Tag: phishing
-
KnowBe4 warns of new PayPal invoice phishing scam
Security awareness firm KnowBe4 has issued a warning about a new PayPal themed phishing scam that uses real PayPal email addresses to trick victims into handing over sensitive financial information. The scam begins when victims receive an email from a legitimate PayPal domain containing an invoice for a large purchase they never made. The The…
-
Cyberattackers Target LastPass, Top Password Managers
Be aware: a rash of phishing campaigns are leveraging the anxiety and trust employees have in password vaults securing all of their credentials. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cyberattackers-target-lastpass-password-managers
-
Bad sushi: China-nexus phishers shift to residential proxies
Earlier this year, Spamhaus researchers observed a major shift in phishing targeting Japan. Starting in April, a China-nexus threat actor began using residential proxy networks to send phishing emails instead of subnets at China Telecom and China Unicom. This blog explores the campaign’s origins and countermeasures against residential proxy-enabled spam. First seen on securityboulevard.com Jump…
-
Bad sushi: China-nexus phishers shift to residential proxies
Earlier this year, Spamhaus researchers observed a major shift in phishing targeting Japan. Starting in April, a China-nexus threat actor began using residential proxy networks to send phishing emails instead of subnets at China Telecom and China Unicom. This blog explores the campaign’s origins and countermeasures against residential proxy-enabled spam. First seen on securityboulevard.com Jump…
-
Many IT leaders click phishing links, and some don’t report them
A new survey shines light on the security practices and AI fears of IT leaders and their subordinates. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/phishing-it-leaders-ai-arctic-wolf/802976/
-
Many IT leaders click phishing links, and some don’t report them
A new survey shines light on the security practices and AI fears of IT leaders and their subordinates. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/phishing-it-leaders-ai-arctic-wolf/802976/
-
Fehleinschätzungen, Phishing und riskante KI-Nutzung der Mensch bleibt größtes Sicherheitsrisiko
Der diesjährige Human-Risk-Report 2025 von Arctic Wolf, einem weltweit führenden Anbieter von Security-Operations, zeigt deutlich: Der ‘Faktor Mensch” bleibt eine der größten Schwachstellen in der Cybersicherheitsstrategie von Unternehmen weltweit. Die zum zweiten Mal durchgeführte Studie legt offen, wie Fehleinschätzungen, riskantes Verhalten und mangelnde Awareness die Angriffsfläche von Organisationen massiv erweitern. Mit zunehmender Bedrohungsaktivität und wachsender…
-
Phishing Alert: Fake ‘LastPass Hack’ Emails Spreading Malware
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry the alarming subject line “We Have Been Hacked Update Your LastPass Desktop App to Maintain Vault Security.” In reality, LastPass has not been compromised;…
-
Phishing Alert: Fake ‘LastPass Hack’ Emails Spreading Malware
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry the alarming subject line “We Have Been Hacked Update Your LastPass Desktop App to Maintain Vault Security.” In reality, LastPass has not been compromised;…
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
LastPass Warns Customers It Has Not Been Hacked Amid Phishing Email Scam
LastPass warns customers it has not been breached, after phishing emails falsely claim a hack and urge users to update their desktop app First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lastpass-not-hacked-phishing-email/
-
New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data
The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake ‘payment lures’ and urgent security alerts to trick victims into calling a fraudulent support number. First seen on hackread.com Jump to article: hackread.com/tech-support-scam-microsoft-logo-browser-lock-data/
-
New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data
The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake ‘payment lures’ and urgent security alerts to trick victims into calling a fraudulent support number. First seen on hackread.com Jump to article: hackread.com/tech-support-scam-microsoft-logo-browser-lock-data/
-
Datenleck bei Mango: Angreifer erbeutet Kundendaten von großem Modekonzern
Kundendaten des Modekonzerns Mango sind in die Hände eines Angreifers gelangt. Betroffene sollten sich auf Phishing-Angriffe einstellen. First seen on golem.de Jump to article: www.golem.de/news/datenleck-bei-modekonzern-angreifer-erbeutet-kundendaten-von-mango-2510-201229.html
-
New Phishing Technique Targets Users via Basic Auth URLs
