google, some remain available, highlighting the ongoing threat to unsuspecting users.

More than 31,000 banking passwords from Australian customers of major banks have been stolen and are being traded online, primarily due to malware infections on users' devices. Cybersecurity experts warn that these stolen credentials pose a significant risk of financial theft, as infostealer malware can capture a wide range of sensitive information. The rise in infostealer infections highlights the ongoing threat to personal security and the need for effective protective measures.

Conor Brian Fitzpatrick, the creator of the BreachForums hacking forum, has been resentenced to three years in prison after violating pretrial release conditions and pleading guilty to multiple charges, including conspiracy to commit access device fraud and possession of child pornography. His initial sentence of time served and 20 years of supervised release was overturned by an appeals court, leading to the new prison term. BreachForums was known for facilitating the trade of stolen data and illegal cybercrime services.

Europcar Mobility Group suffered a breach of its GitLab repositories, resulting in the theft of source code for its mobile applications and personal data of up to 200,000 customers, including names and email addresses. The hacker attempted to extort the company by threatening to release 37GB of data, although more sensitive information like financial details was not compromised. Europcar is currently assessing the damage and notifying affected customers.

The hacking group known as Scattered Spider, which previously caused significant disruption in Las Vegas, has returned to target U.K. retailers. Recent cyberattacks have impacted stores like Harrods and Marks & Spencer, leading to disruptions in online sales and potential customer data theft.

Researchers have discovered a new data-stealing malware called "Banana Squad" that is being distributed through GitHub repositories. This malware targets sensitive user information and is linked to various malicious activities, raising concerns about the safety of open-source software hosting platforms. Users are advised to be vigilant and avoid downloading suspicious repositories to protect their data.

Fake software activation videos circulating on TikTok are promoting the Vidar stealer malware, which compromises user data and credentials. Users are lured into downloading malicious software disguised as legitimate tools, leading to significant security risks and potential data breaches. The article highlights the importance of cybersecurity awareness in the face of such deceptive tactics on social media platforms.

A significant smishing campaign attributed to a Chinese-speaking threat actor, known as the Smishing Triad, has exploited over 194,000 domains to gather sensitive information, including Social Security numbers. The campaign impersonates various services, targeting users worldwide, and employs a decentralized approach to evade detection.