Tag: phishing
-
Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure
Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this “crime-as-a-service” economy lowers the barrier to entry and gives low-skill attackers on-demand access to advanced capabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercrime-goes-saas-renting-tools-access-and-infrastructure/
-
Evilginx Attack Techniques Allow Hackers to Defeat MFA Through SSO Phishing
Tags: attack, authentication, credentials, cyber, framework, hacker, login, mfa, open-source, phishing, threatA sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18 universities to date, utilizes adversary-in-the-middle (AiTM) techniques to intercept login credentials and session cookies by mimicking legitimate single…
-
Evilginx Attack Techniques Allow Hackers to Defeat MFA Through SSO Phishing
Tags: attack, authentication, credentials, cyber, framework, hacker, login, mfa, open-source, phishing, threatA sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18 universities to date, utilizes adversary-in-the-middle (AiTM) techniques to intercept login credentials and session cookies by mimicking legitimate single…
-
Fake Calendly invites spoof top brands to hijack ad manager accounts
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-calendly-invites-spoof-top-brands-to-hijack-ad-manager-accounts/
-
Vaillant-CISO: “Starten statt Warten”
Tags: business, ciso, compliance, cyber, cyberattack, cyersecurity, dora, germany, group, international, mail, malware, nis-2, phishing, ransomware, resilience, risk, supply-chainRaphael Reiß, CISO bei Vaillant Group: “Ein moderner CISO muss nicht nur technologische Risiken managen.” Vaillant GroupDer Energiesektor gerät zunehmend in den Fokus von Cyberkriminellen. Aus Sicht von Experten und des Bundesamtes für Sicherheit in der Informationstechnik (BSI) muss der Schutz in diesem Bereich massiv erhöht werden. Wie beurteilen Sie die aktuelle Lage in Deutschland?Reiß:…
-
Vaillant-CISO: “Starten statt Warten”
Tags: business, ciso, compliance, cyber, cyberattack, cyersecurity, dora, germany, group, international, mail, malware, nis-2, phishing, ransomware, resilience, risk, supply-chainRaphael Reiß, CISO bei Vaillant Group: “Ein moderner CISO muss nicht nur technologische Risiken managen.” Vaillant GroupDer Energiesektor gerät zunehmend in den Fokus von Cyberkriminellen. Aus Sicht von Experten und des Bundesamtes für Sicherheit in der Informationstechnik (BSI) muss der Schutz in diesem Bereich massiv erhöht werden. Wie beurteilen Sie die aktuelle Lage in Deutschland?Reiß:…
-
The Hidden Calendar Threat Putting 4 Million Apple Devices at Risk
Hijacked calendar subscriptions are emerging as a stealthy new way for attackers to push phishing and malware directly onto devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/the-hidden-calendar-threat-putting-4-million-apple-devices-at-risk/
-
Phishing boomt (nicht nur) im Weihnachtsgeschäft
Gefälschte und mit Schadsoftware verseuchte E-Mails, SMS oder QR-Codes: Sicherheitstipps für Online-Shopping vor Weihnachten. In der Vorweihnachtszeit boomt der Onlinehandel, angeheizt durch Rabattwochen rund um »Black Friday« und »Cyber Monday«. Doch wo Verbraucherinnen und Verbraucher nach Schnäppchen suchen, lauern häufig auch Betrüger. Phishing zählt dabei laut dem aktuellen »Bundeslagebild Cybercrime« des Bundeskriminalamts (BKA) zu den……
-
Kevin Lancaster Joins the usecure Board to Accelerate North American Channel Growth
Tags: ceo, compliance, cyber, cybersecurity, dark-web, data, monitoring, msp, phishing, risk, risk-management, saas, trainingAbout Kevin Lancaster Kevin Lancaster is a leading channel expert and tech entrepreneur, best known as the founder of ID Agent, acquired by Kaseya, and as the CEO of Channel Program and BetterTracker. He has built and led channel programs that have driven billions in revenue, scaling cybersecurity and SaaS businesses across the MSP ecosystem.…
-
Kein Backup, kein Log Phisher lieben IdP”‘Lücken Rubrik Okta Recovery hält dagegen
First seen on security-insider.de Jump to article: www.security-insider.de/phisher-lieben-idpluecken-rubrik-okta-recovery-haelt-dagegen-a-9bb1046e86e02217e3eb8947bb2fd92b/
-
Sicherheitsprognosen 2026: Auf welche Phishing-Techniken sich Unternehmen vorbereiten sollten
