Skip to content
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files onRead More »Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a “critical” Windows security update. “Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributedRead More »JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover

Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek.

WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation

Palo Alto Networks has conducted an analysis of malicious LLMs that help threat actors with phishing, malware development, and reconnaissance.  The post WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation appeared first on SecurityWeek.

Major US Banks Impacted by SitusAMC Hack

Hackers stole corporate data such as accounting records and legal agreements, but did not deploy file-encrypting ransomware. The post Major US Banks Impacted by SitusAMC Hack appeared first on SecurityWeek.

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. “This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user’s browser, which can beRead More »ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. “This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,” Morphisec researcher Shmuel Uzan said in a reportRead More »Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Copyright © 2026 infosecintel.net