A new report shows just how out of control the problem has become, with infostealer activity jumping 500% in just one year, harvesting more than 1.7 billion fresh credentials.
Category: InfoSec News
InfoSec News
CoGUI phishing platform sent 580 million emails to steal credentials
A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data.
FBI shares massive list of 42,000 LabHost phishing domains
Although the LabHost operation is no longer active and the shared 42,000 domains are not likely currently used in malicious operations, there’s still significant value for cybersecurity firms and defenders.
GoSearch: Open-source OSINT tool for uncovering digital footprints – Help Net Security
GoSearch incorporates data from Hudson Rock’s Cybercrime Database, offering detailed insights into potential cybercrime connections. It also draws from BreachDirectory.org and ProxyNova databases, providing extensive access to breached data, including plain-text and hashed passwords associated with usernames. For investigators who need reliable results without unnecessary complexity, GoSearch fits the bill.
FBI: US lost record $16.6 billion to cybercrime in 2024
The most impacted group is older Americans, especially people over 60, who filed 147,127 complaints linked to approximately $4.8 billion in losses.
Hackers using malware to steal data from USB flash drives | Fox News
When infected, USB drives can spread malware not just within a single organization but also across multiple entities if shared. These attacks don’t rely on network vulnerabilities, allowing them to bypass traditional security tools.
Years-old login credential leads to leak of 270,000 Samsung customer records | CSO Online
At that time, the login credentials were stolen from the computer of an employee of IT service provider Spectos, which offers software to monitor and improve service quality. It is linked to Samsung’s German ticket system at samsung-shop.spectos.com. Apparently, the compromised credentials had not been updated for years.
23andMe is potentially selling more than just genetic data – the personal survey info it collected is just as much a privacy problem
When customers originally signed up for 23andMe, they agreed to terms and conditions and a privacy notice that allows the company to use their information for research and development as well as share their data, in aggregate, with third parties. If consumers consented to additional research, which the vast majority did, the company can additionally share their individual information with third parties. 23andMe has also been clear that if it is involved in a bankruptcy or sale of assets, consumer information might be sold or transferred.
As 23andMe goes bankrupt, millions of people’s DNA data is up for sale
“Folks have absolutely no say in where their data is going to go,” said Tazin Khan, CEO of the nonprofit Cyber Collective, which advocates for privacy rights and cybersecurity for marginalized people.
Police remove skimmer from Piggly-Wiggly on Battle Street | News | annistonstar.com
A skimmer is an electronic device that is used to steal credit or debit card information, including PIN numbers, while the victim is making a legitimate transaction.