Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentially, a higher success rate than ever.

Police &amp; Government Email Access for Sale on Dark Web

Beware of fake Netflix job offers! A new phishing campaign is targeting job seekers, using fraudulent interviews to…

Beware of fake Netflix job offers! A new phishing campaign is targeting job seekers, using fraudulent interviews to trick them into handing over Facebook logins. Find out what to look for to protect your accounts.

Job seekers are being targeted by a new phishing scam that uses fake Netflix job offers to steal Facebook login details. The campaign, which focuses on marketing and social media professionals, was reported by security researchers at Malwarebytes.

Malwarebytes shared details of the campaign with Hackread.com, noting its advanced techniques and focus on corporate social media accounts. The scam begins with a highly convincing, AI-generated email that looks like an official interview invitation from Netflix’s HR team. The email is personalised as per the recipient’s professional background.

****How the Scam Works****

According to Malwarebytes’ report, when a job seeker clicks the “Schedule Interview” link in the email, they are directed to a fake career site that looks like a real Netflix page. However, a quick check of the web address reveals it’s a fraudulent site.

The site then prompts users to create a “Career Profile,” offering a choice to either log in with Facebook or use an email address. But no matter which option is chosen, the next screen asks the user to sign in using their Facebook account. This is the crucial step of the scam. As the provided image of the sign-in page shows, the scammers are specifically after Facebook credentials.

This part of the attack is especially clever. The hackers use a special websocket method to instantly capture the login details as they are entered. As soon as the victim clicks “Log In,” the scammers can try to access the victim’s real Facebook account.

Even if the password is wrong, the attacker’s quick response time means they could have already compromised the account. The schedule page itself also shows the deceptive nature of the site.

The phishing email, what happens upon clicking the link and how a fake Facebook login page opens (Source: Malwarebytes)

> _“This login page is also the part that makes this attack a very sophisticated one. The phishers use a websocket method that allows them to intercept submissions live as they are entered. This allows them to try the credentials and if your password works, they can log into your real Facebook account within seconds. They could potentially ask for multi-factor authentication (MFA) confirmation if that’s necessary, too.”_
> 
> Pieter Arntz – Malware Intelligence Researcher, Malwarebytes

****The Real Danger****

The ultimate goal of this scam is not just to steal personal Facebook accounts. Hackers are targeting professionals who have access to corporate Facebook business accounts. By gaining control of these accounts, they can launch malicious ad campaigns, demand a ransom for access, or use the company’s reputation to trick more people.

Therefore, to stay safe, unsuspecting users, especially job seekers, must be cautious of job offers they didn’t apply for, check website addresses carefully, and use a reliable security solution on all devices.

Netflix Job Phishing Scam Steals Facebook Login Data

Norway says pro-Russian hackers breached a dam in Bremanger in April, opening a water valve for 4 hours…

Norway says pro-Russian hackers breached a dam in Bremanger in April, opening a water valve for 4 hours after exploiting a weak password. Officials call it part of a wider hybrid warfare campaign targeting Europe.

Norwegian authorities have officially blamed pro-Russian hackers for a cyberattack on a dam in western Norway this past April. According to Beate Gangås, the head of the Norwegian Police Security Service (PST), the breach at the dam in the Bremanger municipality was part of a broader strategy by Russia, described as “hybrid warfare.”

The attack, while not causing major damage, was intended to “cause fear and chaos” among the public and “demonstrate what they are capable of,” Gangås said at a recent public event.

“The aim of this type of operation is to influence and to cause fear and chaos among the general population. Our Russian neighbour has become more dangerous,” Beate Gangås

****What Happened?****

The cyberattack occurred at the Lake Risevatnet dam in the municipality of Bremanger, which is not used for electricity production. As per Hackread.com’s coverage of this incident in June 2025, unidentified hackers managed to break into the dam’s remote-control system. They then opened a water valve, releasing 500 litres (about 132 gallons) of water per second for a full four hours before the problem was discovered and the valve was shut.

While the attack didn’t cause any injuries or significant damage, it did highlight a major security flaw. The initial breach was suspected to be a result of the dam’s web-accessible control panel being protected by a weak password. This vulnerability allowed the attackers to gain direct access to the dam’s operational systems, demonstrating how simple vulnerabilities can risk critical infrastructure.

The Dam in Risevatnet in Bremanger (Source: vg.no)

Interestingly, a pro-Russian cyber group reportedly posted a three-minute video on Telegram showing the dam’s control panel, seemingly taking credit for the attack, revealed police attorney Terje Nedrebø Michelsen. This action, officials claim, is a typical tactic used by state-backed groups to brag about their capabilities without officially being tied to the incident.

