Tag: phishing
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
Iran-Nexus Hackers Exploit Omani Mailbox to Target Governments
Tags: authentication, communications, cyber, exploit, government, group, hacker, intelligence, iran, mfa, phishing, spear-phishingA sophisticated spear-phishing campaign that exploited a compromised mailbox belonging to the Ministry of Foreign Affairs of Oman. The operation, attributed to an Iranian-aligned group known as Homeland Justice and linked to Iran’s Ministry of Intelligence and Security (MOIS), masqueraded as legitimate multi-factor authentication (MFA) communications to infiltrate governments and diplomatic missions around the world.…
-
Passwortlose Authentifizierung – Passkeys statt Passwörter und Phishing
First seen on security-insider.de Jump to article: www.security-insider.de/phishing-resistente-authentifizierung-mit-passkeys-a-a70693ea03d2b39e3ef7fe9624486582/
-
Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats
The post Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/beyond-phishing-iranian-aligned-group-abuses-omani-mailbox-to-spy-on-diplomats/
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware
A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign…. First seen on hackread.com Jump to article: hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
facebook: Vorgetäuschte Kontosperrung als Phishing-Attacke
Tags: phishingFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/facebook-taeuschung-kontosperrung-phishing-attacke
-
North Korea’s APT37 deploys RokRAT in new phishing campaign against academics
ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter…
-
Phishing Campaign Exploits Ads to Breach Hotel Property Management Systems
A sophisticated malvertising campaign has emerged that specifically targets hoteliers and vacation rental operators by impersonating well-known service providers. Okta Threat Intelligence reports that attackers have used malicious search engine advertisements”, particularly sponsored ads on Google Search”, to lure unsuspecting hospitality professionals to counterfeit login portals. The ultimate goal: harvesting credentials for cloud-based property management…
-
Hackers Exploit Email Marketing Platforms to Deliver Hidden Malware
Tags: cyber, defense, email, exploit, hacker, incident response, infrastructure, intelligence, malicious, malware, phishing, threatIn recent months, Trustwave SpiderLabs”, a LevelBlue company renowned for its threat intelligence and incident response services”, has observed a marked uptick in phishing campaigns that leverage legitimate email marketing platforms to cloak malicious links. By hijacking established infrastructure and URL redirectors, attackers are evading traditional defenses and duping recipients into divulging sensitive information. To…
-
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT.The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures First seen…
-
Phishing as a Service 2.0: The Franchise Model of Cybercrime
The Golden Arches of Malice When you think of franchising, you probably picture McDonald’s, Starbucks, or Subway, not cybercriminals. But the uncomfortable truth is that modern cybercrime looks a lot less like “lone hacker in a hoodie” and a lot more like fast food chains. Instead of flipping burgers, they’re flipping login pages. Instead… First…
-
Starker Anstieg der Cyberangriffe auf den Bildungssektor
Sicherheitsanbieter Check Point warnt vor einem starken Anstieg von Cyber-Angriffen im Bildungssektor: Weltweit um 41 Prozent, in Deutschland sogar plus 56 Prozent. Bildungseinrichtungen verzeichnen im Schnitt mehr als 4300 Angriffe pro Woche, getrieben von saisonalen Phishing-Kampagnen zum Schul- und Semesterstart. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/31/starker-anstieg-der-cyberangriffe-auf-den-bildungssektor/
-
Google Urges 2.5B Gmail Users to Reset Passwords After Salesforce Breach
A sophisticated voice phishing operation has emerged as a significant threat to organizations worldwide, with cybercriminals successfully infiltrating Salesforce environments to steal sensitive data and demand ransom payments. Google’s Threat Intelligence Group has identified this financially motivated campaign, designating the primary threat cluster as UNC6040, which has demonstrated alarming success in breaching corporate networks through…
-
North Korean Hackers Weaponize Seoul Intelligence Files to Target South Koreans
Pyongyang-backed hacking group APT37 leveraged an internal South Korean intelligence briefing in a spear phishing campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-apt37-spear-phishing/
-
Attackers use >>Contact Us<< forms and fake NDAs to phish industrial manufacturing firms
A recently uncovered phishing campaign carefully designed to bypass security defenses and avoid detection by its intended victims is targeting firms in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/29/phishing-manufacturing-supply-chain/
-
News alert: SquareX finds browser flaw undermining passkeys while exposing banking and SaaS apps
Palo Alto, Calif., Aug. 28, 2025, CyberNewswire, It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/news-alert-squarex-finds-browser-flaw-undermining-passkeys-while-exposing-banking-and-saas-apps/
-
Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33
It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over 15 billion accounts have been passkey-enabled, with 69%…
-
115.000 Phishing-Emails in einer Woche versendet
Tags: awareness, best-practice, cyber, email, google, infrastructure, mail, phishing, saas, softwareEine neue Art des Phishings breitet sich aus. Sie setzt dabei auf bewährte Marken, unaufgeklärte Mitarbeitende und ungeschützte Kanäle.Laut Google nutzen 40 Millionen Lehrer und Schüler weltweit Google Classroom, um Leistungsnachweise, Schulaufgaben und Lehrmaterial bereitzustellen. Da die Software weit verbreitet ist, wird sie attraktiv für Cyberkriminelle. Eine immer noch aktive, weltweite auftretende Kampagne hat der…
-
The CISO succession crisis: why companies have no plan and how to change that
The technical-to-strategic divide: One major obstacle keeping many mid-level security pros from becoming CISOs isn’t their tech skills, it’s learning to shift from doing hands-on security work to acting as strategic business partners. That change takes a whole new set of skills and a different way of thinking.”I think you see this with a lot…
-
‘ZipLine’ Phishers Flip Script as Victims Email First
ZipLine appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/zipline-phishers-victims-email-first
-
China Hijacks Captive Portals to Spy on Asian Diplomats
The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-hijacks-captive-portals-spy-asian-diplomats
-
TDL001 – Cybersecurity Explained: Privacy, Threats, and the Future – Chester Wisniewski
Tags: access, ai, attack, backdoor, breach, business, ciso, computer, country, crime, crimes, cyber, cybercrime, cybersecurity, data-breach, defense, detection, edr, email, finance, firewall, gartner, government, guide, hacker, hacking, Hardware, infosec, Internet, jobs, linkedin, mail, malicious, microsoft, military, monitoring, network, password, phishing, phone, privacy, programming, ransomware, risk, russia, scam, skills, software, sophos, spam, sql, strategy, switch, technology, threat, update, virus, vulnerability, wifi, windowsSummary “The Defenders Log” Episode 1 features host David Redekop and guest Chet Wisniewski discussing the dynamic world of cybersecurity. Wisniewski, with decades of experience, traces his journey from early BBS and phone network exploration to becoming a cybersecurity expert. They delve into the evolution of hacking, the emergence of profitable cybercrime like email spam,…
-
Google Data Breach Sparks Phishing Wave Targeting Gmail Users
A Google Salesforce breach exposed business data, fueling phishing scams against Gmail users. Learn what happened and how to protect your account. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/google-data-breach-targets-gmail/
-
Phishing Emails Are Now Aimed at Users and AI Defenses.
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/phishing-emails-are-now-aimed-at-users-and-ai-defenses/
-
Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025.These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under…