Latest news with #BreachForums
Techday NZ
30-05-2025
- Techday NZ
Experts warn of surge in Google, Apple, Microsoft breaches
Cybersecurity experts are raising alarm over a significant campaign targeting users through the Google Chrome Web Store, as well as the discovery of a vast database containing hundreds of millions of stolen log-in credentials. The recent developments underscore rising risks associated with browser extensions and the continuing vulnerabilities in digital identity platforms. "A Google Chrome Web Store campaign is using over 100 malicious browsers that mimic tools like VPNs, AI assistants, and crypto utilities to steal cookies and execute remote scripts secretly. Though Google has removed many extensions identified, some still remain on the Web Store," said Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ. "The campaign relies on malvertising strategies to trick users into clicking buttons that link to malicious browser extensions. The extensions connect the victim to the threat actor's infrastructure, allowing information to be stolen, as well as modifying network traffic to deliver ads, perform redirections, or serve as a proxy. "With some of these extensions still active on the Chrome Web Store, it is essential that individuals and organizations take appropriate precautions. Knowledge is key -- users should only trust proven, reputable publishers and familiarize themselves with lure website domains. Additionally, organizations should implement adversarial exposure validation tools to ensure their security systems are tested against malicious browser campaigns." The campaign's persistence highlights the challenges facing platform operators like Google in completely eradicating malicious content from widely used app stores. With new extensions and techniques emerging regularly, the risk to end users remains ongoing. Meanwhile, cybersecurity concerns have been exacerbated by the discovery of a database containing an estimated 184 million records of stolen log-in credentials. The database reportedly contains detailed access information for popular services, including Apple, Microsoft, Google, Facebook, Instagram, Snapchat, as well as various banking, healthcare, and government platforms across numerous countries. "What's most noteworthy is how this breach highlights the immense value of centralized identity platforms like Google, Okta, Apple and Meta to attackers. With over 184 million records exposed, threat actors can now launch widespread account takeover attempts across countless SaaS applications and cloud services that rely on these providers for authentication," sid Cory Michal, Chief Security Officer at AppOmni. "This is not surprising. Databases like this are regularly bought, sold, and repackaged on dark web forums like BreachForums. Massive credential dumps are part of an ongoing black market where breached data is commoditized and often aggregated from multiple incidents over time. What's new isn't the existence of the data, but the scale, the recency of some credentials, and the targeting of identity providers that are widely used to access SaaS and cloud services—making this breach especially potent for enabling downstream account takeovers. "This breach calls attention to a bigger issue. We increasingly run our personal and professional lives through online platforms and SaaS products, yet our digital identities are still largely protected by outdated, vulnerable methods like usernames, passwords, and easily phishable MFA methods. As long as these remain the primary means of access, attackers will continue to exploit them at scale with infostealer malware and phishing. This highlights the urgent need for adoption of stronger, phishing-resistant authentication methods, continuous identity monitoring, and a shift toward identity-centric security models. "It also reinforces the need for organizations to adopt an identity-centric security posture and monitor for malicious activity even when logins appear legitimate. In today's SaaS driven environments, users and systems authenticate from anywhere, often using federated identity providers like Apple, Google, and Meta. This makes identity a primary control point for security." Both incidents reveal the critical need for vigilance and adaptation in security practices, as threat actors continue to exploit outdated habits and overlooked vulnerabilities with increasing effectiveness and reach.
Ya Biladi
12-04-2025
- Politics
- Ya Biladi
Moroccan hackers leak 34GB of Algerian Ministry data in yet another retaliatory move
Estimated read time: 2' Cyberattacks between Algeria and Morocco have turned into a digital game of ping-pong, with each side trading blows and neither gaining ground. Just days after the Algerian hacker group JabaRoot DZ claimed responsibility for breaches targeting Morocco's national social security fund CNSS and Ministry of Employment, a new cyberattack attributed to Moroccan hackers was announced on April 12, allegedly leaking 34 GB of sensitive data from Algeria's Ministry of Pharmaceutical Industry. The Moroccan-affiliated group MORH4x claimed responsibility for the breach on the specialized forum BreachForums. According to initial reports, the leaked files span from 2019 to 2025 and include: A deliberate cyber retaliation The message accompanying the data dump made the motive clear: the attack is a direct response to the April 8 cyberattack targeting Moroccan institutions. It is part of a growing structured digital escalation between the two countries, driven by politically motivated and symbolically powerful digital offensives. MORH4x claims the aim is not only retaliation but also an attempt to shed light on the opaque workings of Algeria's medical supply chain—identifying companies that benefit from it and exposing networks distributing psychotropic drugs across the country. A cyberwarfare in three acts This latest operation marks the third major incident in a series of back-and-forth cyberattacks in recent weeks. Before the breach of Algeria's Ministry of Pharmaceutical Industry, another Moroccan group reportedly infiltrated the systems of the General Mutual of Posts and Telecommunications of Algeria (MGPTT), in response to the initial attack on CNSS. These digital tit-for-tat attacks seem to have moved beyond individual acts of hacking to become part of a broader ideological campaign, unfolding against a backdrop of longstanding geopolitical tensions between Algiers and Rabat. While the full authenticity of the leaked data is yet to be independently verified, samples released online strongly suggest a significant breach. Nonetheless, observers are raising concerns about the ethical and human toll of this cyber escalation. Behind these battles between hacker groups lies the personal data of millions of Moroccan and Algerian citizens—now potentially exposed, and in some cases, irreversibly so.