****A Wider Threat****

This comes after officials had previously warned of the potential for such attacks. The head of the Norwegian Intelligence Service, Nils Andreas Stensønes, echoed this concern, calling Russia the biggest threat to Norway’s security.

The Associated Press has been tracking this campaign, charting more than 70 incidents across Europe that have been blamed on Russia. These include vandalism and arson to attempted assassinations, which Western officials have described as “reckless” and violent.

In a separate, but related event, a hacking group with suspected links to Russia breached a Texas water facility’s system in January 2024, causing it to overflow. The Russian embassy in Oslo has denied the accusations, calling them “unfounded and politically motivated.”

Neither incident should come as a surprise, as in November 2024, 73% of industrial control systems (ICS) in Europe and the United States were found vulnerable to remote attacks.

Norway Blames Pro-Russian Hackers for Dam Cyberattack

Scammers are sending out fake Netflix job offers to get control of Facebook accounts.

In what seems a phishing attack targeted at a certain audience, scammers are impersonating Netflix and reaching out to marketing staff.

The initial mail looks like what you might expect from a headhunter or a human resources (HR) recruitment specialist.

“I hope this note finds you well,” the email begins. “Your reputation as a visionary marketing leader has caught out attention, and I’d like to share an extraordinary opportunity with you at Netflix.”

Undoubtedly this email is crafted by AI and based on real-life examples. The role offered in the email as VP of Marketing would be a fitting role for the person that received this email, so it looks as if the scammers have done their research before reaching out.

Replying to the initial mail—which is not recommended, unless you like letting scammers know you exist and encouraging them to send you more phishes—got us one step closer to landing the exciting new job at Netflix.

We received an invitation to set up an interview with the ‘Netflix HR team’.  

Following the link under “Schedule Interview” gets us a block by Malwarebytes web protection.

Again, not something we would want our readers to do but in the interest of learning more about the scam, we bypass that block and proceed to the website.

We find that there are 20 openings, all more or less in the same fields of social media and marketing.

The website itself is a mix of content copied from the actual Netflix site and of the phishing campaign.

Back to scheduling our interview. We’re given an option to choose our interview slot:

Regardless of which of the two buttons you use on the screen, you’ll be asked to sign in to your existing “Career Profile” or create a new one.

At this stage, all red flags should go up. It doesn’t matter if you choose “Continue with Facebook” or whether you enter your email and click “Continue with Email” the next screen will ask you to sign in to your Facebook account.

The only difference is that the second option fills out your email in the login screen.

That doesn’t make a lot of sense—Facebook is not known to keep track of your calendar. It does keep track of a lot of things, but your meeting schedule isn’t one of them. Besides, if you look at the address bar, you’ll see I’m still at the fake Netflix site.

However, it’s very normal practice to offer the option of logging in with Facebook on third party sites, so it would be understandable for the jobseeker to click that link.

When you enter the credentials and click on “Log In”, it will take a while and then you’ll be notified that “The password you’ve entered is incorrect. Please try again!”

This login page is also the part that makes this attack a very sophisticated one. The phishers use a websocket method that allows them to intercept submissions live as they are entered. This allows them to try the credentials and if your password works, they can log into your real Facebook account within seconds. They could potentially ask for multi-factor authentication (MFA) confirmation if that’s necessary, too.

Imagine that the phisher can instantly see the credentials you submitted, tests them at the real Facebook login page, and subsequently sends you the appropriate response. (In my case “wrong password” since I had no intention of feeding them valid credentials.)

You’d have no idea that they were accessing your Facebook account and they’d have bought some time to log you out, spam your friends, or whatever else they wanted to do with your account.

We often see phishing campaigns like these that are explicitly designed to steal the credentials of marketing managers, social media staff, and especially those who have access to company Facebook Pages or business accounts.

Compromising a business account can allow attackers to run malicious ads using the company’s payment methods, demand a ransom for return of control over the account, or use the company’s reputation to spread more scams.

**What to do**

If you suspect your credentials may have been compromised, immediately change your passwords, enable multi-factor authentication, and notify your IT/security team if you have one.

