Cybercriminals Create New Forums and Interrupt School Finals
Read on for the latest from the criminal underground, including threat actor & forum activity, the Canvas breach, device code phishing trends, and what to know about Google Chrome DBSC.
Read on for the latest from the criminal underground, including threat actor & forum activity, the Canvas breach, device code phishing trends, and what to know about Google Chrome DBSC.
Device code phishing is a fast-growing adversary-in-the-middle (AiTM) attack that exploits OAuth 2.0 device flow to harvest access and refresh tokens — bypassing MFA. SpyCloud Labs researchers break down how it works, what attackers do with stolen tokens, and how to detect and shut down compromised sessions.
Read on for the latest in supply chain compromises, cloud account takeovers, and breach forum shake-ups as we break down the biggest cybercrime trends of the month, including attacks by TeamPCP and ShinyHunters.
This month’s cybercrime update covers a forum takedown, ransomware-style extortion from unexpected threat actors, and a state-sponsored campaign hitting close to home.
Security researchers discovered an Elasticsearch cluster containing the biggest dataset of Chinese PII ever sitting exposed on a bulletproof hosting server. Here’s what was inside.
It was a short but spicy month in the cybercrime world. Here’s what to know, including hacktivism updates from the Middle East, disruption activity, & sensitive new data leaks.
Get the inside scoop on the global Tycoon 2FA phishing infrastructure takedown, including threat actor techniques and enterprise victim impact.
New Year, new threats. See what’s stirring in the criminal underground this month, and read up on concerning malware attack chains that could be putting your org at risk.
Chinese-speaking cybercriminals have developed scams, fraud, malware, and money laundering schemes tied to the Lunar New Year red envelope tradition.
Cybercriminals are posting stolen credit card info & sensitive personal data on the Threads platform. Read the SpyCloud Labs analysis & get recommendations to prevent financial fraud.
We dug into the ripple effects of Operation Endgame’s takedown of the Rhadamanthys stealer, including rumors of its revival & the stealer that’s seemingly taken its place.
From big data leaks to cyber underground insights, SpyCloud tracked some of the top threats in 2024. Read our recap & 2025 predictions.
Scattered LAPSUS$ Hunters weaponizes stolen credentials and session tokens from Salesforce breaches to fuel downstream account takeover attacks – here’s how this federated cybercrime group operates and what security teams must do to stop them.
The YYlaiyu phishing-as-a-service (PhaaS) panel is just one example of how the Chinese phishing ecosystem is fueling Western financial fraud. Read our analysis.
As Cybersecurity Awareness Month kicks off and everything starts to get pumpkin spice flavored, the cybercrime continues. See what the big news is in cyber this month, as well as new research from our team.
Crypters hide malicious payloads. See what we found when we analyzed Asgard Protector, a malware crypter recommended by the sellers of LummaC2.
From the BreachForums takedown to Warlock ransomware, ShinyHunters chaos & GenAI malware, our August update covers the month’s top cybercrime news.
SpyCloud’s continuous delivery model processes breach data in 2 hours, malware in 1 hour – giving cybersecurity teams the speed to detect and remediate threats before attackers weaponize stolen data.
From the XSS forum takedown to the Tea app data leak & Tycoon 2FA attacks, our July cybercrime update breaks down the biggest threats and news.
SpyCloud analyzed 150K stolen credentials from Tycoon 2FA phishing attacks. See what the data reveals about targeted victims.
We analyzed 1 billion leaked Chinese national ID numbers from the 2022 Shanghai National Police database breach – this is what we found.
From the “16 billion passwords” leak to trends in the Chinese criminal underground, our June cybercrime update breaks down the biggest cyber threats and news.
SpyCloud Labs analyzes sample data from the VenusTech and Salt Typhoon data leaks as well as overall trends in the Chinese cybercriminal underground.
With over 4 billion records, it’s being dubbed the biggest leak of Chinese personal data ever. Here’s what to know.
From the LummaC2 takedown to the BreachForums void, our May cybercrime update breaks down the biggest cyber threats & news.
ULP combolists often contain fresh infostealer data. Here’s what to know about ULP combolists, including how to defend your organization from credential theft & attacks.
