All news with #data exfiltration tag

🔎 Authorities across Europe and North America announced a coordinated operation that dismantled First VPN, a criminal virtual private network service used to obscure ransomware, data theft, scanning, and DDoS activity. Led by France and the Netherlands with support from many countries and agencies since December 2021, investigators executed concurrent actions in May 2026, seizing servers, domains, and infrastructure while interviewing the service administrator. Europol and the FBI say First VPN marketed anonymity to cybercriminals on Russian-language forums, offered multiple protocols and payment methods, and provided exit nodes across 27 countries used by at least 25 ransomware groups.

🔍 Flare researchers analyzed ~700 underground posts on the "Lucifer DaaS" between Jan 2025 and early 2026 to reveal how modern crypto drainers evolved into professionalized, service-like platforms. The study highlights affiliate-driven distribution, automation, website cloning, Permit2 abuse, and multichain support, showing how DaaS lowers technical barriers and increases resilience. It also lists practical indicators to help users avoid wallet-draining scams.

⚠️ The Shai-Hulud campaign rapidly published more than 600 malicious npm package versions across 323 unique packages, primarily targeting the @antv ecosystem but also compromising other widely used libraries. The injected, obfuscated payloads harvest developer and CI/CD secrets and exfiltrate data via the Session P2P network, with GitHub used as a fallback repository to publish stolen artifacts. Researchers from Socket and Endor Labs report the attack includes self-propagation, token reuse, and abuse of CI OIDC tokens, allowing malicious packages to appear legitimately signed. Developers should uninstall affected packages and rotate any exposed credentials immediately.

🔐 Microsoft Threat Intelligence details how Storm-2949 converted targeted identity compromise into a broad cloud breach, exfiltrating data from Microsoft 365 and production workloads in Azure. The actor abused SSPR-based social engineering to bypass MFA, performed directory discovery via Graph API, and leveraged management-plane operations to retrieve Key Vault secrets and download large volumes of data. Organizations should adopt behavior-based detections such as Microsoft Defender and tighten RBAC and administrative controls to detect and mitigate similar identity-driven cloud attacks.

🔒 Cybersecurity researchers disclosed four vulnerabilities in OpenClaw — collectively named Claw Chain — that can be chained for data theft, privilege escalation, and persistence. The flaws include two TOCTOU race conditions enabling reads and writes outside sandbox mounts, an allowlist bypass via heredoc expansion, and an access-control weakness allowing owner impersonation. Vendor patches are available in version 2026.4.22; users are urged to update immediately. Successful exploitation can expose credentials, modify configurations, and plant backdoors while mimicking normal agent behavior to evade detection.

🔒 Mistral AI says the TeamPCP group is offering nearly 450 repositories allegedly stolen from the company’s codebase, demanding a $25,000 buy‑it‑now price and threatening to leak the files within a week if unsold. The hackers claim about 5 gigabytes of internal source code used for training, fine‑tuning, benchmarking, model delivery, and inference was exfiltrated after a compromise tied to the Mini Shai-Hulud supply‑chain attack and tampered TanStack packages. Mistral confirmed some SDK packages were contaminated briefly but says forensic analysis found no compromise of core repositories, hosted services, or managed user data.

⚠️ Researchers from Socket and StepSecurity warn that recently published versions of node-ipc (9.1.6, 9.2.3 and 12.0.1) contain an obfuscated stealer/backdoor triggered at runtime. The payload is appended as an IIFE to node-ipc.cjs, causing execution on every require('node-ipc') and avoiding npm lifecycle hooks. It fingerprints hosts, harvests up to 90 credential categories, compresses data, and exfiltrates via HTTPS to sh.azurestaticprovider[.]net and via DNS TXT records after overriding the resolver. The malicious builds were published by an unrelated maintainer account, prompting removal and secret rotation recommendations.

🔒 Two former hosting-company employees allegedly deleted dozens of customer and federal databases after being fired; one brother was convicted on computer-fraud and related charges. Investigators say one used a public AI chatbot to ask how to clear SQL and Windows logs, aiding evidence destruction. Experts warn this underscores failures in off-boarding and privileged access controls and call for stronger AI guardrails and real-time revocation.

🔒 Symantec researchers attribute a February 2026 cyber-espionage campaign to MuddyWater (Seedworm), which spent a week inside a major South Korean electronics manufacturer's network. The attackers relied on DLL sideloading of legitimate binaries — Fortemedia's fmapp.exe and SentinelOne's sentinelmemoryscanner.exe — to load malicious DLLs containing ChromElevator. They used PowerShell (now invoked via Node.js loaders) for reconnaissance, credential theft, persistence and SOCKS5 tunneling, and exfiltrated data via sendit.sh.

🔒 Foxconn confirmed a cyberattack affected some of its North American factories and says impacted sites are resuming normal production. The company said its cybersecurity team activated response measures to maintain continuity of operations and deliveries. Nitrogen ransomware operators claimed 8 TB of data and over 11 million documents were stolen, allegedly including files from Apple, Nvidia, Intel and Google. Foxconn has faced prior ransomware incidents.