You can stay safe from these attacks by:

*   Be super cautious at engaging in job offers that you have not applied for.
*   Carefully check the URLs, both in the email and on the website, before you click them (did you notice the missing “i” in the domain name?)
*   Check if the address in the browser bar matches what you expect to see, along with the content of the website.
*   Learn how to spot and recognize phishing attempts. Phishing mails are getting harder to identify now that cybercriminals are using Artificial Intelligence (AI).
*   Keep your browser, your Operating System, and other software up to date.
*   Use an up-to-date real-time anti-malware solution with web protection.

Since the phishing campaign was hosted behind Cloudflare’s services, we have notified Netflix and Cloudflare about this campaign.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Netflix scammers target jobseekers to trick them into handing over their Facebook logins 

Siemens Third-Party Components in SINEC OS

The breach of the US Courts records system came to light more than a month after the attack was discovered. Details about what was exposed—and who’s responsible—remain unclear.

The second Trump administration has its first federal cybersecurity debacle to deal with.

A breach of the United States federal judiciary’s electronic case filing system, discovered around July 4, has pushed some courts onto backup paper-filing plans after the hack compromised sealed court records and possibly exposed the identities of confidential informants and cooperating witnesses across multiple US states.

More than a month after the discovery of the breach—and in spite of recent reports from The New York Times and Politico that Russia was involved in perpetrating the hack—it is still unclear exactly what happened and which data and systems were affected.

Politico first reported the breach of the “case management/electronic case files,” or CM/ECF, system, which may have impacted criminal dockets, arrest warrants, and sealed indictments. The CM/ECF system also suffered a breach in 2020 during the first Trump administration, and Politico reported on Tuesday that, in the recent attack, hackers exploited software vulnerabilities that remained unaddressed after being discovered five years ago in response to that first incident. Security researchers say that gaps in public information about the situation are concerning, particularly when it comes to lack of clarity on what data was affected.

“We're more than a month into detecting this intrusion and still don't have a full accounting of what's impacted,” says Jake Williams, a former NSA hacker and current vice president of research and development at Hunter Strategy. “If we don't have sufficient logging to reconstruct attack activity, that would be extremely disappointing, because this system has been repeatedly targeted over the years.”

In response to a request for comment, the United States Courts referred WIRED to its August 7 statement, which says the federal judiciary “is taking additional steps to strengthen protections for sensitive case documents” and “further enhancing security of the system.” The courts also mention that the “vast majority of documents filed with the Judiciary’s electronic case management system are not confidential and indeed are readily available to the public,” while conceding that “some filings contain confidential or proprietary information that are sealed from public view.”

The Department of Justice did not immediately respond to requests for comment about the scope of the breach or who perpetrated it.

Reports this week that Russia was involved in the attack or may be the sole perpetrator have been difficult to interpret, given other indications that espionage actors backed by multiple countries—and possibly organized crime syndicates—may have been involved in or piggybacking on the breach for their own exfiltration.

John Hultquist, chief analyst in Google's Threat Intelligence Group, says it is not uncommon to see multiple actors poking at a sensitive, and potentially vulnerable, system. “Investigations are regularly targeted by cyberespionage actors from several countries,” he says.

News of the breach comes as the Trump administration has continued to slash the federal workforce, including combing intelligence and cybersecurity agencies to remove officials or pressure them to resign.

“I think federal investigators probably know who was behind the attack, but given the climate, I would suspect that no one wants to say with certainty,” Hunter Strategy's Williams says.

Multiple administrations have struggled to get a handle on insidious espionage operations, particularly campaigns perpetrated by Chinese and Russian actors. But researchers emphasize that vulnerabilities enabling the attack on CM/ECF should have been addressed after the 2021 breach.

“Enforcing policies to require that sealed or highly sensitive documents be handled via air-gapped systems or secure isolated networks rather than through CM/ECF or PACER would have dramatically limited exposure. And this was actually recommended post-2021,” says Tim Peck, senior threat researcher at the cybersecurity firm Securonix. “Instituting consistent, centralized logging—among other things—across all disparate CM/ECF instances could have enabled earlier detection and rapid mitigation before data exfiltration escalated as far as it did.”

In other words, highly targeted systems like those of the US Courts are likely going to suffer breaches. But the best way to reduce the likelihood and severity of these attacks is to make sure flaws actually get fixed after they're first exploited.

The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived

After reporters found dozens of firms hiding privacy tools from search results, US senator Maggie Hassan insists the companies explain their practices—and pledge to improve access to privacy controls.

United States senator Maggie Hassan is pressing major data brokers after an investigation by The Markup/CalMatters and copublished by WIRED found at least 35 firms hid opt-out information from search results, making it harder for people to take control of their own data and safeguard their privacy online.

