The post New Quasar Linux (QLNX) RAT Hijacks Cloud Keys and NPM Tokens appeared first on Daily CyberSecurity.

The post Decrypted and Vulnerable: Why Microsoft Edge Keeps All Your Passwords in Plaintext Memory appeared first on Daily CyberSecurity.

Phishing still hooks users around the world and coaxes them to hand over credentials. But on occasion the good guys take them down, like the FBI in collaboration with Indonesian law enforcement did with W3LLStore marketplace. 

The post FBI, Indonesian Authorities Team to Take Down Site Ripping Off Users for Millions  appeared first on Security Boulevard.

Washington’s push to ban foreign-made Wi-Fi routers may sound tough on cybersecurity, but like earlier bans on foreign drones and telecom gear it risks becoming security theater that ignores the real problem: Millions of unpatched devices already sitting on American networks.

The post Banning Routers Won’t Secure the Internet appeared first on Security Boulevard.

While companies use "perp walks" for terminated employees, 48% of manufacturers fail to revoke digital access within 24 hours. Explore the growing risk of dormant accounts, the 74% automation gap in provisioning, and why experts like Darren Guccione and James Maude call overprivileged identities a "frictionless path" for modern cyberattacks.

The post Dormant Accounts Leave Manufacturing Orgs Open to Attack  appeared first on Security Boulevard.

An international law enforcement operation has dismantled LeakBase, a major online marketplace for stolen data that had become a central hub for cybercriminal activity. The cybercrime forum dismantled during the coordinated crackdown had amassed more than 142,000 registered users and hosted thousands of posts offering leaked databases and stolen credentials. The operation, coordinated by Europol, targeted the infrastructure of the platform as well as several of its most active users. Investigators carried out coordinated enforcement actions between 3 and 4 March, marking one of the latest global efforts to disrupt the underground economy that thrives on stolen personal and corporate data. Authorities say the cybercrime forum dismantled operation significantly disrupted a platform that had been widely used by criminals to trade compromised information and facilitate further cyberattacks.

LeakBase: A Growing Marketplace for Stolen Credentials

Active since 2021, LeakBase operated openly on the web and primarily used English, allowing it to attract a global community of cybercriminals. The forum specialised in trading leaked databases and so-called “stealer logs,” which are collections of credentials captured by infostealer malware. These logs typically contain email addresses, passwords and other authentication data that criminals use to access online accounts. Once obtained, the information can be used for account takeovers, fraud schemes and further cyber intrusions. [caption id="attachment_109931" align="aligncenter" width="1024"] Image Source: Europol[/caption] Over time, LeakBase developed a structured system that helped it grow rapidly. The forum used a credit-based economy and reputation system, allowing users to build credibility within the community and gain access to more valuable data. This system helped maintain trust among offenders and kept the marketplace active. Despite being an international platform, LeakBase reportedly had an internal rule that prohibited the sale or publication of data related to Russia, highlighting the unusual dynamics that sometimes exist within cybercrime networks. By December 2025, the forum had accumulated more than 142,000 registered users, around 32,000 posts, and over 215,000 private messages, underscoring its role as a major player in the underground data-trading ecosystem.

Coordinated Global Action Against the Cybercrime Forum

The cybercrime forum dismantled operation involved law enforcement authorities from several countries, including Australia, Belgium, Canada, Germany, Greece, Malaysia, the Netherlands, Poland, Portugal, Romania, Spain, the United Kingdom and the United States. On 3 March, authorities launched coordinated enforcement actions that included arrests, house searches and “knock-and-talk” visits targeting individuals suspected of being heavily involved in the forum’s activity. Around 100 enforcement actions were conducted globally, with investigators focusing on 37 of the most active users of the platform. The following day, authorities moved to the technical disruption phase of the operation. Investigators seized the forum’s domain and replaced the website with a law enforcement notice, effectively shutting down the platform and preventing further activity. Officials say the investigation is now entering a prevention phase that aims to deter others from engaging in similar cybercrime operations.

Europol’s Role in Tracking the Forum

Europol analysts played a key role in the investigation by mapping the infrastructure of the LeakBase forum and analyzing user activity across the platform. Investigators cross-matched the forum’s data with ongoing cases across Europe and other regions, helping identify suspects and connect digital evidence across multiple jurisdictions. At Europol’s headquarters in The Hague, a dedicated operational data sprint brought together specialists to process the seized information quickly. A data scientist also supported the investigation by structuring millions of data points to generate actionable leads for law enforcement teams. The operation was carried out within the framework of the Joint Cybercrime Action Taskforce (J-CAT), which supports international cybercrime investigations.

