Tag: phishing

CrowdStrike to add browser security to Falcon with Seraphic acquisition

Jan 14, 2026 7:11 PM

Tags: ai, attack, control, crowdstrike, data, endpoint, phishing, risk, technology, tool

Gen AI altering browser risk: Generative AI has fundamentally altered the browser risk profile. Gogia noted that the browser is now a bidirectional data exchange, where employees routinely feed sensitive context into AI systems. Most of this activity happens outside formal enterprise governance. Copying internal data into AI prompts, uploading files for summarisation, or using…
Cybercrime Inc.: When hackers are better organized than IT

Jan 14, 2026 7:11 PM

Tags: access, ai, attack, automation, awareness, botnet, breach, business, communications, compliance, computing, control, corporate, credentials, crime, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, exploit, finance, group, hacker, healthcare, incident response, intelligence, jobs, leak, malicious, malware, marketplace, network, organized, phishing, programming, ransom, ransomware, resilience, risk, service, social-engineering, software, supply-chain, technology, tool, training, update, vulnerability

Ransomware-as-a-service: The Amazon of crime: The ransomware-as-a-service (RaaS) model has also revolutionized the cybercrime business. Criminal groups offer their malware like a software product. Attackers can license the code, select targets, and launch attacks, all without in-depth programming knowledge. The operator receives a commission for this.Thus, a marketplace developed where services, tools, and data are traded like…
Microsoft seizes RedVDS infrastructure, disrupts fast-growing cybercrime marketplace

Jan 14, 2026 7:11 PM

Tags: attack, credentials, cybercrime, infrastructure, marketplace, microsoft, phishing, service, theft, tool

The service became a prolific tool for cybercriminals in the past year, as it facilitated thousands of attacks involving credential theft, account takeovers, mass phishing and payment diversion fraud. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-seizes-disrupts-redvds-cybercrime-marketplace/
ConsentFix debrief: Insights from the new OAuth phishing attack

Jan 14, 2026 7:11 PM

Tags: attack, microsoft, phishing

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/consentfix-debrief-insights-from-the-new-oauth-phishing-attack/
Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft

Jan 14, 2026 7:11 PM

Tags: ai, attack, crime, cyber, fraud, microsoft, phishing, service

RedVDS cyber-crime-as-a-service platform powering phishing, BEC attacks and other fraud has cost victims millions First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/criminal-subscription-service/
Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs

Jan 14, 2026 7:11 PM

Tags: attack, credentials, exploit, finance, hacker, monitoring, phishing, tool

Phishing attacks have been identified using fake PayPal alerts to exploit remote monitoring and management tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-fake-paypal-notices-deploy/
Interrail warnt vor Datenleck: Ausweisdaten zahlreicher Bahnreisender abgeflossen

Jan 14, 2026 7:11 PM

Tags: data-breach, phishing

Persönliche Daten von Eurail- und Interrail-Kunden sind in die Hände von Angreifern gelangt. Es drohen Phishing-Versuche. First seen on golem.de Jump to article: www.golem.de/news/interrail-warnt-vor-datenleck-ausweisdaten-zahlreicher-bahnreisender-abgeflossen-2601-204175.html
Cyber Fraud Takes the Lead: What the Shift Away From Ransomware Signals for Enterprises

Jan 14, 2026 1:01 AM

Tags: business, cyber, cybersecurity, email, fraud, identity, phishing, ransomware, risk, scam

A new global assessment shows that cyber fraud has overtaken ransomware as the top cybersecurity concern for business leaders, driven by a sharp rise in phishing, business email compromise, and identity-based scams, according to the World Economic Forum. While ransomware continues to pose a serious risk, this shift highlights a critical change in attacker behavior.…
Cybersecurity risk will accelerate this year, fueled in part by AI, says World Economic Forum

Jan 13, 2026 11:02 PM

Tags: ai, attack, automation, business, ceo, ciso, control, country, cryptography, cyber, cybercrime, cybersecurity, data, detection, exploit, finance, framework, fraud, governance, healthcare, incident, infrastructure, international, middle-east, phishing, ransomware, resilience, risk, service, skills, software, strategy, supply-chain, technology, threat, tool, vulnerability

AI is anticipated to be the most significant driver of change in cybersecurity in 2026, according to 94% of survey respondents;87% of respondents said AI-related vulnerabilities had increased in the past year. Other cyber risks that had increased were (in order) cyber-enabled fraud and phishing, supply chain disruption, and exploitation of software vulnerabilities;confidence in national cyber…
Convincing LinkedIn comment-reply tactic used in new phishing

