Tag: phishing
-
Hackers target Python devs in phishing attacks using fake PyPI site
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/
-
Threat Actors Use LNK Files to Deploy RedLoader Malware on Windows Systems
Sophos analysts have identified a novel infection chain employed by the financially motivated cybercriminal group GOLD BLADE, also known as RedCurl, Red Wolf, and Earth Kapre, to deploy their custom RedLoader malware on Windows systems. This group, active since 2018 and specializing in commercial espionage, has been observed using highly targeted phishing emails to infiltrate…
-
New Spear Phishing Attack Distributes VIP Keylogger Through Email Attachment
Threat actors have revived the sophisticated VIP keylogger malware, previously detailed in an earlier white paper for its use of spear-phishing and steganography to infiltrate systems and steal data from web browsers and user credentials. This iteration introduces an AutoIt-based injector to deploy the final payload, marking a shift from prior methods while maintaining core…
-
PyPI maintainers alert users to email verification phishing attack
PyPI warns of phishing emails from noreply@pypj[.]org posing as >>[PyPI] Email verification>[PyPI] Email verification
-
Security-Coach von KnowBe4 wird in Microsoft.Edge for Business integriert
wird in Microsoft-Edge for Business integriert und liefert Sicherheitshinweise in Echtzeit bei riskantem Benutzerverhalten. Da Browser-Sicherheitsbedrohungen zunehmen, sollten Cybersicherheitsexperten weltweit Maßnahmen zur Risikominderung in Betracht ziehen. So hat ein Bericht von Menlo Security einen Anstieg von 140 Prozent bei browserbasierten Phishing-Angriffen festgestellt. Die Integration von und Microsoft-Edge for Business nutzt native Sicherheitssignale, […] First seen…
-
Android Banking Malware Masquerades as Government Agencies to Attack Users
Tags: android, attack, banking, cyber, exploit, finance, government, intelligence, malware, phishingCyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android banking trojan dubbed RedHook, which disguises itself as legitimate applications from Vietnamese government and financial institutions to deceive users. This malware, first observed in the wild around January 2025, exploits phishing websites mimicking entities like the State Bank of Vietnam, Sacombank, Central Power Corporation,…
-
Unveiling 0bj3ctivityStealer’s Execution Chain: New Capabilities and Exfiltration Techniques Exposed
In the ever-evolving infostealer landscape, 0bj3ctivityStealer emerges as a formidable threat, blending advanced obfuscation with targeted data exfiltration. Discovered earlier this year by HP Wolf Security researchers, this .NET-based malware has been observed in proactive threat hunting by the Trellix Advanced Research Center, revealing a novel phishing-driven campaign. The infection initiates through spearphishing emails themed…
-
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites.The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the domain…
-
How attackers are still phishing “phishing-resistant” authentication
Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-attackers-are-still-phishing-phishing-resistant-authentication/
-
PyPI Alerts Developers to New Phishing Attack Using Fake PyPI Site
Python developers are being warned about a sophisticated phishing campaign targeting users of the Python Package Index (PyPI) through fraudulent emails and a deceptive clone of the official repository website. While PyPI’s infrastructure remains secure, attackers are exploiting developer trust by impersonating the legitimate service to harvest user credentials. Attack Details and Methodology The phishing…
-
Threat Actors Use Phishing to Target Belgian Grand Prix Fans and Teams
Cybersecurity experts have pointed to an increase in sophisticated threat actor activity following the July 27 2025 Belgian Grand Prix at Spa-Francorchamps, which takes advantage of the event’s worldwide attraction. Formula 1’s reliance on advanced telemetry systems, which process real-time data like tire thermodynamics and engine metrics for strategic optimization, positions teams as high-value targets…
-
Threat Actors Use Phishing to Target Belgian Grand Prix Fans and Teams
Cybersecurity experts have pointed to an increase in sophisticated threat actor activity following the July 27 2025 Belgian Grand Prix at Spa-Francorchamps, which takes advantage of the event’s worldwide attraction. Formula 1’s reliance on advanced telemetry systems, which process real-time data like tire thermodynamics and engine metrics for strategic optimization, positions teams as high-value targets…
-
Cyble Uncovers RedHook Android Trojan Targeting Vietnamese Users
Cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) have uncovered a new Android banking trojan called RedHook that is actively targeting Vietnamese mobile users. The malware is distributed via carefully crafted phishing sites impersonating trusted financial and government agencies. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/redhook-android-banking-trojan-exploiting/
-
Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance
CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten.In vielen Unternehmen stoßen IT-Sicherheitsrichtlinien auf Widerstand, da Mitarbeitende sie als hinderlich oder praxisfern empfinden. Dies erschwert die Umsetzung, untergräbt die Wirksamkeit und belastet die Zusammenarbeit zwischen der Sicherheitsabteilung und den Fachbereichen. Statt als Partner wird Cybersecurity oft als Bremser wahrgenommen ein fatales Sicherheitsrisiko. Für CISOs (Chief…
-
Endpoint-Security: Cyberresilienz als strategischer Imperativ
