Tag: phishing
-
Schatten-KI zwingt Sicherheitsverantwortliche zum Handeln
Der nächste große Sicherheitsvorfall beginnt möglicherweise nicht mit Malware oder einer Phishing-Mail. Er könnte mit einer Eingabeaufforderung starten und damit enden, dass ein KI-Agent Maßnahmen ergreift, die nie genehmigt wurden. Seit Jahren hält das Problem der Schatten-IT Sicherheitsverantwortliche auf Trab: Mitarbeitende setzen Cloud-Anwendungen ein, ohne dass diese von der IT-Abteilung genehmigt wurden. Die Schatten-KI folgt…
-
Phishing, sometimes with AI’s help, topped initial-access methods in Q1, Cisco says
Hackers can now spin up fake login pages without writing a single line of code. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/phishing-initial-access-ai-cisco/818185/
-
5 zentrale Schwachstellen gefährden die IT-Sicherheitslage im Mittelstand
Ransomware, Phishing, gestohlene Zugangsdaten: Cyberangriffe verursachen im Mittelstand regelmäßig spürbaren wirtschaftlichen Schaden. Der aktuelle ‘Cyber-Risikocheck für den Mittelstand” von Trufflepig IT-Forensics, dem spezialisierten Cybersecurity-Partner für den gehobenen Mittelstand und den öffentlichen Sektor im DACH-Raum, zeigt auf Basis von 273 realen Angriffssimulationen (Penetrationstests) in mittelständischen DACH-Unternehmen, wo sich Angreifern die vielversprechendsten Einfallstore bieten. Besonders relevant für…
-
Surge in Silent Subject Phishing Attacks Targets VIP Users
Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/silent-subject-phishing-campaigns/
-
IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist
Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q1-2026/
-
Phishing reclaims the top initial access spot, attackers experiment with AI tools
Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/
-
Phishing reclaims the top initial access spot, attackers experiment with AI tools
Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/
-
Phishing reclaims the top initial access spot, attackers experiment with AI tools
Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/
-
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
-
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
-
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
-
Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency
A British national tied to the Scattered Spider cybercrime group pleaded guilty to hacking multiple companies via SMS phishing and stealing over $8 million in virtual currency … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/british-national-scattered-spider-guilty-sms-phishing/
-
[Podcast] It’s not you, it’s your printer: State-sponsored and phishing threats in 2025
In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/podcast-its-not-you-its-your-printer-state-sponsored-and-phishing-threats-in-2025/
-
[Podcast] It’s not you, it’s your printer: State-sponsored and phishing threats in 2025
In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/podcast-its-not-you-its-your-printer-state-sponsored-and-phishing-threats-in-2025/
-
Phishing and MFA exploitation: Targeting the keys to the kingdom
In 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom/
-
Banken vermischt: Kuriose Phishing-Panne stiftet Verwirrung
Phisher haben es mal wieder auf Bankkunden abgesehen. Blöd nur, wenn sich von der Phishing-Mail niemand angesprochen fühlt. First seen on golem.de Jump to article: www.golem.de/news/banken-vermischt-kuriose-phishing-panne-stiftet-verwirrung-2604-207817.html
-
BSI warnt: Phishing-Attacken über Signal nehmen zu
Angreifer kapern regelmäßig Signal-Konten mittels Phishing. Beim BSI gibt es nun einen Leitfaden mit Handlungsempfehlungen für Betroffene. First seen on golem.de Jump to article: www.golem.de/news/bsi-warnt-phishing-attacken-ueber-signal-nehmen-zu-2604-207797.html
-
GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers
Hackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because compromising their accounts gives attackers direct access to source code CI/CD pipelines, and production workflows, making this a textbook supply-chain attack…
-
AI platform ATHR makes voice phishing a one-person job
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/20/athr-voice-phishing-ai-platform/
-
Neue Phishing-Welle nutzt Apple-Server für betrügerische Käufe
Eine neue Kampagne macht sich die automatisierten Sicherheitsmitteilungen von Apple zunutze, um gefälschte Benachrichtigungen über iPhone-Käufe zu versenden. Da die Nachrichten direkt über die offizielle Infrastruktur von Apple generiert werden, umgehen sie mühelos moderne Spam-Filter und täuschen selbst erfahrene Nutzer. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-welle-apple-server
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
In embracing device code phishing, attackers trick victims into handing over account access by using a service’s legitimate new-device login flow. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/tycoon-2fa-hackers-device-code-phishing
-
New Phishing Attack Turns n8n Into On-Demand Malware Machine
Hackers are abusing n8n workflows to deliver malware and evade detection, according to Cisco Talos, using trusted automation to bypass security defenses. The post New Phishing Attack Turns n8n Into On-Demand Malware Machine appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hackers-abuse-n8n-workflows-malware-delivery/
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Webinar: From phishing to fallout, Why MSPs must rethink both security and recovery
Cyberattacks are evolving faster than many MSP and corporate defenses can keep up, with phishing driving much of today’s cybercrime. Join our upcoming webinar to learn how to combine security and recovery strategies to reduce risk and maintain business continuity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-from-phishing-to-fallout-why-msps-must-rethink-both-security-and-recovery/