#infosec #malware #infostealers

3000 YouTube videos Exposed as Malware

https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.html?m=1&s=09

Rival hackers have doxxed the alleged operators behind #LummaStealer, one of the biggest data-theft malware services. The leaks have caused internal chaos and slowed its growth.

Read: https://hackread.com/rival-hackers-dox-lumma-stealer-operators/

#CyberSecurity #Malware #InfoStealers #InfoSec #CyberCrime

How infostealers have changed the cybersecurity landscape #CyberSecurity #Infostealers

https://betanews.com/2025/10/22/how-infostealers-have-changed-the-cybersecurity-landscape/

A seemingly routine tool update could be a trap—malware like AMOS and Odyssey are stealthily targeting macOS developers and snatching credentials and source code. Are you prepared for this new wave of cyber threats?

https://thedefendopsdiaries.com/the-rise-of-infostealers-amos-and-odyssey-target-macos-developers/

#macossecurity
#infostealers
#cyberthreats
#amosmalware
#odysseymalware

The Register: FileFix attacks use fake Facebook security alerts to trick victims into running infostealers. “An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader on Windows machines.”

https://rbfirehose.com/2025/09/20/the-register-filefix-attacks-use-fake-facebook-security-alerts-to-trick-victims-into-running-infostealers/

I grew tired of feeling helpless against supply-chain attacks that steal credentials (#infostealers), so I created a program that reliably detects & stops them on macOS, Linux, and other OS's. What should I call it?

🚨 PayPal credentials leak claim 🚨
Hacker “Chucky_BF” is offering 15.8M PayPal login pairs (emails + plaintext passwords).

Troy Hunt: “Given passwords definitely didn’t come from PayPal in plain text, they’ve either been obtained another way (infostealer, credential stuffing) or there’s another explanation for this claim.”

⚠️ Possible sources: malware, reused credentials, or stuffing attacks.

Details ➡️ https://www.technadu.com/almost-16-million-paypal-credentials-leak-claim-sparks-security-concerns/606322/

#CyberSecurity #PayPal #Infostealers

🔐 Compromised credentials are just the beginning.

Splunk's PLoB project builds AI fingerprints of post-login behavior to spot intrusions—before attackers gain persistence.
✅ AI vectors
✅ Cosine similarity
✅ Human-style context summaries
✅ Detects both weird users and bots

Behavioral threat hunting, redefined.
#CyberSecurity #Infostealers #BehavioralDetection

A major leak has revealed the operations behind North Korea’s state-linked IT workforce.

Slack logs and spreadsheets show how coders apply for remote gigs worldwide, sending back an estimated $600M/year to fund a heavily sanctioned regime.

#NorthKorea #CyberThreatIntel #Infostealers #sanctionsevasion #APT

What is Wi-Fi sensing, and how does it detect human motion in the home? | Kaspersky official blog

All about Wi-Fi sensing: how it works, pluses, minuses, settings.

Wi-Fi can be used to track people’s (and pets’) movements in the home — from the tiniest gestures, such as hand waves. This application of Wi-Fi is nothing new in theory, but only recently has it been put on a commercial footing. The technology is now being offered by home internet providers and equipment vendors. It may even be incorporated in the new Wi-Fi standard, so it’s important to understand the associated pros […]

https://whalers.ir/blog/what-is-wi-fi-sensing-and-how-does-it-detect-human-motion-in-the-home-kaspersky-official-blog/9536/

HR guidelines phishing email | Kaspersky official blog

A malicious actor employing spear-phishing techniques to mass-mail fake HR guidelines.

We’ve been seeing attempts at using spear-phishing tricks on a mass scale for quite a while now. These efforts are typically limited to slightly better than usual email styling that mimics a specific company, faking a corporate sender via ghost spoofing, and personalizing the message, which, at best, means addressing the victim by name. However, in March of this year, we began noticing a particularly […]

https://whalers.ir/blog/hr-guidelines-phishing-email-kaspersky-official-blog/9545/

Update Microsoft SharePoint ASAP | Kaspersky official blog

Attackers are actively exploiting vulnerabilities CVE-2025-53770 and CVE-2025-53771 to gain control of Microsoft SharePoint servers.

