Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

YouTubeTA StealC malware campaign against cracked-Adobe seekers in 2025

Campaign
First reported
Last updated
Happening score
H score 45
1 unique sources, 1 articles

Summary

Hide ▲

The YouTubeTA operation ran malware campaigns throughout 2025, turning cracked Adobe Photoshop and Adobe After Effects searches into a large-scale credential theft flow that collected 5,000+ victim logs, 390,000 passwords, and 30 million cookies. The activity mattered because it shows a recurring delivery pattern tied to a specific operator and a measurable volume of stolen data.

Related Happenings

Pastebin ClickFix JavaScript crypto swap hijacking campaign

Campaign
First: 15.02.2026 17:17 Last: 15.02.2026 17:17 Sources 1

About this happening: The **Pastebin**-driven **ClickFix-style campaign** is tricking **cryptocurrency users** into running **malicious JavaScript** in their browser and hijacking **Bitcoin swap transa...

Open Happening

ShinyHunters vishing campaign targeting SSO accounts

Campaign
First: 02.02.2026 15:46 Last: 02.02.2026 15:46 Sources 1

About this happening: The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...

Latest development: 26.05.2026 22:46

ShinyHunters claims it breached Charter Communications on April 1 by vishing an employee's Microsoft Entra account, then used that access to export millions of consumer and business customer records from the company's Salesforce instance; Charter says no sensitive personal information or CPNI was exfiltrated.

Open Happening

Bizarre Bazaar campaign targeting exposed LLM and MCP endpoints

Campaign
First: 28.01.2026 15:15 Last: 28.01.2026 15:15 Sources 1

About this happening: **Bizarre Bazaar** is an active **LLMjacking** campaign targeting **exposed LLM and MCP endpoints** to monetize unauthorized access to AI infrastructure. Researchers say the opera...

Latest development: 29.01.2026 20:37

Researchers said Operation Bizarre Bazaar, an LLMjacking marketplace that scans for exposed Ollama, vLLM, and OpenAI-compatible APIs without authentication and resells access through silver[.]inc, has been traced to Hecker (aka Sakuya and LiveGamer101).

Open Happening

PcComponentes customer database leak claim and sample publication

Data Leak
First: 21.01.2026 22:55 Last: 21.01.2026 22:55 Sources 1

About this happening: A **threat actor named daghetiaw** published a claimed **PcComponentes customer database** and offered it for sale, putting **16.3 million records** at risk. The actor said **500,...

Open Happening

StealC web-based control panel XSS cross-site scripting flaw

Vulnerability
First: 19.01.2026 08:53 Last: 19.01.2026 08:53 Sources 1

About this happening: Researchers disclosed a **cross-site scripting (XSS)** flaw in the **StealC web-based control panel** that exposed **session cookies** and **system fingerprints**. The bug mattere...

Open Happening

Timeline

  1. 16.01.2026 23:00 2 articles · 4mo ago

    YouTubeTA StealC malware campaign against cracked-Adobe seekers in 2025

    Initial Disclosure

    In the early phase of the operation, **YouTubeTA** used **infecting links** on **compromised YouTube channels** to draw victims toward cracked Adobe software downloads. That initial lure set up the broader 2025 malware-campaign flow.

    Show sources
    Open in new tab