Search results for github dark web | Breaking Cybersecurity News | The Hacker News

Last week, application security company ImmuniWeb released a new free tool  to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered for sale or leaked. All you need to launch a Dark Web search is to enter your domain name. The volume of stolen credentials on the Dark Web is booming This week, over 26 million user records, including plaintext passwords, stolen from LiveJournal appeared on a Dark Web marketplace for as low as $35. The present week is likewise sadly marked with a compromise of 31 SQL databases (with 1.6 million rows of client data) from webshop owners. There were 7,098 breaches reported in 2019, exposing over 15.1 billion records, a new worst year on record according to Risk Based Security report...

Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT credentials flood dark web markets Over the past year, 100,000 stolen credentials for ChatGPT were advertised on underground sites, being sold for as little as $5 on dark web marketplaces in addition to being offered for free. Stolen ChatGPT credentials include usernames, passwords, and other personal information associated with accounts. This is problematic because ChatGPT accounts may store sensitive information from queries, including confidential data and intellectual property. Specifically, companies increasingly incorporate ChatGPT into daily workflows, which means employees may disclose ...

Skyrocketing data breaches bring incalculable losses to organizations and can cost cybersecurity executives their jobs. Here we examine the top five places in 2019 where cybercriminals are stealing corporate and government data without ever getting noticed and then learn how to avoid falling victim to unscrupulous attackers. 1. Misconfigured Cloud Storage 48% of all corporate data is stored in the cloud compared to 35% three years ago, according to a 2019 Global Cloud Security Study by cybersecurity company Thales that surveyed over 3,000 professionals across the globe. Contrastingly, only 32% of the organizations believe that protecting data in the cloud is their own responsibility, counting on cloud and IaaS providers to safeguard the data. Worse, 51% of the organizations do not use encryption or tokenization in the cloud. (ISC)² Cloud Security Report 2019 assets that 64% of cybersecurity professionals perceive data loss and leakage as the biggest risk associated with the...

Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR),  which commands the highest price on a dark web forum?   Surprisingly, it's the EHR, and the difference is stark: according to a  study , EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social security number. The reason is simple: while a credit card can be canceled, your personal data can’t. This significant value disparity underscores why the healthcare industry remains a prime target for cybercriminals. The sector's rich repository of sensitive data presents a lucrative opportunity for profit-driven attackers. For 12 years running, healthcare has faced the highest average costs per breach compared to any other sector.  Exceeding an average of $10 million per breach , it surpasses even the financial sector, which incurs an average cost of around $6 million. The severity of t...

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware strain is highly prevalent across North America, South America, Europe, Asia, and even Australia." Details about the campaign were first documented by OALabs in March 2024, in which users were lured into downloading a malware loader written in Lua by exploiting a quirk in GitHub to stage malicious payloads. McAfee Labs, in a subsequent analysis , detailed threat actors' use of the same technique to deliver a variant of the RedLine information stealer by hosting the malware-bearing ZIP archives within legitimate Microsoft repositories. "We disabled user accounts an...

What's the price of unprotected IT infrastructure? Cybercrime Magazine says that global damages will surpass $6 billion as soon as 2021 . Here we'll go through some of the most frequent and emerging causes of data breaches in 2019 and see how to address them in a timely manner. Misconfigured Cloud Storage It's hard to find a day without a security incident involving unprotected AWS S3 storage, Elasticsearch, or MongoDB. A global study from Thales and the Ponemon Institute states that only 32% of organizations believe protecting their data in a cloud is their own responsibility. Worse, according to the same report, 51% of the organizations still do not use encryption or tokenization to protect sensitive data in the cloud. McAfee confirms, claiming that 99% of cloud and IaaS misconfigurations fall into the realm of end users' control and remain unnoticed. Marco Rottigni, Chief Technical Security Officer EMEA at Qualys , explains the problem: "Some of th...

