FILTERING BY: CLEAR FILTER

IFood: Unauthorized Access to SIRA Portal Exposes 1.2 Million User Records

iFood confirmed a data breach originating in December 2025 that exposed the personally identifiable information (PII) of approximately 1.2 million users. The attack targeted the Sistema iFood de Resposta às Autoridades (SIRA), a restricted portal designed for judicial and administrative data requests. Threat actors gained access using compromised credentials belonging to an external agency, rather than an internal iFood system failure. The exfiltrated data includes full names, phone numbers, physical addresses, and Cadastro de Pessoas Físicas (CPF) numbers. While authentication credentials and financial instruments remained secure, the exposure of CPFs—the primary identity anchor in Brazil—creates significant risk for high-fidelity identity theft and social engineering.

The Resurgence of Infostealers: Katz, Bee, and Acreed Malware Driving Identity-Centric Enterprise Compromise

Infostealer malware, specifically families such as Katz, Bee, and Acreed, has seen an 800% increase in activity, accelerating a shift toward identity-centric attack vectors. These threats target consumer devices via malvertising, phishing, and cracked software to exfiltrate browser cookies, session tokens, and saved credentials. By harvesting valid session data, attackers bypass Multi-Factor Authentication (MFA) through session hijacking. This data is subsequently commoditized through Initial Access Broker (IAB) marketplaces and Telegram-based distribution, providing the requisite access for enterprise-grade ransomware deployment and large-scale espionage operations.

The CINEMAGOAL Evolution: From Piracy App to Credential Harvesting Engine

Italian law enforcement, including the Polizia Postale and Guardia di Finanza, has successfully disrupted the CINEMAGOAL ecosystem, a sophisticated mobile operation that evolved from a simple piracy application into a high-scale credential-harvesting platform. By leveraging malicious mobile binaries (APK/IPA) to perform session hijacking and Man-in-the-Middle (MitM) attacks, the app exfiltrated authentication tokens and session codes from legitimate users of major streaming services like Netflix, Disney+, and Spotify. This shift from content redistribution to active identity theft poses a significant threat to the streaming economy, necessitating enhanced scrutiny of mobile application behavior and session management protocols to prevent large-scale account takeovers.


LINK COPIED TO CLIPBOARD