Tag: phishing

Why you should purple team your SOC

Nov 10, 2025 10:20 AM

Tags: attack, blueteam, breach, compliance, detection, metric, penetration-testing, phishing, powershell, PurpleTeam, service, soc, threat, tool, training

. In theory, it’s about collaboration and continual improvement. In practice, it’s often a transactional service run by penetration testing firms focused on two things: proving they can bypass defences and producing a report that looks good in a board pack.That mindset doesn’t help with SOC effectiveness. A single purple team engagement doesn’t build real…
Why you should purple team your SOC

Nov 10, 2025 10:20 AM

Tags: attack, blueteam, breach, compliance, detection, metric, penetration-testing, phishing, powershell, PurpleTeam, service, soc, threat, tool, training

. In theory, it’s about collaboration and continual improvement. In practice, it’s often a transactional service run by penetration testing firms focused on two things: proving they can bypass defences and producing a report that looks good in a board pack.That mindset doesn’t help with SOC effectiveness. A single purple team engagement doesn’t build real…
NDSS 2025 Investigating The Susceptibility Of Teens And Adults To YouTube Giveaway Scams

Nov 9, 2025 7:20 PM

Tags: conference, fraud, Internet, network, phishing, scam

SESSION Session 2C: Phishing & Fraud 1 Authors, Creators & Presenters: Elijah Bouma-Sims (Carnegie Mellon University), Lily Klucinec (Carnegie Mellon University), Mandy Lanyon (Carnegie Mellon University), Julie Downs (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University) PAPER The Kids Are All Right: Investigating the Susceptibility of Teens and Adults to YouTube Giveaway Scams Fraudsters…
Lost iPhone? Don’t fall for phishing texts saying it was found

Nov 9, 2025 5:20 PM

Tags: apple, breach, cyber, iphone, phishing, scam

The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lost-iphone-dont-fall-for-phishing-texts-saying-it-was-found/
NDSS 2025 Qualitative Study On Boards’ Cybersecurity Risk Decision Making

Nov 8, 2025 6:19 PM

Tags: ciso, conference, cyber, cybersecurity, data-breach, fraud, Internet, network, phishing, risk, strategy

SESSION Session 2C: Phishing & Fraud 1 Authors, Creators & Presenters: Jens Christian Opdenbusch (Ruhr University Bochum), Jonas Hielscher (Ruhr University Bochum), M. Angela Sasse (Ruhr University Bochum, University College London) PAPER “Where Are We On Cyber?” – A Qualitative Study On Boards’ Cybersecurity Risk Decision Making Boards are increasingly required to oversee the cybersecurity…
New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks

Nov 8, 2025 6:19 AM

Tags: android, cyber, email, linux, malware, microsoft, phishing, risk, update

Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just an email address”, even if the recipient isn’t a Teams user. While the feature, launching in targeted releases by early November 2025 and globally by January 2026, promises expanded connectivity across Android, desktop, iOS, Linux,…
Phishing-Kampagne zielt auf Führungskräfte

Nov 8, 2025 12:19 AM

Tags: mail, phishing

In letzter Zeit scheinen Führungskräfte und leitende Angestellte aus unterschiedlichen Branchen verstärkt ins Visier von Cyberkriminellen zu geraten. Diese versuchen die Adressaten mittels Phishing-Mails zur Herausgabe von Daten zu überlisten. Jedenfalls schlagen Sicherheitsforscher Alarm und warnen vor einer gezielten Welle von … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/08/phishing-kampagne-zielt-auf-fuehrungskraefte/
NDSS 2025 SCAMMAGNIFIER: Piercing The Veil Of Fraudulent Shopping Website Campaigns

Nov 7, 2025 10:19 PM

Tags: conference, cybercrime, defense, finance, framework, fraud, Internet, network, phishing, service, threat

SESSION Session 2C: Phishing & Fraud 1 Authors, Creators & Presenters: Marzieh Bitaab (Arizona State University), Alireza Karimi (Arizona State University), Zhuoer Lyu (Arizona State University), Adam Oest (Amazon), Dhruv Kuchhal (Amazon), Muhammad Saad (X Corp.), Gail-Joon Ahn (Arizona State University), Ruoyu Wang (Arizona State University), Tiffany Bao (Arizona State University), Yan Shoshitaishvili (Arizona State…
NDSS 2025 SCAMMAGNIFIER: Piercing The Veil Of Fraudulent Shopping Website Campaigns

Nov 7, 2025 10:19 PM

Tags: conference, cybercrime, defense, finance, framework, fraud, Internet, network, phishing, service, threat

SESSION Session 2C: Phishing & Fraud 1 Authors, Creators & Presenters: Marzieh Bitaab (Arizona State University), Alireza Karimi (Arizona State University), Zhuoer Lyu (Arizona State University), Adam Oest (Amazon), Dhruv Kuchhal (Amazon), Muhammad Saad (X Corp.), Gail-Joon Ahn (Arizona State University), Ruoyu Wang (Arizona State University), Tiffany Bao (Arizona State University), Yan Shoshitaishvili (Arizona State…
Phishing Campaign “I Paid Twice” Targets Booking.com Hotels and Guests