When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password. According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches in 2024, outpacing phishing and even software exploitation. That’s nearly a quarter of all incidents, initiated not through zero-days or advanced persistent threats, but by logging in through the front door. This quiet and persistent threat has been growing. New data compiled by Cyberint—an external risk management and threat intelligence company recently acquired by Check Point—shows a 160% increase in leaked credentials in 2025 compared to the previous year. The report, titled The Rise of Leaked Credentials , provides a look into not just the volume of these leaks, but how they are exploi...

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. "Previously, users received 'pure' Trojan APKs that acted as malware immediately upon installation," Group-IB said in an analysis published last week. "Now, adversaries increasingly deploy droppers disguised as legitimate applications. The dropper looks harmless on the surface but contains a built-in malicious payload, which is deployed locally after installation – even without an active internet connection." Wonderland (formerly WretchedCat), according to the Singapore-headquartered cybersecurity company, facilitates bidirectional command-and-control (C2) communication to execute commands in real-time, allowing for arbitrary USSD requests and SMS theft. It masquerades as Google Play, or files of other formats, such as videos, photos, and wedding in...

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows, Linux, and macOS, particularly those involved in cryptocurrency and Web3 projects. It's also referred to as DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi. "DeceptiveDevelopment's toolset is mostly multi-platform and consists of initial obfuscated malicious scripts in Python and JavaScript, basic backdoors in Python and Go, and a dark web project in .NET," ESET researchers Peter Kálnai and Matěj Havránek said in a report shared with The Hacker News. The campaign essentially involves the impersonated recruiters offering what appear to...

After releasing 10 back-to-back episodes of the Season 5 premiere of Netflix's " Orange Is the New Black ," a hacking group calling itself The Dark Overlord is threatening to leak a trove of other unreleased TV shows and movies. The Dark Overlord (TDO) posted links to the first 10 episodes of the upcoming season of "Orange Is the New Black" show to a piracy website after Larson Studios and Netflix failed to fulfill the group's ransom demand. According to Netflix's website, the season 5 of "Orange Is the New Black" show is scheduled to debut June 9 and supposed to run 13 episodes. But TDO claimed that only the first 10 episodes were available at the time the group gained access to the show. On Saturday, the group headed on to Twitter and posted links to a Pastebin page, GitHub profile, and the Pirate Bay torrent site sharing Episode 1 of "Orange Is The New Black" season 5 show. At the time of writing, the Pastebin ( web arc...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. "CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack," the agencies  said . "Adversaries may also sell access to compromised networks on the dark web." The attacks have primarily targeted local governments, academic institutions, non-governmental organizations, and business entities in various industry sectors, including agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceutical, which the agencies say are in line with previous activity conducted by Chinese cyber actors. Tens of thousands of entities, including the  Eur...

Government and military organizations in the Asia-Pacific region are being targeted by a previously unknown advanced persistent threat (APT) actor, per latest research conducted by Albert Priego of Group-IB The Singapore-headquartered company, in a  report  shared with The Hacker News, said it's tracking the ongoing campaign under the name  Dark Pink  and attributed seven successful attacks to the adversarial collective between June and December 2022. The bulk of the attacks have singled out military bodies, government ministries and agencies, and religious and non-profit organizations in Cambodia, Indonesia, Malaysia, Philippines, Vietnam, and Bosnia and Herzegovina, with one unsuccessful intrusion reported against an unnamed European state development body based in Vietnam. The threat actor is estimated to have commenced its operations way back in mid-2021, although the attacks ramped up only a year later using a never-before-seen custom toolkit designed to pl...

Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called  JSOutProx . "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity  said  in a technical report published this week. "It employs the .NET (de)serialization feature to interact with a core JavaScript module running on the victim's machine. Once executed, the malware enables the framework to load various plugins, which conduct additional malicious activities on the target." First  identified  in December 2019 by Yoroi, early attacks distributing JSOutProx have been attributed to a threat actor tracked as  Solar Spider . The cyber crime actors behind the malware have a track record of striking banks and other big companies in Asia and Europe. In late 2021, Quick Heal Security Labs  detailed  attacks leveraging the remote access trojan (RAT) to single...