Hassan, the top Democrat on the Joint Economic Committee, put five of the top firms—IQVIA Digital, Comscore, Telesign Corporation, 6sense Insights, and Findem—on notice Wednesday, demanding that each explain why code on their sites appears designed to frustrate deletion requests.

None of the companies immediately responded to WIRED’s request for comment. None previously responded to requests for comment during the investigation.

California law requires brokers to provide a way to delete personal data; however, the investigation found dozens of registered brokers obscuring their opt-out tools by hiding them from Google and other search results. Consumer advocates called it a “clever work-around” that undermines privacy rights and may qualify as an illegal _dark pattern_—a design decision that, according to California’s privacy regulator, erodes consumer “autonomy, decision making, or choice when asserting their privacy rights or consenting.”

Hassan wants the firms to justify the placement of their opt‑out pages; acknowledge whether they used code to block search indexing and, if so, against how many users; pledge to remove any such code by September 3; and provide Congress with recent audit results and steps taken since the investigation, if any, to improve user access.

“Data brokers and other online providers have a responsibility to prevent the misuse of consumer data, and Americans deserve to understand if and how their personal information is being used,” Hassan wrote, citing other tactics variously employed by the firms—forcing users to scroll through multiple screens, dismiss needless pop-ups, and hunt for links in shrunken text.

Behind the scenes, data brokers fuel a multibillion-dollar industry that trades in detailed personal information—often gathered without a person’s knowledge or consent. They compile sprawling dossiers often packed with precise location histories, political leanings, and religious affiliations, then sell and resell those profiles, powering everything from hyper‑targeted ads to law‑enforcement surveillance.

Even among the small share of Americans who know this surveillance ecosystem exists, fewer still grasp its true scale—or the ways it can shape, influence, or intrude on their lives.

Earlier this year, the Trump administration quietly abandoned a proposed rule that would have sharply limited brokers’ collection and sale of Americans’ data by treating certain brokers as “consumer reporting agencies” under the Fair Credit Reporting Act. At the same time, contract documents show the US intelligence community is preparing a centralized marketplace to streamline purchases of commercially available data—giving agencies shared access to large repositories of sensitive information without the court orders otherwise required for traditional surveillance.

For survivors of domestic violence, sexual assault, and stalking, the risks are acute. The National Network to End Domestic Violence’s Safety Net Project warns that data brokers collect and sell vast amounts of information that can put survivors at risk, adding that opting out is already a burdensome, piecemeal process, forcing people to contact companies one by one, navigate hard-to-find forms, and resubmit deletion requests regularly as information is re-collected and re-listed.

“Instead of requiring people to navigate byzantine labyrinths to protect their personal information, these companies have a responsibility to make the tools that allow Americans to exercise their right to privacy easy to find and use,” Hassan tells WIRED.

Sean Vitka, the executive director of Demand Progress, a nonprofit advocacy group critical of the industry, compares the surveillance ecosystem underlying commercial data markets to the knotted tails of a rat king—an inseparable tangle of entities sustained by unchecked data flows. “The damage done by data brokers manifests in countless ways,” he says, “but it’s all enabled by the same predatory abuse of consumers’ data.”

“And consistent with what we’re seeing here, the industry cannot be trusted to mitigate its own harms.”

Data Brokers Face New Pressure for Hiding Opt-Out Pages From Google

Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point…

Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point Wild security team.

Point Wild’s Lat61 Threat Intelligence Team has uncovered a new cyber threat targeting fans of the popular game **Minecraft**. Malware disguised as a Minecraft installer is infecting computers, allowing hackers to steal personal data.

This research provided to Hackread.com by Point Wild should not come as a surprise, **as in 2021**, Minecraft was already declared the most malware-infected game ever.

As for the ongoing threat, the malware is hidden inside an unofficial browser-based Minecraft clone called Eaglercraft 1.12 Offline, which is often used in schools and other restricted environments. As millions of gamers, including kids and casual players, download Minecraft-related content during a recent surge of excitement, they are unknowingly putting their computers at risk.

The research reveals that the fake game installer bundles a dangerous type of Remote Access Trojan (RAT) called **NjRat**, which has been used by cybercriminals for years to take full control of infected devices.

This malware can perform several harmful activities without the user’s knowledge. It uses a keylogger to capture every keystroke, allowing it to steal usernames, passwords, and other sensitive information. It can also spy on users by gaining unauthorized access to a computer’s webcam and microphone, enabling attackers to secretly watch and listen.

