Tag: phishing
-
What the Latest OpenAI Security Breach Reveals About the State of AI Protection
A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk”, even without direct system compromise. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/what-the-latest-openai-security-breach-reveals-about-the-state-of-ai-protection/
-
What the Latest OpenAI Security Breach Reveals About the State of AI Protection
A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk”, even without direct system compromise. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/what-the-latest-openai-security-breach-reveals-about-the-state-of-ai-protection/
-
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring
Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/tracking-scripted-sparrow-phishing-campaigns/
-
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring
Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/tracking-scripted-sparrow-phishing-campaigns/
-
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/microsoft-365-device-code-phishing/
-
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/microsoft-365-device-code-phishing/
-
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express).”The threat actor leveraged QR codes and notification pop-ups to lure victims into installing…
-
Blurred Deception: Russian APT Targets Transnistria and NATO with High-Pressure Phishing Lures
The post Blurred Deception: Russian APT Targets Transnistria and NATO with High-Pressure Phishing Lures appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/blurred-deception-russian-apt-targets-transnistria-and-nato-with-high-pressure-phishing-lures/
-
Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users
Researchers said the campaign likely aimed to collect sensitive information from Ukrainian users in support of broader Russian intelligence objectives. First seen on therecord.media Jump to article: therecord.media/russian-bluedelta-hackers-ran-phishing-ukraine-webmail
-
New deepfake training from KnowBe4 see it in action!
Tags: ai, conference, cybersecurity, deep-fake, disinformation, fraud, phishing, risk, risk-management, threat, trainingKnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, has announced a new custom deepfake training experience to defend against advanced cybersecurity threats from deepfakes such as fraudulent video conferences and AI-generated phishing attacks. Deepfakes can be weaponised and utilised for fraud, disinformation campaigns and cause reputational damage across sectors. The…
-
APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a “sustained” credential-harvesting campaign targeting users of UKR[.]net, a webmail and news service popular in Ukraine.The activity, observed by Recorded Future’s Insikt Group between June 2024 and April 2025, builds upon prior findings from the cybersecurity company in…
-
New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails
The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky.The Russian cybersecurity vendor said it detected the new activity in October 2025. The origins of the threat actor are presently unknown.”While the spring cyberattacks focused on organizations, the fall campaign honed…
-
APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a “sustained” credential-harvesting campaign targeting users of UKR[.]net, a webmail and news service popular in Ukraine.The activity, observed by Recorded Future’s Insikt Group between June 2024 and April 2025, builds upon prior findings from the cybersecurity company in…
-
Cyberangriffe rund um Weihnachten und den Jahreswechsel
Die Feiertage gelten als Zeit der Ruhe, des Schenkens und der Erholung doch für Cyberkriminelle sind sie eine Gelegenheit, die sie gezielt ausnutzen. Genau dann, wenn viele Mitarbeitende gedanklich bereits im Urlaub sind und Abläufe unter Jahresendstress stehen, versuchen Angreifer, unaufmerksame oder unterbesetzte Teams hinters Licht zu führen. Ob Holiday-Phishing, gefälschte Zahlungsanweisungen oder Risiken […]…
-
Cyberangriffe rund um Weihnachten und den Jahreswechsel
Die Feiertage gelten als Zeit der Ruhe, des Schenkens und der Erholung doch für Cyberkriminelle sind sie eine Gelegenheit, die sie gezielt ausnutzen. Genau dann, wenn viele Mitarbeitende gedanklich bereits im Urlaub sind und Abläufe unter Jahresendstress stehen, versuchen Angreifer, unaufmerksame oder unterbesetzte Teams hinters Licht zu führen. Ob Holiday-Phishing, gefälschte Zahlungsanweisungen oder Risiken […]…
-
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT
Tags: access, attack, authentication, cloud, communications, control, cybercrime, defense, detection, dkim, dmarc, dns, email, encryption, flaw, government, group, infrastructure, injection, Internet, malicious, malware, microsoft, open-source, phishing, powershell, rat, service, spear-phishing, startup, tactics, threat, tool, update, usa, windowsIntroductionIn early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using…
-
Parked Domains Emerge as a Primary Channel for Malware and Phishing
The landscape of domain parking has transformed dramatically over the past decade, shifting from a relatively benign monetization strategy to a sophisticated vector for cybercrime. New research into the modern parking ecosystem reveals a startling reality: over 90% of visitors to parked domains encounter malicious content, scams, or phishing attacks a stark reversal from conditions…
-
Blind Eagle Hackers Exploit Trust to Bypass Email Security Controls
Tags: attack, control, cyber, cybersecurity, email, exploit, government, group, hacker, malware, phishing, spear-phishing, threatBlindEagle threat actors are exploiting compromised internal email accounts to launch spear-phishing campaigns that bypass traditional email security controls, targeting Colombian government agencies with sophisticated multi-stage malware attacks, according to Zscaler ThreatLabz research. The cybersecurity firm discovered the campaign in early September 2025, revealing that the South American threat group targeted a government agency under…
-
ESicherheit: BSI untersucht EProgramme
In unserem E-Mail-Programm lesen, schreiben und verwalten wir all unsere E-Mails. Nicht selten enthalten die Anwendungen daher auch sensibelste Informationen. Entsprechend gut müssen sie vor Risiken wie etwa Mitlesen und Manipulation durch Dritte geschützt werden. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat untersucht, inwiefern E-Mail-Programme relevante Eigenschaften wie Transport- und Inhaltsverschlüsselung, SPAM-, Phishing-……
-
4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever
An unsecured database exposed 4.3 billion LinkedIn-derived records, enabling large-scale phishing and identity-based attacks. The post 4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-4-3-billion-linkedin-records-exposed/
-
AI might be the answer for better phishing resilience
Phishing is still a go-to tactic for attackers, which is why even small gains in user training are worth noticing. A recent research project from the University of Bari looked … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/16/ai-generated-phishing-training-study/
-
Android Users at Risk as Malware Poses as mParivahan and e-Challan Apps
A sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal credentials and carry out large-scale financial fraud. The operation combines phishing, malware, and surveillance capabilities. It is being distributed via malicious APKs hosted on GitHub and clusters of phishing domains that…
-
4.3 Billion Records Exposed in Massive Lead-Generation Data Leak
An unsecured database exposed 4.3 billion LinkedIn-derived records, enabling large-scale phishing and identity-based attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/4-3-billion-records-exposed-in-massive-lead-generation-data-leak/
-
2025’s Top Phishing Trends and What They Mean for Your Security Strategy
Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks continue to evolve in 2026. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/2025s-top-phishing-trends-and-what-they-mean-for-your-security-strategy/
-
Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files
A new phishing campaign has been identified, delivering the Phantom information-stealing malware via an ISO attachment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-phishing-phantom-stealer/