Jan 13, 2026 6:02 PM

Tags: linkedin, phishing, scam

Scammers are flooding LinkedIn posts with fake “reply” comments that appear to come from the platform, warning of bogus policy violations and urging users to click external links. Some even abuse LinkedIn’s official lnkd.in shortener, making the phishing attempts harder to spot. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/convincing-linkedin-comment-reply-tactic-used-in-new-phishing/
Attackers Abuse Python, Cloudflare to Deliver AsyncRAT

Jan 13, 2026 6:02 PM

Tags: cloud, detection, open-source, phishing, service, tool

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/attackers-abuse-python-cloudflare-deliver-asyncrat
Phishing Scams Exploit Browserthe-Browser Attacks to Steal Facebook Passwords

Jan 13, 2026 4:02 PM

Tags: attack, credentials, cybersecurity, exploit, login, password, phishing, scam

Cybersecurity researchers issue warning over a surge in attacks designed to trick Facebook users into handing over login credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-scams-exploit-browser/
Browserthe-Browser phishing is on the rise: Here’s how to spot it

Jan 13, 2026 2:01 PM

Tags: attack, phishing

Browser-in-the-Browser (BitB) phishing attacks are on the rise, with attackers reviving and refining the technique to bypass user skepticism and traditional security controls. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/13/browser-in-the-browser-bitb-phishing/
Driving Passwordless Adoption with FIDO and Biometric Authentication

Jan 13, 2026 12:01 PM

Tags: access, attack, authentication, awareness, banking, breach, business, cloud, compliance, container, control, credentials, cyber, data, defense, fido, finance, fraud, government, Hardware, iam, identity, insurance, login, mobile, passkey, password, phishing, risk, service, technology, threat, training

Driving Passwordless Adoption with FIDO and Biometric Authentication madhav Tue, 01/13/2026 – 06:13 For decades, passwords have been the default mechanism for securing digital access. They are deeply embedded in enterprise systems and workflows, yet they were never designed to withstand today’s threat landscape. Cybersecurity Sarah Lefavrais – IAM Product Marketing Manager More About This…
Top 10 vendors for AI-enabled security, according to CISOs

Jan 13, 2026 9:01 AM

Tags: access, ai, api, attack, automation, business, ceo, cisco, ciso, cloud, container, crowdstrike, cybersecurity, data, detection, edr, email, encryption, endpoint, firewall, gartner, google, governance, group, ibm, identity, incident response, intelligence, jobs, mandiant, microsoft, monitoring, network, openai, phishing, ransomware, risk, risk-assessment, service, siem, soar, soc, social-engineering, software, startup, technology, threat, tool, vmware, vulnerability, waf, zero-trust

2. Microsoft: Why they’re here: Similar to Cisco, Microsoft is embedded in virtually every enterprise, and is also a vendor that has marshalled its considerable resources to build an AI-powered security ecosystem. The platform includes Microsoft Defender for securing cloud environments, Microsoft Sentinel for cloud-native SIEM, Microsoft Purview for data governance, Microsoft Intune for endpoint…
Hackers Exploit Browserthe-Browser Trick to Hijack Facebook Accounts

Jan 13, 2026 9:01 AM

Tags: authentication, credentials, cyber, exploit, hacker, login, phishing, social-engineering, theft, windows

Facebook’s massive 3 billion active users make it an attractive target for sophisticated phishing campaigns. As attackers grow more inventive, a hazardous technique is gaining traction: the >>Browser-in-the-Browser<< (BitB) attack. This advanced social engineering method creates custom-built fake login pop-ups that are nearly indistinguishable from legitimate authentication windows, enabling credential theft on an unprecedented scale.…
How GenAI Is Aiding a Rise in Identity-Based Threats

Jan 12, 2026 11:01 PM

Tags: ai, attack, ciso, defense, identity, monitoring, phishing, threat, training, usa

Thales CISO Eric Liebowitz Outlines Urgent Defenses for AI-Driven Phishing Threats. The shift from brute-force attacks to AI-powered phishing is creating tougher challenges for defenders. Thales CISO, Americas, Eric Liebowitz says combining employee training with behavioral monitoring and AI guardrails is essential to mitigate identity risk. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/how-genai-aiding-rise-in-identity-based-threats-a-30493
FBI Flags Quishing Attacks From North Korean APT

Jan 12, 2026 11:01 PM

Tags: apt, attack, email, government, group, north-korea, phishing, qr, threat

A state-sponsored threat group tracked as Kimsuky sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/fbi-quishing-attacks-north-korean-apt
Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users

Jan 12, 2026 8:02 PM

Tags: access, attack, breach, crypto, data, data-breach, fintech, hacker, phishing, scam, social-engineering

Hackers gained access to some Betterment customers’ personal information through a social engineering attack, then targeted some of them with a crypto-related phishing message. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/12/fintech-firm-betterment-confirms-data-breach-after-hackers-send-fake-crypto-scam-notification-to-users/
377,000 Affected in Texas Gas Station Operator Breach