From the Twitter/X breach to Atomic macOS Stealer infection trends, our April cybercrime update breaks down the biggest cyber threats and news.
We analyzed the nearly 200K leaked Black Basta chats and this is what we learned about their use of exposed credentials for ransomware operations.
A deep dive into March’s cybercrime trends, including GhostSocks, North Korean IT workers, and pesky smishing campaigns.
LummaC2’s link to GhostSocks reveals stealthy proxy access, long-term persistence, and advanced evasion—posing a serious threat to enterprise defenses.
Discover the biggest wins from 2024 against cybercrime—from major infostealer takedowns to global ransomware crackdowns—and what they mean for the future of cybersecurity.
Headline-making breaches in 2024 exposed millions of records, compromising sensitive data. This blog explores what was stolen and the impact that has on security strategies to stay ahead.
A deep dive into February’s cybercrime trends, including Black Basta ransomware insights, stolen credit card databases, and the latest threat actor activities.
Bad actors use phishing gateway pages to screen and validate stolen data. Learn how they work and how to protect yourself from these attacks.
The end of 2024 and start to 2025 had no shortage of cyber security hot topics to cover. Dig into our latest findings and insights in this blog.
The cybercrime industry today features specialists who offer cybercrime enablement services for anything a criminal doesn’t want to do – or can’t do – themselves. Learn more.
See how cybercriminals are bypassing Google Chrome’s App-Bound Encryption feature with infostealer malware to steal session cookies that can be used in session hijacking attacks.
Discover how LummaC2 has evolved with new stealth tactics, enhanced theft capabilities & novel evasion techniques in our latest SpyCloud Labs analysis.
This month, we’re breaking down the latest in cyber – from hot topics like Telegram, Operation Magnus, LockBit, and the arrest of USDoD to new research from SpyCloud Labs.
Legacy infostealer malware like Redline Stealer & Raccoon Stealer are still fueling cybercrime and threatening organizations. Here’s how to stay protected.
Learn about the TTPs China-based threat actors refer to as SDK & DPI, as well as SGKs, which house exfiltrated data about Chinese residents.
The MC2 data breach contains extensive PII on customers and individuals who had their backgrounds screened with the service. Here’s what to know about the leak.
SpyCloud Labs dissects the capabilities of the open source Phemedrone Stealer, including log encryption, configuration & victim targeting.
The National Public Data (NPD) breach includes nearly 2.7 billion leaked records – and hundreds of millions of Americans’ social security numbers. Here’s what to know.
SpyCloud Labs digs into new infostealer malware variants like Kemicat and Mephedrone, as well as the resurgence of keyloggers like Snake.
Learn how SpyCloud responsibly discloses breached, leaked & stolen data to victim organizations as part of our mission to make the internet safer.
SpyCloud Labs reverse-engineered Atomic macOS Stealer to get a better understanding of its current capabilities and the threat it poses to the security community. Here’s our analysis.
Here’s what we found when we analyzed The Post Millennial data breach, including the types of exposed data assets contained in the 87 million leaked records.
We’ve added three new Windows infostealer malware families to our recaptured data repository. Learn about Xehook, Meduza, and Elusive.
Threat actors are using PPI networks to distribute malware families like LummaC2 and Atomic Stealer. Our researchers analyzed one of them – SpaxMedia – and here’s what we found.
SpyCloud Labs research uncovered unique Chinese threat actor TTPs for persistent data access, data acquisition, and data exfiltration.
Learn about the MOAB data leak and find out how much of the exposed data is already known, public, or outdated per SpyCloud Labs research.
SpyCloud Labs researchers uncovered details about a cybercrime traffer team that is responsible for distributing malware families to victims around the globe.
SpyCloud Labs analysts reverse-engineered LummaC2 Stealer and observed notable upgrades and capabilities to its code.
SpyCloud research shows a recent surge in the prevalence of the LummaC2 infostealer, rising 2000% in 6 short months.
The SpyCloud Research team takes an in-depth look at anti-detect browsers and how they are being leveraged alongside stolen credentials and cookies to bypass MFA and easily log into targeted accounts.