Netcraft recently uncovered a suspicious URL targeting GMO Aozora Bank, a Japanese financial institution. The URL leveraged a legacy web technique”, Basic Authentication URL formatting”, to visually impersonate the bank and deceive customers. This discovery prompted a broader review of phishing activity that still relies on this old but effective technique, exposing how threat actors…
-
New Phishing Technique Targets Users via Basic Auth URLs
Netcraft recently uncovered a suspicious URL targeting GMO Aozora Bank, a Japanese financial institution. The URL leveraged a legacy web technique”, Basic Authentication URL formatting”, to visually impersonate the bank and deceive customers. This discovery prompted a broader review of phishing activity that still relies on this old but effective technique, exposing how threat actors…
-
Datenleck bei Modekonzern: Angreifer erbeutet Kundendaten von Mango
Kundendaten des Modekonzerns Mango sind in die Hände eines Angreifers gelangt. Betroffene sollten sich auf Phishing-Angriffe einstellen. First seen on golem.de Jump to article: www.golem.de/news/datenleck-bei-modekonzern-angreifer-erbeutet-kundendaten-von-mango-2510-201229.html
-
‘Die meisten Unternehmen sind schlecht auf Cyberattacken vorbereitet”
Markus Weber ist Gründer und Geschäftsführer der IT-Beratungsfirma dokuworks. dokuworks GmbHHerr Weber, als Krisenmanager werden Sie ja oft erst ins Unternehmen geholt, wenn der Angriff schon passiert ist. Was sind die ersten Schritte?Weber: Wir überprüfen zunächst einmal, ob aus technischer Sicht die wichtigsten Maßnahmen getroffen wurden. Dazu gehört zum Beispiel, dass die IT-Systeme vom Netz…
-
‘Die meisten Unternehmen sind schlecht auf Cyberattacken vorbereitet”
Markus Weber ist Gründer und Geschäftsführer der IT-Beratungsfirma dokuworks. dokuworks GmbHHerr Weber, als Krisenmanager werden Sie ja oft erst ins Unternehmen geholt, wenn der Angriff schon passiert ist. Was sind die ersten Schritte?Weber: Wir überprüfen zunächst einmal, ob aus technischer Sicht die wichtigsten Maßnahmen getroffen wurden. Dazu gehört zum Beispiel, dass die IT-Systeme vom Netz…
-
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified as Katz Stealer Loader for its role in deploying the Katz Stealer infostealer, this loader now supports AsyncRAT, XWorm, FormBook and DCRat payloads through an evasive…
-
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified as Katz Stealer Loader for its role in deploying the Katz Stealer infostealer, this loader now supports AsyncRAT, XWorm, FormBook and DCRat payloads through an evasive…
-
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified as Katz Stealer Loader for its role in deploying the Katz Stealer infostealer, this loader now supports AsyncRAT, XWorm, FormBook and DCRat payloads through an evasive…
-
Phishing training needs a new hook, here’s how to rethink your approach
Tags: ai, attack, authentication, computer, cybersecurity, detection, metric, mfa, mobile, phishing, risk, threat, training, vulnerabilityPhishing training offers minimal benefits: Grant Ho, assistant professor of computer science at The University of Chicago collaborated with UC San Diego and UC San Diego Health to evaluate the efficacy of annual training and embedded phishing training. In their research, they analyzed how approximately 20,000 employees at UCSD Health handled simulated phishing campaigns across…
-
Banking-Betrug weltweit um 65 Prozent gestiegen
Die Bedrohung durch digitalen Finanzbetrug erreicht neue Dimensionen. Laut dem aktuellen 2025 Global Scams Report des Sicherheitsanbieters BioCatch ist die Zahl der Betrugsversuche im vergangenen Jahr um 65 Prozent gestiegen. Voice-Phishing-Angriffe (Vishing) haben sich dabei verdoppelt, SMS-basierte Phishing-Attacken nahmen sogar um das Zehnfache zu. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/banking-betrug-weltweit-um-65-prozent-gestiegen
-
Banking-Betrug weltweit um 65 Prozent gestiegen
Die Bedrohung durch digitalen Finanzbetrug erreicht neue Dimensionen. Laut dem aktuellen 2025 Global Scams Report des Sicherheitsanbieters BioCatch ist die Zahl der Betrugsversuche im vergangenen Jahr um 65 Prozent gestiegen. Voice-Phishing-Angriffe (Vishing) haben sich dabei verdoppelt, SMS-basierte Phishing-Attacken nahmen sogar um das Zehnfache zu. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/banking-betrug-weltweit-um-65-prozent-gestiegen
-
Fake LastPass, Bitwarden breach alerts lead to PC hijacks
An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/
-
Whisper 2FA Behind One Million Phishing Attempts Since July
Whisper 2FA is now one of the most active PhaaS tools alongside Tycoon and EvilProxy, responsible for one million attacks since July 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/whisper-2fa-behind-1m-phishing/
-
Whisper 2FA Behind One Million Phishing Attempts Since July
Whisper 2FA is now one of the most active PhaaS tools alongside Tycoon and EvilProxy, responsible for one million attacks since July 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/whisper-2fa-behind-1m-phishing/