Additionally, it creates a backdoor by adding a hidden program called WindowsServices.exe to the computer’s start-up files, ensuring it runs each time the system is turned on. To protect itself, the malware is programmed to crash the system with a Blue Screen of Death if it detects security tools like **Wireshark**, making it harder for experts to analyse.

Fake Minecraft game running on an infected device while spreading infection in the background without the user’s notice (Image credit: Point Wild)

> _“While the game ran as a distraction on the surface, a hidden process named WindowsServices.exe was silently executed in the background. This process is not a legitimate Windows component and was likely deployed to masquerade as a system process in order to avoid suspicion. Further inspection revealed it spawned additional child processes, specifically cmd.exe, followed by conhost.exe commonly used by malware for command-line execution and payload handling.”_
> 
> Nihanshu Katkar – Lat61 Threat Intelligence Team

****Attack Details****

According to Point Wild’s **research**, the attack starts with a malicious file disguised as a Minecraft installer. When a user runs it, the computer silently drops several files, including the key malicious program, and distracts the user by opening a browser window to the **fake Minecraft game**. While the game plays, the hidden program runs in the background.

The diagram below illustrates how the malware silently drops files, creates a new entry in the computer’s startup files to make sure it always runs, and then connects to a remote server. This server, hosted in India on Amazon’s cloud, is used by the attackers to control the infected computer and steal data.

Attack Flow Diagram (Source: Point Wild)

**Dr. Zulfikar Ramzan**, CTO of Point Wild and leader of the Lat61 Threat Intelligence team, warns that “Threat actors are exploiting the popularity of Minecraft mods to spread powerful spyware. What looks like a harmless game is actually turned into a tool for spying and data theft.”

Therefore, if you play Minecraft, make sure it is downloaded through the official store, and be cautious when buying skins and mods by ensuring every purchase is through the official store. Downloading third-party apps will only put your device at further risk.

Fake Minecraft Installer Spreads NjRat Spyware to Steal Data

Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices.
The coordinated activity, per threat intelligence firm GreyNoise, was observed on August 3, 2025, with over 780 unique IP addresses participating in the effort.
As many as 56 unique IP addresses have been detected over the past 24 hours. All the IP addresses have been

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs,…

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs, sensitive data and much more. The data is now available for download via DDoSecrets.

It is not often that the inner workings of a cyber-espionage operator are exposed, but that is exactly what happened when two hackers decided to publish a trove of stolen files during one of the world’s biggest hacking conferences.

The material did not surface on a cybercrime forum or through a misconfigured database. Instead, it was shared through **Phrack**, the legendary hacker publication, during its 40th anniversary issue at DEF CON in Las Vegas.

The people behind the **leak**, who go by the names Saber and cyb0rg, say they gained access to a virtual workstation and a virtual private server used by someone they call “KIM.” This individual was believed by the leakers to be linked to **Kimsuky**, a group long associated with North Korean state-backed cyber activity. Yet even with that claim, questions remain, and some security experts think it is just as possible that the operator could be based in China.

What they took and later shared offers a rare look into the operational tools and records of an advanced threat actor. The first batch of data included attack logs showing attempts to compromise South Korea’s government and its Defense Counterintelligence Command through the VPS. The second release was even more revealing, containing internal documentation, source code, stolen credentials, and command scripts from the operator’s workstation.

Independent analysts like Distributed Denial of Secrets (DDoSecrets), who reviewed the files and **indexed** the entire 8.90 GB archive on its website for free download, found that the materials appeared authentic and consistent with a real-world espionage toolkit.

Screenshot of the archive available on DDoSecrets (Image credit: Hackread.com)

However, figuring out who actually ran these systems can still be difficult. Hackers sometimes leave trails that point to the wrong country, and skilled operators can mimic another nation’s methods closely enough to mislead investigators.

For now, the leak sits as both a technical goldmine for researchers and a mystery for intelligence analysts. Phrack has said it plans to release additional download links on its site, which means more details could surface.

Nevertheless, this is not the first time that such sensitive data has gotten into the hands of a third party. Back in 2020, IBM’s X‑Force team stumbled across over **40 gigabytes of video recordings** showing Iranian cyber‑espionage operators teaching others how to hijack email accounts.

The footage, which included real-time steps, like linking Gmail accounts to Zimbra software to download inboxes, was exposed by mistake when the hackers uploaded it to an unsecured cloud server.

Tag

#intel