Im Jahr 2025 prägten vor allem die Kombination aus KI, sich kontinuierlich weiterentwickelnden Phishing-as-a-Service (PhaaS)-Kits und immer ausgefeilteren Techniken zur Verbreitung von Phishing und zur Umgehung von Sicherheitsmaßnahmen die Phishing-Landschaft. Die Threat-Analysten von Barracuda gingen beispielsweise noch vor einem Jahr davon aus, dass PhaaS-Kits bis Ende 2025 für die Hälfte aller Angriffe mit dem Ziel,……
-
Scattered Lapsus$ Hunters Tied to Targeting of Zendesk Users
Uncovered: Typosquatted Domains Linked to Suspected Ransomware Group Campaign. Continuing its targeting of customer data, the cybercrime group Scattered Lapsus$ Hunters appears to be gearing up for large-scale attacks involving typosquatted domains that lead to phishing domains designed to steal Zendesk users’ valid credentials, warn security researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/scattered-lapsus-hunters-tied-to-targeting-zendesk-users-a-30166
-
Three Black Friday Scams to Watch Out For This Year
Darktrace observed a 620% spike in Black Friday-themed phishing in the weeks leading up to the 2025 edition of the sale day First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/three-black-friday-scams-2025/
-
Empathetic policy engineering: The secret to better security behavior and awareness
Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, trainingIn many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
-
Empathetic policy engineering: The secret to better security behavior and awareness
Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, trainingIn many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
-
620 % mehr Phishing-Angriffe am Black Friday
In der Woche vor Black Friday stiegen Phishing-Angriffe, die bekannte Einzelhändler wie Lindt, Rewe, Edeka oder Obi imitieren, um 54″¯Prozent. Amazon ist die am häufigsten imitierte Marke sie steht hinter 80″¯Prozent der untersuchten Phishing-Kampagnen. Darktrace warnt Konsumenten vor gefälschten »Schnäppchen-Mails« und gibt Tipps für sicheres Online-Shopping in der Feiertagssaison. Weitere Zunahme der Phishing-Aktivitäten um… First…
-
620 % mehr Phishing-Angriffe am Black Friday
In der Woche vor Black Friday stiegen Phishing-Angriffe, die bekannte Einzelhändler wie Lindt, Rewe, Edeka oder Obi imitieren, um 54″¯Prozent. Amazon ist die am häufigsten imitierte Marke sie steht hinter 80″¯Prozent der untersuchten Phishing-Kampagnen. Darktrace warnt Konsumenten vor gefälschten »Schnäppchen-Mails« und gibt Tipps für sicheres Online-Shopping in der Feiertagssaison. Weitere Zunahme der Phishing-Aktivitäten um… First…
-
Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites
Tags: phishingReliaQuest finds fresh crop of phishing domains and toxic tickets First seen on theregister.com Jump to article: www.theregister.com/2025/11/27/scattered_lapsus_hunters_zendesk/
-
Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites
Tags: phishingReliaQuest finds fresh crop of phishing domains and toxic tickets First seen on theregister.com Jump to article: www.theregister.com/2025/11/27/scattered_lapsus_hunters_zendesk/
-
OpenAI admits data breach after analytics partner hit by phishing attack
Tags: access, ai, api, attack, authentication, backdoor, breach, chatgpt, credentials, data, data-breach, email, governance, government, mfa, openai, password, phishing, riskName provided to OpenAI on the API account Email address associated with the API accountApproximate location based on API user browser (city, state, country)Operating system and browser used to access the API accountReferring websitesOrganization or User IDs associated with the API account”We proactively communicated with all impacted customers. If you have not heard from us directly,…
-
Black Friday 2025: Wenn Shopping-Fieber und KI-Betrug zusammenkommen
Die Webmail-Dienste Web.de und GMX meldeten rund um den Black Friday 2024 einen deutlichen Anstieg an Spam- und Phishing-Mails: zehn Prozent mehr als üblich. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/black-friday-2025-wenn-shopping-fieber-und-ki-betrug-zusammenkommen/a42990/
-
Nutzerdaten abgeflossen: Dienstleister von OpenAI fällt auf Phishing-SMS rein
Bei dem Webanalyse-Dienstleister Mixpanel sind durch eine Smishing-Attacke Daten abgeflossen. Das betrifft auch Nutzer des ChatGPT-Entwicklers OpenAI. First seen on golem.de Jump to article: www.golem.de/news/datenleck-openai-dienstleister-faellt-auf-phishing-sms-rein-2511-202663.html