In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Chrome flaw let extensions hijack Gemini’s camera, mic, and file access
March 3, 2026
Chrome’s Gemini “Live in Chrome” panel (Gemini’s embedded, agent-style assistant mode within Chrome) had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file access, screenshots, and camera/microphone control. The vulnerability was patched in a January update. But the ...
- Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild
March 3, 2026
Large language models (LLMs) and AI agents are becoming deeply integrated into web browsers, search engines and automated content-processing pipelines. While these integrations can expand functionality, they also introduce a new and largely underexplored attack surface. One particularly concerning class of threats is indirect prompt injection (IDPI), in which adversaries embed hidden or manipulated instructions within ...
- LexisNexis hacked, 2 GB of structured data allegedly exposed
March 3, 2026
The hacker group FulcrumSec is taking responsibility for a data breach of information from LexisNexis. The group claims to have hacked into the LexisNexis servers on Feb. 24. It posted about the hack and alleged it got access to over 2 gigabytes of structured data. “We exfiltrated 2.04 GB of structured data from LexisNexis AWS infrastructure ...
- Scammers try to SIM-swap Dubai citizens hours after Iranian missile strikes
March 2, 2026
Scammers targeted Dubai citizens mere hours after missiles struck the city, attempting to gain access to their bank accounts, police have warned. Financially motivated cybercriminals are contacting citizens under the guise of Dubai Crisis Management, a fictitious department ostensibly tied to Dubai Police, in attempts to gather information that could be used in SIM-swap attacks. The ...
- New Android malware can hack every top phone maker’s security, and costs less than a second-hand iPhone
February 28, 2026
Oblivion is a newly observed Android Remote Access Trojan which reportedly targets a range of popular devices running Android 8 through 16. Security researchers at Certo have examined the tool, which is sold on a subscription basis starting at $300, and claims to be capable of working on heavily customized systems from Samsung, Xiaomi, and ...
- 15 million French citizens affected by massive data breach following cyberattack on medical software
February 27, 2026
A massive data breach concerning the data of 15 million people in France has been revealed after a cyberattack targeted 1,500 doctors using medical software. The administrative data of around 15 million French citizens, along with notes written by their doctors, were leaked in a large-scale breach targeting 1,500 doctors using a medical software from Cegedim ...