Startup Selling Hacked Data to Debt Collectors, Crypto Mining Attack on 5,000 Websites, Microsoft Patching SharePoint
The list below includes the top cybersecurity news stories you need to know about from the past 24 hours. Subscribe for daily news updates on the most important stories!
Startup Cashing In on Hacked Data from Millions of Computers
A startup is exploiting infostealing malware to sell hacked data from over 50 million computers to debt collectors and other industries.
Key Points:
The startup claims to have data from more than 50 million hacked computers.
Resold data includes sensitive information like passwords and personal addresses.
The company operates in a gray area of legality, raising ethical concerns among experts.
Data can be purchased by anyone for as low as $50, posing risks to unsuspecting victims.
This practice mirrors illicit activity previously confined to underground networks.
A recent report has uncovered a startup that is capitalizing on data stolen from private computers via infostealing malware. This startup claims to have access to information from over 50 million compromised devices. They resell sensitive personal data, including passwords, billing addresses, and even information related to users' prior online activities, which could involve embarrassing websites. While the company is presenting itself as a legitimate enterprise, the ethics and legality of their operations are called into question, highlighting a troubling trend in the cybersecurity landscape.
Experts have expressed grave concerns about the implications of this practice. Selling data that is typically available only through criminal networks to a variety of industries, including debt collectors and divorce settlements, normalizes the exploitation of breached personal information. Furthermore, the startup's willingness to sell access to this sensitive data for a mere $50 raises alarms about the potential harm to innocent individuals whose information is exposed and exploited without their consent. This blurring of lines between legitimate business practices and criminal activity underscores the urgent need for more robust cybersecurity regulations and ethical guidelines.
The impact of this startup's activities can be far-reaching, affecting personal privacy and security on a massive scale. People may find their private information used against them in ways they never anticipated, leading to a loss of trust in digital spaces and service providers. As this situation evolves, it raises critical questions about accountability in the tech industry and the safeguarding of personal data.
What should be done to prevent companies from profiting off hacked personal data?
Learn More: 404 Media
Help Get the News Out! Share This Post.
Help us get the word out about the most important cybersecurity stories. Share this post on your Substack, Reddit, X / Twitter, via email, or even carrier pigeon. Help your friends, family and contacts stay safe & informed!
Over 3,500 Websites Compromised in Stealthy Crypto Mining Attack
A large-scale campaign has hijacked more than 3,500 websites to secretly mine cryptocurrency using stealthy JavaScript techniques.
Key Points:
3,500+ websites compromised with JavaScript crypto miners.
Attackers use obfuscation and WebSockets to avoid detection.
Users unknowingly mine crypto while browsing affected sites.
Recent reports from cybersecurity researchers reveal that a new attack campaign has compromised over 3,500 websites worldwide through the covert deployment of JavaScript cryptocurrency miners. This resurgence of browser-based cryptojacking attacks is reminiscent of the CoinHive era, where users' devices were exploited for unauthorized crypto mining. The miners used in this latest attack are highly sophisticated; they employ obfuscated JavaScript that can evaluate the computational capabilities of the user's device, spawning background processes to mine cryptocurrency without raising any alarms.
Significantly, this attack employs WebSockets to fetch mining tasks from external servers, allowing for dynamic adjustments in mining intensity based on the user's device capabilities. This tactic not only enables the attacker to conserve resources, minimizing detection by security measures, but also ensures that users unknowingly contribute to the mining efforts while browsing. This level of stealth and resource exploitation highlights a shift in attack strategies, with criminals opting for persistent, low-impact siphoning of resources rather than outright, aggressive theft.
How can website owners better protect themselves from such stealthy attacks?
Learn More: The Hacker News
Microsoft Moves Quickly to Patch ToolShell Exploits Targeting SharePoint Servers
Microsoft has begun releasing critical updates to address zero-days that hackers exploited to compromise SharePoint servers.
Key Points:
Two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 were actively exploited against SharePoint Servers.
Attacks involved planting webshells and exfiltrating cryptographic secrets, resulting in unauthorized access to systems.
Microsoft's emergency patches are now available for SharePoint Subscription Edition and SharePoint 2019, with more updates pending.
On July 18, 2025, security researchers reported that two critical vulnerabilities in Microsoft SharePoint were being actively exploited by cybercriminals. The vulnerabilities, identified as CVE-2025-53770 and CVE-2025-53771, allow attackers to gain unauthenticated remote access, leading to remote code execution. In multiple confirmed cases, attackers managed to deploy webshells on affected SharePoint servers, enabling them to extract sensitive information such as cryptographic secrets. While Microsoft confirmed the active exploitation of these vulnerabilities, they acted swiftly to develop and distribute patches aimed at mitigating the risks posed by these exploits.
As a response to the situation, Microsoft has released emergency updates for SharePoint Subscription Edition and SharePoint 2019. However, the patches for SharePoint 2016 are still awaited. In the context of the ongoing cyber threats, the Cybersecurity and Infrastructure Security Agency (CISA) has urged government organizations to apply these updates immediately, stressing the importance of securing vulnerable systems. Organizations that are unable to promptly deploy the necessary patches are recommended to enable specific security measures, such as the Antimalware Scan Interface (AMSI) integration in SharePoint set to 'Full Mode'. Given the nature of the attacks, it is advised that cryptographic keys be rotated to prevent further compromise after applying updates.
What steps do you think organizations should take proactively to prevent such vulnerabilities in the future?
Learn More: Security Week
Help Get the News Out! Share This Post.
Help us get the word out about the most important cybersecurity stories. Share this post on your Substack, Reddit, X / Twitter, via email, or even carrier pigeon. Help your friends, family and contacts stay safe & informed!