Fox News
01-03-2025
- Business
- Fox News
Investment research data breach exposes 12 million customers
If there is one sector that has outdone healthcare in data breaches and ransomware attacks, it is finance. Security incidents affecting financial institutions are becoming increasingly common, whether they involve banks, fintech companies or investment research firms. The latest case involves Zacks, an American investment research company. A cybercriminal claimed to have stolen 15 million customer and client records, but a separate investigation later confirmed the actual number to be 12 million. The Zacks Investment breach first came to light in late January 2025 when a hacker known as "Jurak" claimed on BreachForums that they had gained access to Zacks' systems as early as June 2024. According to the hacker, they obtained domain administrator privileges for Zacks' active directory, a critical network security component, allowing them to steal source code for and 16 other websites, including internal tools, along with user account data. The stolen information was then put up for sale on hacker forums, with samples offered for a small cryptocurrency payment to prove authenticity, as reported by BleepingComputer. Further investigation confirmed the breach occurred in June 2024, exposing 12 million unique email addresses and other personal data. The fact that the attacker managed to gain domain admin access suggests a highly sophisticated attack, potentially exploiting vulnerabilities in Zacks' network security. This is not the first time Zacks has suffered a breach. Previous incidents include a 2022 attack that compromised an older Zacks Elite product database from 1999 to 2005, as noted on Zacks' own breach disclosure page. The Zacks Investment data breach, confirmed by Have I Been Pwned (HIBP), exposed a range of sensitive user information, putting those affected at risk. The leaked data includes email addresses, IP addresses, names, phone numbers, physical addresses, usernames, and unsalted SHA-256 hashed passwords. This kind of information can be misused for phishing, identity theft, credential stuffing, harassment, SIM swapping and even physical threats. Alarmingly, 93% of the leaked email addresses had already been exposed in previous breaches, making reused passwords an even bigger problem. The use of unsalted SHA-256 hashes — widely considered outdated — only adds to the risk, making it easier for attackers to crack passwords and compromise accounts. Despite the severity of the breach, Zacks Investment Research has yet to release an official statement as of February 2025. The lack of transparency is troubling, especially considering the scale of the breach and Zacks' history with security incidents. 1. Beware of phishing attempts and use strong antivirus software: After a data breach, scammers often use the stolen data to craft convincing phishing messages. These can come via email, text or phone calls, pretending to be from trusted companies. Be extra cautious about unsolicited messages with links asking for personal or financial details, even if they reference recent orders or transactions. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 2. Invest in identity theft protection: Given the exposure of personal data, such as names, addresses and order details, investing in identity theft protection services can provide an extra layer of security. These services monitor your financial accounts and credit report for any signs of fraudulent activity, alerting you to potential identity theft early on. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft. 3. Enable two-factor authentication (2FA) on accounts: Enabling two-factor authentication adds an extra layer of security to your online accounts. Even if hackers get hold of your login credentials, they won't be able to access your accounts without the second verification step, such as a code sent to your phone or email. This simple step can significantly reduce the risk of unauthorized access to sensitive personal information. 4. Update your passwords: Change passwords for any accounts that may have been affected by the breach, and use unique, strong passwords for each account. Consider using a password manager. Get more details about my best expert-reviewed Password Managers of 2025 here. 5. Remove your personal data from public databases: If your personal data was exposed in this breach, it's crucial to act quickly to reduce your risk of identity theft and scams. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. The Zacks Investment breach highlights just how real the threat of cyberattacks is for financial institutions. With millions of users affected and personal data exposed, the risks of scams and identity theft are higher than ever. The fact that Zacks hasn't said much about the breach only adds to the uncertainty for those impacted. As these types of attacks become more common, it's more important than ever to stay on top of your online security — use unique passwords, keep an eye on your accounts, and stay alert for any signs of suspicious activity. Should there be stricter regulations for how companies disclose breaches and protect customer data? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