🔍 Security researchers have identified a campaign called GemStuffer that abuses RubyGems as a storage channel for scraped content rather than as a vehicle for mass malware distribution. More than 150 gems were observed packaging HTTP responses from U.K. local government ModernGov portals into valid .gem archives and publishing them using hardcoded API keys. Variants either build and push gems via the CLI (creating temporary credentials under /tmp and overriding HOME) or upload archives directly to the registry API, after which attackers can retrieve the content with a simple gem fetch.

⚠ TeamPCP's "Mini Shai-Hulud" campaign has trojanized npm and PyPI packages from maintainers including TanStack, Mistral AI, OpenSearch, UiPath, and Guardrails AI, deploying an obfuscated credential stealer that targets cloud services, crypto wallets, AI tools, messaging apps and CI systems. The malware exfiltrates data via a Session Protocol domain (filev2.getsession[.]org), a typosquat domain and GitHub API dead-drops, and persists through IDE hooks in Claude Code and VS Code. Attackers abused GitHub Actions OIDC permissions and produced malicious packages with valid SLSA attestations; TanStack's cluster was assigned CVE-2026-45321 (CVSS 9.6).

🔓 Have I Been Pwned says hackers exfiltrated data tied to Zara affecting 197,400 unique email addresses and associated order SKUs, order IDs, market information, and support tickets. Inditex confirmed the compromised databases were hosted by a former technology provider but said attackers did not access names, phone numbers, postal addresses, credentials, or payment card data. The extortion group ShinyHunters claimed responsibility and posted a 140GB archive allegedly taken from BigQuery using compromised Anodot tokens.

🦙 A critical vulnerability in Ollama (CVE-2026-7482) allows unauthenticated attackers to upload a crafted GGUF model file and trigger an out-of-bounds heap read in the model quantization pipeline. The flaw can leak process memory — including system prompts, conversation history, environment variables, API keys, and other secrets — to remote servers. Update to Ollama 0.17.1 and restrict network access.

🔍 This ThreatsDay bulletin highlights a week of converging risks: Canadian authorities dismantled an SMS blaster operation that spoofed cellular towers, while a malicious npm brandsquat (published as tanstack) exfiltrated local .env files during install. Researchers also flagged networks of browser extensions legally selling browsing and viewing data, the first documented abuse of the Komari admin agent in intrusions, and mass exposure of RDP/VNC servers—underscoring the importance of basic hygiene, credential rotation, and coordinated defensive response.

🔒 A supply-chain campaign dubbed "mini Shai-Hulud" infected SAP-related npm packages in late April, inserting install-time malware that harvested developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud credentials across AWS, Azure, GCP and Kubernetes. Researchers identified affected packages including mbt@1.2.48 and several @cap-js modules. The malicious releases were later replaced with safe versions.

🔒 Multiple official SAP npm packages were recently compromised in a supply-chain operation that installs a malicious preinstall script during package installation. The script downloads the Bun runtime and executes an obfuscated payload that harvests a wide range of secrets — including npm and GitHub tokens, SSH keys, cloud credentials, Kubernetes configs, and CI/CD environment variables — and exfiltrates them to public GitHub repositories. Researchers attribute the campaign with medium confidence to TeamPCP and warn it includes self-propagation logic to modify other packages using stolen credentials.

⚠️ Researchers have uncovered a supply-chain campaign dubbed the "mini Shai-Hulud" that poisoned multiple SAP-related npm packages to install credential-stealing malware during installation. The malicious releases added a preinstall hook that fetched and executed a platform-specific Bun binary, harvesting local credentials, GitHub and npm tokens, CI secrets, and cloud credentials. Analysts from Aikido Security, SafeDep, Socket, StepSecurity and Wiz advise rotating tokens, inspecting workflows, and upgrading to patched releases.

🛡️ Researchers identified an AI-assisted supply-chain campaign that injected malicious code into npm packages — notably @validate-sdk/v2 — after a dependency was introduced by Anthropic's Claude Opus LLM. ReversingLabs named the operation PromptMink and attributed it to DPRK-aligned actor Famous Chollima (aka Shifty Corsair). The tainted packages siphon crypto credentials and secrets through layered transitive dependencies and have evolved into multi-platform RATs and information stealers.

🔍 Researchers at ReversingLabs uncovered a malicious npm dependency, @validate-sdk/v2, that exfiltrated secrets and enabled attackers to access cryptocurrency wallets after being added to an autonomous trading agent in February 2026. The commit is reported to have been co-authored by Claude Opus, and attribution points to the North Korean state-sponsored group Famous Chollima. The campaign, tracked as PromptMink, used a two-layer package strategy—public-facing Web3 utilities to attract users while secondary dependencies delivered evolving malware that scanned environment files, collected system information, compressed project data, and installed SSH keys for persistence across Linux and Windows environments.