Cybercriminals continue to exploit weak points such as misconfigurations, stale components, and trusted systems like OAuth to gain unauthorized access. Recent threats include sophisticated malware like Lumma Stealer and Vidar Stealer 2.0, as well as large-scale scams leveraging fake ads and open-source supply chain attacks. #LummaStealer #VidarStealer #OAuth #SupplyChainRisks
Keypoints
- Cybercriminals exploit easy targets by tricking users or abusing trusted systems like OAuth and package registries.
- The Lumma Stealer malware has declined after a doxxing campaign exposed core members, leading to customer shifts to competitors.
- Large-scale scam campaigns in Singapore and Southeast Asia mislead victims through fake ads and impersonated authorities.
- A malicious npm package named βhttps-proxy-utilsβ was used to deliver a remote payload, highlighting supply chain risks in open-source dependencies.
- Vulnerabilities in AI systems, cloud configurations, and email protocols reveal new attack vectors such as session hijacking, prompt injection, and hidden prompts in emails.
Read More: https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html