Cybercrime/malcode – Lifeboat News: The Blog

Mar 26
2026

New Torg Grabber infostealer malware targets 728 crypto wallets

A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets.

Initial access is obtained through the ClickFix technique by hijacking the clipboard and tricking the user into executing a malicious PowerShell command.

According to researchers at cybersecurity company Gen Digital, Torg Grabber is actively developed, with 334 unique samples compiled in three months (between December 2025 and February 2026) and new command-and-control (C2) servers registered every week.

Mar 26
2026

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

Russian authorities arrested the alleged admin of LeakBase, a cybercrime forum operating since 2021 that enabled trading stolen data.

Mar 26
2026

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting developers.

Mar 26
2026

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Construction, non-profits, real estate, manufacturing, financial services, healthcare, legal, and government are some of the prominent sectors targeted as part of the campaign.

“What also makes this campaign unusual is not just the device code phishing techniques involved, but the variety of techniques observed,” the company said. “Construction bid lures, landing page code generation, DocuSign impersonation, voicemail notifications, and abuse of Microsoft Forms pages are all hitting the same victim pool through the same Railway.com IP infrastructure.”

Device code phishing refers to a technique that exploits the OAuth device authorization flow to grant the attacker persistent access tokens, which can then be used to seize control of victim accounts. What’s significant about this attack method is that the tokens remain valid even after the account’s password is reset.

Mar 25
2026

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

FAUX#ELEVATE phishing deploys stealers and miners via fake resumes, targeting enterprise systems, enabling rapid credential theft in 25 seconds.

Mar 25
2026

PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug

PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution.

The security issue, identified as CVE-2026–4681, could be leveraged through the deserialization of trusted data.

Its severity has prompted emergency action from German authorities, with the federal police (BKA) reportedly sending agents to affected companies to alert them to the cybersecurity risk.

Mar 25
2026

Blog

Category: cybercrime/malcode

New Torg Grabber infostealer malware targets 728 crypto wallets

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug

Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack

DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks