Tag: phishing
-
Offer customers passkeys by default, UK’s NCSC tells enterprises
How passkeys change the attack model: The NCSC added that passkeys reduce risk by removing reliance on shared secrets and binding authentication to the legitimate service.According to the agency, this prevents credential reuse and relay attacks, as authentication cannot be intercepted and reused by an attacker.Passkeys use cryptographic key pairs stored on a user’s device,…
-
UK’s NCSC calls passkeys the default, says passwords are no longer fit for the purpose
How passkeys change the attack model: The NCSC added that passkeys reduce risk by removing reliance on shared secrets and binding authentication to the legitimate service.According to the agency, this prevents credential reuse and relay attacks, as authentication cannot be intercepted and reused by an attacker.Passkeys use cryptographic key pairs stored on a user’s device,…
-
Check Point belegt ersten Platz im Hybrid-Mesh-NetworkBenchmark von Miercom
Check Point Software Technologies, gibt bekannt, dass man im <> den ersten Platz belegt hat. Dieser bedeutsame Erfolg markiert für Check Point das vierte Jahr in Folge die branchenweite Spitzenposition. Check Point erreichte mit einer Phishing-Erkennungsrate von 100 Prozent und einer KI-gestützten Malware-Abwehr von 99,9 Prozent den Spitzenwert […] First seen on netzpalaver.de Jump to…
-
New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert
An Apple account notification has been exploited in a new email phishing attack that comes with a fake iPhone purchase claim. The post New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-phishing-scam-fake-899-iphone-purchase-alert/
-
Cyberattack on French government agency triggers phishing alert
France Titres, a French government agency, has disclosed a data breach that may have exposed user data from its online portal. France Titres, also known as the Agence … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/france-titres-online-portal-data-breach/
-
Schatten-KI zwingt Sicherheitsverantwortliche zum Handeln
Der nächste große Sicherheitsvorfall beginnt möglicherweise nicht mit Malware oder einer Phishing-Mail. Er könnte mit einer Eingabeaufforderung starten und damit enden, dass ein KI-Agent Maßnahmen ergreift, die nie genehmigt wurden. Seit Jahren hält das Problem der Schatten-IT Sicherheitsverantwortliche auf Trab: Mitarbeitende setzen Cloud-Anwendungen ein, ohne dass diese von der IT-Abteilung genehmigt wurden. Die Schatten-KI folgt…
-
Phishing, sometimes with AI’s help, topped initial-access methods in Q1, Cisco says
Hackers can now spin up fake login pages without writing a single line of code. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/phishing-initial-access-ai-cisco/818185/
-
5 zentrale Schwachstellen gefährden die IT-Sicherheitslage im Mittelstand
Ransomware, Phishing, gestohlene Zugangsdaten: Cyberangriffe verursachen im Mittelstand regelmäßig spürbaren wirtschaftlichen Schaden. Der aktuelle ‘Cyber-Risikocheck für den Mittelstand” von Trufflepig IT-Forensics, dem spezialisierten Cybersecurity-Partner für den gehobenen Mittelstand und den öffentlichen Sektor im DACH-Raum, zeigt auf Basis von 273 realen Angriffssimulationen (Penetrationstests) in mittelständischen DACH-Unternehmen, wo sich Angreifern die vielversprechendsten Einfallstore bieten. Besonders relevant für…
-
Surge in Silent Subject Phishing Attacks Targets VIP Users
Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/silent-subject-phishing-campaigns/
-
IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist
Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q1-2026/
-
Phishing reclaims the top initial access spot, attackers experiment with AI tools
Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/
-
Phishing reclaims the top initial access spot, attackers experiment with AI tools
Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/
-
Phishing reclaims the top initial access spot, attackers experiment with AI tools
Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/
-
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
-
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
-
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
-
Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency
A British national tied to the Scattered Spider cybercrime group pleaded guilty to hacking multiple companies via SMS phishing and stealing over $8 million in virtual currency … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/british-national-scattered-spider-guilty-sms-phishing/
-
[Podcast] It’s not you, it’s your printer: State-sponsored and phishing threats in 2025
In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/podcast-its-not-you-its-your-printer-state-sponsored-and-phishing-threats-in-2025/
-
[Podcast] It’s not you, it’s your printer: State-sponsored and phishing threats in 2025
In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/podcast-its-not-you-its-your-printer-state-sponsored-and-phishing-threats-in-2025/
-
Phishing and MFA exploitation: Targeting the keys to the kingdom
In 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom/
-
Banken vermischt: Kuriose Phishing-Panne stiftet Verwirrung
Phisher haben es mal wieder auf Bankkunden abgesehen. Blöd nur, wenn sich von der Phishing-Mail niemand angesprochen fühlt. First seen on golem.de Jump to article: www.golem.de/news/banken-vermischt-kuriose-phishing-panne-stiftet-verwirrung-2604-207817.html
-
BSI warnt: Phishing-Attacken über Signal nehmen zu
Angreifer kapern regelmäßig Signal-Konten mittels Phishing. Beim BSI gibt es nun einen Leitfaden mit Handlungsempfehlungen für Betroffene. First seen on golem.de Jump to article: www.golem.de/news/bsi-warnt-phishing-attacken-ueber-signal-nehmen-zu-2604-207797.html
-
GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers
Hackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because compromising their accounts gives attackers direct access to source code CI/CD pipelines, and production workflows, making this a textbook supply-chain attack…
-
AI platform ATHR makes voice phishing a one-person job
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/20/athr-voice-phishing-ai-platform/
-
Neue Phishing-Welle nutzt Apple-Server für betrügerische Käufe
Eine neue Kampagne macht sich die automatisierten Sicherheitsmitteilungen von Apple zunutze, um gefälschte Benachrichtigungen über iPhone-Käufe zu versenden. Da die Nachrichten direkt über die offizielle Infrastruktur von Apple generiert werden, umgehen sie mühelos moderne Spam-Filter und täuschen selbst erfahrene Nutzer. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-welle-apple-server
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/

