Tag: cybercrime
-
FBI shares massive list of 42,000 LabHost phishing domains
The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-shares-massive-list-of-42-000-labhost-phishing-domains/
-
AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens
Tags: 2fa, attack, authentication, credentials, cyber, cybercrime, exploit, mfa, phishing, service, softwareDarktrace’s Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been exploiting legitimate Software-as-a-Service (SaaS) platforms like Milanote to orchestrate sophisticated phishing campaigns. These attacks, bolstered by the Tycoon 2FA phishing kit, demonstrate an advanced Adversary-in-the-Middle (AiTM) approach that circumvents multi-factor authentication (MFA) protections. Leveraging Legitimate Services for Stealthy Attacks By abusing…
-
DarkWatchman cybercrime malware returns on Russian networks
A financially motivated group tracked as Hive0117 recently attacked multiple Russian industries with a retooled version of DarkWatchman malware, researchers said. First seen on therecord.media Jump to article: therecord.media/darkwatchman-malware-russia-cybercrime-hive0117
-
Amazon, CrowdStrike leaders say private threat intel can quickly bring cybercriminals to justice
Threat intel experts expounded on how their data does not only serve to temporarily disrupt malicious activity, but find, arrest and convict cybercriminals for their offenses. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-crowdstrike-threat-intel-law-enforcement/
-
New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials
A formidable new information-stealing malware dubbed Gremlin Stealer has surfaced in the cybercrime underground, actively promoted since mid-March 2025 on platforms like the Telegram channel CoderSharp. Discovered by Unit 42 researchers at Palo Alto Networks, this malware, crafted in C#, poses a significant risk to individuals and organizations by targeting a wide array of sensitive…
-
Cybercriminals Use GetShared to Sneak Malware Through Enterprise Shields
Cybercriminals are increasingly leveraging legitimate file-sharing platforms like GetShared to bypass enterprise email security systems. A recent case involving a former colleague, previously employed at Kaspersky, highlights this emerging threat. The individual received an authentic-looking email notification from GetShared, a genuine service for transferring large files, claiming that a file named >>DESIGN LOGO.rar
-
Was ist Evasive-Malware? Gefahr im Verborgenen
In einer zunehmend digitalisierten Welt entwickelt sich auch die Bedrohungslage stetig weiter. Eine der gefährlichsten Erscheinungen der modernen Cyberkriminalität ist die sogenannte Evasive-Malware. Sie stellt klassische Sicherheitslösungen vor enorme Herausforderungen, da sie gezielt entwickelt wird, um Erkennung, Analyse und Abwehrmaßnahmen zu umgehen. Was versteht man unter Evasive-Malware? Evasive Malware (deutsch: ausweichende Schadsoftware) beschreibt bösartige Programme, die…
-
Threat Actors Accelerate Transition from Reconnaissance to Compromise New Report Finds
Tags: api, attack, automation, cloud, cyber, cybercrime, data, data-breach, identity, technology, threat, tool, voipCybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from reconnaissance to compromise. The data shows a staggering 16.7% global increase in scans, with over 36,000 scans per second targeting not just exposed ports but delving into operational technology (OT), cloud APIs, and identity layers. Sophisticated tools probe SIP-based VoIP systems,…
-
Infostealers Harvest Over 30,000 Australian Banking Credentials
Dvuln researchers highlighted the growing impact of infostealers on the cybercrime landscape, enabling attackers to bypass traditional defenses First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infostealers-harvest-banking/
-
Year in Review: AI based threats
2024 wasn’t the year that AI rewrote the cybercrime playbook, but it did turbocharge some of the old tricks. Read this summary of AI-based threats, from Talos’ 2024 Year in Review. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/year-in-review-ai-based-threats/
-
JokerOTP Platform Linked to 28,000+ Phishing Attacks Dismantled
Law enforcement agencies from the UK and the Netherlands have dismantled the notorious JokerOTP cybercrime platform, which is allegedly linked to more than 28,000 phishing attacks across 13 countries. A 24-year-old man was apprehended this morning by Cleveland Police at a residence in Middlesbrough, England. He is currently being held in police custody on suspicion…
-
Unbefugter Zugriff bei einem Medienunternehmen aus den USA
Media firm Urban One confirms data breach after cybercriminals claim February attack First seen on therecord.media Jump to article: therecord.media/urban-one-data-breach-african-amercian-media
-
Media firm Urban One confirms data breach after cybercriminals claim February attack
Urban One, the largest media company primarily serving African Americans, disclosed a data breach to regulators. A ransomware group said it had attacked the company. First seen on therecord.media Jump to article: therecord.media/urban-one-data-breach-african-amercian-media
-
RSA Conference 2025, News and analysis
Tags: ai, automation, conference, cybercrime, cybersecurity, data, defense, detection, edr, identity, ransomware, regulation, tactics, threat, zero-trustAI in cybersecurity (both as a threat and a defense)Cloud security challenges and solutionsThe latest ransomware tactics and how to defend against themPrivacy regulations and data protectionEmerging threats like quantum computingKeep an eye out for emerging trends that will be highlighted at the conference. This year, expect a strong focus on topics such as XDR…