Unknown malefactors are actively attacking companies that use SharePoint Server 2016, SharePoint Server 2019 and SharePoint Server Subscription Edition. By exploiting a chain of two vulnerabilities – CVE-2025-53770 (CVSS rating – 9.8) and CVE-2025-53771 (CVSS rating – 6.3), attackers are able to execute malicious code on the server remotely. The severity […]

https://whalers.ir/blog/update-microsoft-sharepoint-asap-kaspersky-official-blog/9554/

Common mistakes in using CVSS | Kaspersky official blog

Why CVSS cannot be the sole tool for vulnerability assessment, and how to prioritize vulnerabilities correctly

When you first encounter CVSS (Common Vulnerability Scoring System), it’s easy to think this is the perfect tool for triaging and prioritizing vulnerabilities. A higher score must mean a more critical vulnerability, right? In reality, that approach doesn’t quite work out. Every year, we see an increasing number of vulnerabilities with high CVSS scores. Security teams just […]

https://whalers.ir/blog/common-mistakes-in-using-cvss-kaspersky-official-blog/9563/

How to set up security and privacy in Garmin apps | Kaspersky official blog

We guide you step-by-step through configuring your Garmin smart device security settings, and reveal how malicious actors could potentially misuse your data.

Sports smartwatches continue to be a prime target for cybercriminals, offering a wealth of sensitive information about potential victims. We’ve previously discussed how fitness tracking apps collect and share user data: most of them publicly display your workout logs, including precise geolocation, by default.

It turns out that […]

https://whalers.ir/blog/how-to-set-up-security-and-privacy-in-garmin-apps-kaspersky-official-blog/9570/

How to protect yourself from Google Forms scams | Kaspersky official blog

We’re sharing a recent example of a scam using Google Forms and a way to completely avoid it.

You’ve probably filled out a Google Forms survey at least once — likely signing up for an event, taking a poll, or gathering someone else’s contacts. No wonder you did — this is a convenient and easy-to-use service backed by a tech giant. This simplicity and trust have become the perfect cover for a new wave of online scams. Fraudsters have figured out how to use Google Forms to hide their […]

https://whalers.ir/blog/how-to-protect-yourself-from-google-forms-scams-kaspersky-official-blog/9587/

Hijacking Discord invite links to install malware | Kaspersky official blog

Attackers hijack Discord invite links to redirect users to malicious servers and install AsyncRAT and Skuld Stealer.

Attackers are using expired and deleted Discord invite links to distribute two strains of malware: AsyncRAT for taking remote control of infected computers, and Skuld Stealer for stealing crypto wallet data. They do this by exploiting a vulnerability in Discord’s invite link system to stealthily redirect users from trusted sources to malicious servers.

The attack leverages […]

https://whalers.ir/blog/hijacking-discord-invite-links-to-install-malware-kaspersky-official-blog/9605/

Are passkeys enterprise-ready? | Kaspersky official blog

Regulation and the evolving threat landscape are driving companies to adopt more resilient forms of employee authentication. Are passkeys a cost-effective and straightforward replacement for traditional passwords?

Every major tech giant touts passkeys as an effective, convenient password replacement that can end phishing and credential leaks. The core idea is simple: you sign in with a cryptographic key that’s stored securely in a special hardware module on your device, and you unlock that […]

https://whalers.ir/blog/are-passkeys-enterprise-ready-kaspersky-official-blog/9627/

What to do if you get a phishing email | Kaspersky official blog

How to detect phishing emails, and what to do with them.

Phishing emails typically end up in the spam folder, because today’s security systems easily recognize most of them; however, these systems aren’t completely reliable, so some bona fide email messages land in the junk folder too. This article explains how to detect phishing emails, and what to do about them.

Signs of phishing email

There are several markers that are widely believed to indicate a message sent by scammers. Below […]

https://whalers.ir/blog/what-to-do-if-you-get-a-phishing-email-kaspersky-official-blog/9646/

Passkey support in business applications | Kaspersky official blog

Which corporate systems and applications support passkeys, and how to implement them properly?

Transition to passkeys promises organizations a cost-effective path toward robust employee authentication, increased productivity, and regulatory compliance. We’ve already covered all the pros and cons of this business solution in a separate, in-depth article. However, the success of the transition — and even its feasibility — really hinges on the technical details and implementation […]

https://whalers.ir/blog/passkey-support-in-business-applications-kaspersky-official-blog/9664/

The hidden risks of browser extensions – and how to stay safe

Go to Source