Jan 12, 2026 6:02 PM

Tags: attack, breach, data, data-breach, phishing, service

A phishing attack at Texas fuel operator Gulshan Management Services exposed personal data of more than 377,000 individuals. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/377000-affected-in-texas-gas-station-operator-breach/
Web3 Dev Environments Hit by Fake Interview Software Scam

Jan 12, 2026 6:02 PM

Tags: attack, crypto, cyber, email, jobs, phishing, scam, software, threat

Web3 and cryptocurrency developers are facing a new wave of targeted attacks driven not by cold outreach, but by carefully engineered “inbound” traps. Instead of chasing victims through phishing emails or unsolicited Telegram messages, threat actors are now building fake companies, posting appealing job openings, and waiting for high-value targets to walk into their infrastructure.…
Instagram Denies Breach After Password Reset Emails Alarm Users

Jan 12, 2026 4:02 PM

Tags: breach, email, password, phishing

Instagram says no breach occurred after attackers abused its password reset system, underscoring how trusted features can still enable phishing risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/instagram-denies-breach-after-password-reset-emails-alarm-users/
World Economic Forum: Cyber-fraud overtakes ransomware as business leaders’ top cyber-security concern

Jan 12, 2026 4:02 PM

Tags: business, cyber, cybersecurity, fraud, phishing, ransomware, scam, threat

“Pervasive” threat of phishing, invoice scams and other cyber-enabled fraud is at “record highs”, warns WEF Cybersecurity Outlook 2026 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fraud-overtakes-ransomware-as-top/
Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign

Jan 12, 2026 12:02 PM

Tags: access, apt, attack, awareness, cctv, china, communications, computer, control, defense, detection, email, encryption, endpoint, espionage, framework, government, group, india, intelligence, iran, malware, military, network, phishing, russia, rust, threat, tool, training

Rust offers evasion advantages: CloudSEK researchers said RustyWater was developed in Rust, which they said is increasingly used by malware authors for its memory safety features and cross-platform capabilities, according to the blog post. Other state-sponsored groups, including Russia’s Gossamer Bear and China-linked actors, have also deployed Rust-based malware in recent campaigns, according to security…
Fake Employee Performance Reports Deliver Guloader Malware

Jan 12, 2026 9:01 AM

Tags: cyber, email, malware, phishing, rat, threat

Organizations are being warned about a new phishing campaign that weaponizes fake employee performance reports to deploy the Guloader malware and ultimately install Remcos RAT on compromised systems. In the observed cases, threat actors send phishing emails that purport to share an employee performance report for October 2025. The email body claims that management is…
North Korealinked APT Kimsuky behind quishing attacks, FBI warns

Jan 10, 2026 6:02 PM

Tags: apt, attack, email, government, group, malicious, phishing, qr, spear-phishing

FBI warns that North Korealinked APT group Kimsuky is targeting governments, think tanks, and academic institutions with quishing attacks. North Korealinked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns. >>As of 2025, Kimsuky actors have targeted think tanks, academic…
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Jan 10, 2026 1:01 PM

Tags: finance, iran, malicious, middle-east, phishing, rat, rust, spear-phishing, threat

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.”The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular First seen…
Cybercriminals Exploit Maduro Arrest News to Spread Backdoor Malware

Jan 10, 2026 7:01 AM

Tags: attack, backdoor, cyber, cybercrime, email, exploit, malicious, malware, phishing, social-engineering, spear-phishing, threat

Cybercriminals are leveraging reports of Venezuelan President NicolÃ¡s Maduro’s arrest on January 3, 2025, to distribute backdoor malware through a sophisticated social engineering campaign. Security researchers at Darktrace have uncovered a malicious operation that exploits this high-profile geopolitical event to compromise unsuspecting victims. Attack Method The threat actors likely used spear-phishing emails containing a ZIP…
QR codes a powerful new phishing weapon in hands of Pyongyang cyberspies

Jan 9, 2026 6:01 PM

Tags: cloud, login, phishing, qr

State-backed attackers are using QR codes to slip past enterprise security and help themselves to cloud logins, the FBI says First seen on theregister.com Jump to article: www.theregister.com/2026/01/09/pyongyangs_cyberspies_are_turning_qr/
Email security needs more seatbelts: Why click rate is the wrong metric

Jan 9, 2026 5:01 PM

Tags: access, email, metric, phishing, risk

Click rate misses the real email security risk: what attackers can do after they access a mailbox. Material Security explains why containment and post-compromise impact matter more than phishing metrics. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/email-security-needs-more-seatbelts-why-click-rate-is-the-wrong-metric/