Nov 7, 2025 9:19 PM

Tags: cybercrime, exploit, phishing

Cybercriminals are exploiting hotel booking platforms in a global phishing scheme that tricks guests into paying for reservations twice. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phishing-campaign-i-paid-twice-targets-booking-com-hotels-and-guests/
Inside the Adversary’s Playbook: Credential Abuse, Cloud Intrusions, and Lateral Movement

Nov 7, 2025 8:20 PM

Tags: access, advisory, breach, cloud, credentials, cyber, email, finance, phishing, threat

Most cyber breaches begin quietly, with a simple mistake. A misconfigured cloud bucket, a phishing email that looks just real enough, or an employee who forgets to revoke access when leaving the company. The ColorTokens Threat Advisory team highlighted how these small cracks turn into serious breaches. There were insider threats in the financial sector,……
Inside the Adversary’s Playbook: Credential Abuse, Cloud Intrusions, and Lateral Movement

Nov 7, 2025 8:20 PM

Tags: access, advisory, breach, cloud, credentials, cyber, email, finance, phishing, threat

Most cyber breaches begin quietly, with a simple mistake. A misconfigured cloud bucket, a phishing email that looks just real enough, or an employee who forgets to revoke access when leaving the company. The ColorTokens Threat Advisory team highlighted how these small cracks turn into serious breaches. There were insider threats in the financial sector,……
Inside the Adversary’s Playbook: Credential Abuse, Cloud Intrusions, and Lateral Movement

Nov 7, 2025 8:20 PM

Tags: access, advisory, breach, cloud, credentials, cyber, email, finance, phishing, threat

Most cyber breaches begin quietly, with a simple mistake. A misconfigured cloud bucket, a phishing email that looks just real enough, or an employee who forgets to revoke access when leaving the company. The ColorTokens Threat Advisory team highlighted how these small cracks turn into serious breaches. There were insider threats in the financial sector,……
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix

Nov 7, 2025 5:19 PM

Tags: breach, cybersecurity, data, fraud, malware, phishing, scam

Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests. First seen on hackread.com Jump to article: hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix

Nov 7, 2025 5:19 PM

Tags: breach, cybersecurity, data, fraud, malware, phishing, scam

Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests. First seen on hackread.com Jump to article: hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix

Nov 7, 2025 5:19 PM

Tags: breach, cybersecurity, data, fraud, malware, phishing, scam

Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests. First seen on hackread.com Jump to article: hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Nikkei-Daten über Slack-Konto eines Mitarbeiters geleakt

Nov 7, 2025 2:20 PM

Tags: access, computer, cyberattack, data-breach, finance, hacker, mail, password, phishing, ransomware, usa, virus

Ein kompromittierter Rechner und schon hatten Kriminelle alles Nötige, um auf Nikkeis Slack-Plattform zuzugreifen.Unbefugte hatten Zugang zur Messaging-Plattform Slack von Nikkei, einem der größten Medienkonzerne weltweit, zu dem unter anderem die Financial Times gehört. Wie das Unternehmen bekannt gab, wurden dabei möglicherweise Daten von über 17.000 Mitarbeitenden und Geschäftspartnern gestohlen.Darunter können sich Namen, E-Mail-Adressen und…
ClickFix Attack Evolves: Weaponized Videos Trigger Self-Infection Tactics

Nov 7, 2025 2:20 PM

Tags: attack, awareness, cyber, defense, infection, malicious, phishing, social-engineering, tactics, threat, tool

ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns coerce users into executing malicious code on their own devices, bypassing traditional awareness defenses that focus on preventing suspicious clicks, dodgy downloads, and phishing websites. During a recent threat briefing…
Nikkei-Daten über Slack-Konto eines Mitarbeiters geleakt

Nov 7, 2025 2:20 PM

Tags: access, computer, cyberattack, data-breach, finance, hacker, mail, password, phishing, ransomware, usa, virus

Ein kompromittierter Rechner und schon hatten Kriminelle alles Nötige, um auf Nikkeis Slack-Plattform zuzugreifen.Unbefugte hatten Zugang zur Messaging-Plattform Slack von Nikkei, einem der größten Medienkonzerne weltweit, zu dem unter anderem die Financial Times gehört. Wie das Unternehmen bekannt gab, wurden dabei möglicherweise Daten von über 17.000 Mitarbeitenden und Geschäftspartnern gestohlen.Darunter können sich Namen, E-Mail-Adressen und…
ClickFix Attack Evolves: Weaponized Videos Trigger Self-Infection Tactics

Nov 7, 2025 2:20 PM

Tags: attack, awareness, cyber, defense, infection, malicious, phishing, social-engineering, tactics, threat, tool

ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns coerce users into executing malicious code on their own devices, bypassing traditional awareness defenses that focus on preventing suspicious clicks, dodgy downloads, and phishing websites. During a recent threat briefing…