Unternehmen sind nur so stark wie ihr schwächster Endpunkt: Der 4-Punkte-Plan für effektive Endpoint-Security. Unternehmen sehen sich einem unerbittlichen Ansturm von Cyberbedrohungen ausgesetzt. Sie erleben Angriffe auf breiter Front von Servern über Cloud-Dienste bis hin zu APIs und Endgeräten. Das Arsenal der Cyberkriminellen ist mit hochentwickeltem Phishing und KI-gestützten Exploits bestens ausgestattet. Für… First seen…
-
Cyberresilienz als strategischer Imperativ
Unternehmen sind nur so stark wie ihr schwächster Endpunkt: Ein 4-Punkte-Plan für effektive Endpoint-Security. Unternehmen sehen sich einem unerbittlichen Ansturm von Cyber-Bedrohungen ausgesetzt. Sie erleben Angriffe auf breiter Front von Servern über Cloud-Dienste bis hin zu APIs und Endgeräten. Das Arsenal der Cyber-Kriminellen ist mit hochentwickeltem Phishing und KI-gestützten Exploits bestens ausgestattet. Für Unternehmen […]…
-
NPM ‘is’ Package with 2.8M Weekly Downloads Exploited in Attack on Developers
The popular npm package ‘is’, which has about 2.8 million weekly downloads, has been taken over by threat actors in a sophisticated escalation of a phishing effort that was first disclosed last Friday. The attack began with emails spoofing npm’s support@npmjs.org address, directing developers to a typosquatted domain, npnjs.com a near-identical proxy of the legitimate…
-
Secure eMail Gateways allein noch kein hinreichender Schutz vor Phishing
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/secure-email-gateways-unzureichend-schutz-phishing
-
Drastischer Anstieg von Phishing-Betrug zu Beginn der Sommersaison
Bereits im Mai 2025 wurden über 39000 neue Domains mit Urlaubsbezug registriert, von welchen jede 21. als bösartig oder verdächtig eingestuft wurde Cyber-Kriminelle zielen mit Phishing-Betrug auf Reiseliebhaber und Immobilienbesitzer ab, indem sie beliebte Plattformen wie Airbnb und Booking.com imitieren. Während die Sommerreisezeit in vollem Gange ist, folgen Cyber-Kriminelle den Menschenmassen online. Check Point […]…
-
Phishing lässt sich auch durch SecureMail-Gateways nicht aufhalten
Phishing hat sich zu einem der gefährlichsten Einfallstore moderner Cyberkriminalität entwickelt und dabei vor allem eines bewiesen: Anpassungsfähigkeit. Wo Unternehmen auf ausgereifte Schutzmaßnahmen wie Secure-E-Mail-Gateways (SEGs) setzen, nutzen Angreifer gezielt deren Schwächen aus. Die Angriffsmethoden werden immer raffinierter und dynamischer deshalb ist jetzt an der Zeit ist, über neue Verteidigungsstrategien nachzudenken. Wie […] First seen…
-
PoisonSeed Attack Turns Out to Be Not a FIDO Bypass After All
Cybersecurity firm Expel, in an update shared on July 25, 2025, said it’s retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device.”The evidence does show the targeted user’s credentials (username and password) being phished…
-
How Torq Is Rewiring SOCs With Autonomous Cyber Agents
CEO Omer Smadari: AI Agents Now Resolving Threat Cases at Scale with Accuracy. With its Revrod acquisition, Torq is pushing deeper into autonomous threat response. CEO Ofer Smadari outlines how AI-runbooks and autopilot tech such as Socrates are reducing human workloads and helping security teams scale amid rising alert volumes and phishing attacks. First seen…
-
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files
The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence.”The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems,” Arctic Wolf Labs said…
-
Hackers Exploit Google Forms to Trick Victims into Stealing Cryptocurrency
Cybercriminals are increasingly using Google Forms to plan cryptocurrency theft in a sophisticated evolution of phishing assaults, taking advantage of the platform’s built-in credibility and smooth integration with Google’s ecosystem. This tactic allows malicious actors to bypass traditional email security filters, delivering deceptive messages directly to victims’ inboxes. By masquerading as legitimate notifications from cryptocurrency…
-
Phishing Angriffe können auch Secure Email Gateways umgehen
Wo Unternehmen auf ausgereifte Schutzmaßnahmen wie Secure Email Gateways (SEGs) setzen, nutzen Angreifer gezielt deren Schwächen aus. Die Angriffsmethoden werden immer raffinierter und dynamischer deshalb ist jetzt an der Zeit ist, über neue Verteidigungsstrategien nachzudenken. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/phishing-angriffe-koennen-auch-secure-email-gateways-umgehen/a41505/
-
Phishing Attack Spoofs Facebook Login Page to Capture Credentials
Cybercriminals are using a variety of dishonest tactics in a sophisticated phishing effort aimed at Facebook users in order to obtain login information. The attack begins with a malicious redirect that leads victims to a fraudulent website mimicking legitimate Facebook interfaces. Here, users encounter a fake CAPTCHA prompt designed to appear as a standard security…
-
New CastleLoader Attack Uses Cloudflare-Themed Clickfix Method to Compromise Windows Systems
A newly identified loader malware dubbed CastleLoader has emerged as a significant threat since early 2025, rapidly evolving into a distribution platform for various information stealers and remote access trojans (RATs). Leveraging sophisticated phishing tactics under T1566 and drive-by compromise methods classified as T1189, attackers masquerade as legitimate software libraries, online meeting platforms like Google…
-
“Bleach Wasn’t Strong Enough: Clorox Sues Cognizant After Help Desk Allegedly Gave Away Passwords to Hackers”
Clorox is suing IT giant Cognizant, claiming their help desk handed over employee passwords to hackers, no phishing, no malware”¦ just gave them away. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/bleach-wasnt-strong-enough-clorox-sues-cognizant-after-help-desk-allegedly-gave-away-passwords-to-hackers/
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…