-
Cybersecurity CEO Charged with Installing Malware on Hospital Computers
Jeffrey Bowie, the CEO of cybersecurity company Veritaco, was seen on security camera footage walking into St. Anthony Hospital in Oklahoma City last year and installing malware on an employee computer. He was arrested this month for violating the state’s cybercrime statute. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/cybersecurity-ceo-charged-with-installing-malware-on-hospital-computers/
-
âš¡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting, from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks…
-
Zero-Knowledge-Kriminalität: So einfach werden Reisepässe mit KI gefälscht
In ihrer neuesten Analyse warnen die Sicherheitsexperten des Cato CTRL-Teams vor einer beunruhigenden Entwicklung im Bereich der Cyberkriminalität: der Einsatz generativer KI zur Erstellung gefälschter Dokumente, insbesondere Reisepässe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/gefaelschte-paesse-ki-kriminalitaet
-
Gefälschte Pässe: Wie KI die (Cyber-)Kriminalität revolutioniert
In ihrer neuesten Analyse warnen die Sicherheitsexperten des Cato CTRL-Teams vor einer beunruhigenden Entwicklung im Bereich der Cyberkriminalität: der Einsatz generativer KI zur Erstellung gefälschter Dokumente, insbesondere Reisepässe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/gefaelschte-paesse-ki-kriminalitaet
-
Cybercriminals Selling Sophisticated HiddenMiner Malware on Dark Web Forums
Cybercriminals have begun openly marketing a powerful new variant of the HiddenMiner malware on underground dark web forums, raising alarms within the cybersecurity community. The malware, a heavily modified Monero (XMR) cryptocurrency miner, attracts buyers due to its advanced stealth capabilities and ease of use, even for less technically skilled threat actors. A New Breed…
-
Pete Hegseth’s Signal Scandal Spirals Out of Control
Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies. First seen on wired.com Jump to article: www.wired.com/story/pete-hegseths-signal-scandal-spirals-out-of-control/
-
Darcula phishing toolkit gets AI boost, democratizing cybercrime
Tags: ai, apt, attack, automation, awareness, china, credentials, cybercrime, defense, detection, endpoint, finance, google, government, group, infrastructure, malicious, network, phishing, resilience, risk, service, skills, smishing, threat, tool, training, updateAI creates push-button phishing attacks: With the latest update to the “darcula-suite” toolkit, users can now generate phishing pages using generative AI that mimics websites with near-perfect accuracy, and in any language.”Users provide a URL of a legitimate brand or service, and the tool automatically visits that website, downloads all of its assets, and renders…
-
‘SessionShark’ A New Toolkit Bypasses Microsoft Office 365 MFA Security
Tags: 2fa, authentication, cyber, cybercrime, marketplace, mfa, microsoft, office, phishing, service, threatSecurity researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users: a phishing-as-a-service toolkit dubbed “SessionShark O365 2FA/MFA.” Promoted through cybercriminal marketplaces, SessionShark is designed to bypass Microsoft’s multi-factor authentication (MFA) protections”, an alarming escalation in the ongoing battle between defenders and cyber attackers. A Toolkit Purpose-Built to Evade 2FA and MFA…
-
New Report Reveals How AI is Rapidly Enhancing Phishing Attack Precision
The Zscaler ThreatLabz 2025 Phishing Report unveils the alarming sophistication of modern phishing attacks, driven by generative AI (GenAI). By examining over 2 billion blocked phishing transactions on the Zscaler Zero Trust Exchange cloud security platform from January to December 2024, the report highlights a seismic shift in cybercriminal tactics. Cybercriminals Leverage GenAI for Hyper-Targeted…
-
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
-
Cyberresilient statt nur cyberresistent
Fünf Tipps für mehr Widerstandfähigkeit gegenüber Cyberangriffen. Cyberangriffe sind für Unternehmen und Organisationen zum Alltag geworden. Die Zahl der registrierten Cybercrime-Fälle bleibt laut aktuellem Lagebild des Bundeskriminalamts zu Cybercrime mit rund 134.000 Fällen in Deutschland auf einem hohen Niveau, wobei die Strafverfolgungsbehörde von einem sehr hohen Dunkelfeld von über 90 Prozent ausgeht [1]. Man… First…
-
Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI
Tags: access, ai, attack, authentication, best-practice, captcha, cloud, control, credentials, crypto, cyber, cybercrime, data, defense, detection, dmarc, email, exploit, finance, google, identity, jobs, login, malicious, malware, mfa, phishing, radius, risk, scam, spam, strategy, tactics, technology, theft, threat, tool, vulnerability, zero-day, zero-trustGone are the days of mass phishing campaigns. Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams”, exploiting human vulnerabilities with…
-
FBI: Cybercrime losses hit record-breaking $16.6B last year
Tags: cybercrimeFirst seen on scworld.com Jump to article: www.scworld.com/brief/fbi-cybercrime-losses-hit-record-breaking-16-6b-last-year
-
Key Takeaways from the FBI’s 2024 IC3 Cybercrime Report
Tags: cybercrimeFirst seen on scworld.com Jump to article: www.scworld.com/brief/key-takeaways-from-the-fbis-2024-ic3-cybercrime-report
-
FBI: Cybercrime Losses Rocket to $16.6B in 2024
The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/fbi-cybercrime-losses-16b-2024