Anonymity in Cybercrime Is Often an Illusion

Authorities say the investigation also exposed how fragile anonymity can be within the cybercrime world. By seizing the forum’s database, investigators were able to identify and deanonymise several users who believed they were operating under complete anonymity. In some cases, investigators contacted suspects directly through the same online channels that had been used to facilitate criminal activity. Edvardas Šileris, Head of Europol’s European Cybercrime Centre, said the operation sends a clear signal to cybercriminals operating online. “This operation shows that no corner of the internet is beyond the reach of international law enforcement. What began as a shadowy forum for stolen data has now been dismantled, and those who believed they could hide behind anonymity are being identified and held accountable. This is a clear message to cybercriminals everywhere: if you traffic in other people’s stolen information, law enforcement will find you and bring you to justice.”

Stolen Data Rarely Disappears

Investigators also warn that the shutdown of LeakBase highlights a broader reality about cybercrime. When organizations or individuals suffer a data breach, the stolen information often resurfaces on underground platforms where it can be reused for scams, phishing campaigns or identity theft. While the cybercrime forum dismantled operation is a significant step, experts caution that similar marketplaces can quickly emerge to replace them. For individuals, authorities emphasize the importance of basic cybersecurity hygiene, including using strong and unique passwords and enabling multi-factor authentication to reduce the risk of compromised accounts.

Before you can securely sign software or automate code signing in your Windows environment, you will need to configure your credentials for DigiCert® KeyLocker and the Signing Manager Command-Line Tool (SMCTL). Your credentials create a trusted connection between your local signing tools and DigiCert ONE to ensure that only authorized users are able to access… Read More How to Setup Credentials for Windows to Use DigiCert KeyLocker & SMCTL?

The post How to Setup Credentials for Windows to Use DigiCert KeyLocker & SMCTL? appeared first on SignMyCode - Resources.

The post How to Setup Credentials for Windows to Use DigiCert KeyLocker & SMCTL? appeared first on Security Boulevard.

A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft.

The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic.

Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome’s Digital Credentials feature–a tool that lets you share verified information from your digital wallet with websites so you can prove who you are across devices.

Chrome is by far the world’s most popular browser, with an estimated 3.4 billion users. That scale means when Chrome has a security flaw, billions of users are potentially exposed until they update.

That’s why it’s important to install these patches promptly. Staying unpatched means you could be at risk just by browsing the web, and attackers often exploit these kinds of flaws before most users have a chance to update. Always let your browser update itself, and don’t delay restarting the browser as updates usually fix exactly this kind of risk.

How to update Chrome

The latest version number is 143.0.7499.40/.41 for Windows and macOS, and 143.0.7499.40 for Linux. So, if your Chrome is on version 143.0.7499.40 or later, it’s protected from these vulnerabilities.

The easiest way to update is to allow Chrome to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To update manually, click the More menu (three dots), then go to Settings > About Chrome. If an update is available, Chrome will start downloading it. Restart Chrome to complete the update, and you’ll be protected against these vulnerabilities.

You can also find step-by-step instructions in our guide to how to update Chrome on every operating system.

Technical details

One of the vulnerabilities was found in the Digital Credentials feature and is tracked as CVE-2025-13633. As usual Google is keeping the details sparse until most users have updated. The description says:

Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

That sounds complicated so let’s break it down.

Use after free (UAF) is a specific type of software vulnerability where a program attempts to access a memory location after it has been freed. That can lead to crashes or, in some cases, let an attackers run their own code.

The renderer process is the part of modern browsers like Chrome that turns HTML, CSS, and JavaScript into the visible webpage you see in a tab. It’s sandboxed for safety, separate from the browser’s main “browser process” that manages tabs, URLs, and network requests. So, for HTML pages, this is essentially the browser’s webpage display engine.

The heap is an area of memory made available for use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.

A “remote attacker who had compromised the renderer” means the attacker would already need a foothold (for example, via a malicious browser extension) and then lure you to a site containing specially crafted HTML code.

So, my guess is that this vulnerability could be abused by a malicious extension to steal the information handled through Digital Credentials. The attacker could access information normally requiring a passkey, making it a tempting target for anyone trying to steal sensitive information.

Some of the fixes also apply to other Chromium browsers, so if you use Brave, Edge, or Opera, for example, you should keep an eye out for updates there too.

---

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.