Tag: phishing
-
KI-Agenten im Visier: Die nächste Generation des Phishings bedroht autonome digitale Assistenten
Während Unternehmen und Privatpersonen ihre Abwehrmechanismen gegen traditionelle Phishing-Angriffe stetig verbessern, zeichnet sich am Horizont eine neue, möglicherweise noch gefährlichere Bedrohung ab: Die gezielte Manipulation und die Übernahme von KI-Agenten. Diese autonomen digitalen Assistenten, die im Namen ihrer Nutzer handeln und Zugriff auf sensible Konten und Systeme haben, könnten in naher Zukunft zur Achillesferse der……
-
Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong
Graham warns why it is high time we said goodbye to 2G – the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at once. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-427/
-
Department of Education Site Mimicked in Phishing Scheme
Tags: phishingAn ongoing phishing campaign is using fake versions of the department’s G5 grant portal, taking advantage of political turmoil associated with the DoE’s 1,400 layoffs. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/department-of-education-site-phishing-scheme
-
Phishing-Simulationen: Falsche interne E-Mails erzielen bei KnowBe4-Untersuchung die meisten Klicks
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/phishing-simulationen-faelschung-interne-e-mails-knowbe4-untersuchung-meiste-klicks
-
Microsoft Most Phished Brand in Q2 2025, Check Point Research
Microsoft was the most impersonated brand in phishing attacks during Q2 2025, accounting for 25% of all attempts, according to Check Point Research. First seen on hackread.com Jump to article: hackread.com/microsoft-most-phished-brand-q2-2025-check-point/
-
Phishing campaign targets U.S. Department of Education’s G5 portal
Tags: phishingA new phishing campaign is targeting users of the U.S. Department of Education’s G5 portal, a site used by educational institutions and vendors to manage grants and federal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/23/us-education-department-phishing-g5/
-
Phishing simulations: What works and what doesn’t
Phishing is one of the oldest and most effective technique used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/23/phishing-simulations-effectiveness-in-organizations/
-
Operation CargoTalon Targets Russian Aerospace Defense to Deploy EAGLET Implant
SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транÑÐ¿Ð¾Ñ€Ñ‚Ð½Ð°Ñ Ð½Ð°ÐºÐ»Ð°Ð´Ð½Ð°Ñ (TTN) logistics documents, critical for Russian supply chains. Discovered on June 27 via VirusTotal hunting, the campaign employs a malicious EML…
-
Malware Injected into 7 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers’ npm tokens.The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub…
-
Russian Threat Actors Target NGOs with New OAuth Phishing Tactics
A new wave of phishing attacks exploiting Microsoft 365 OAuth tools has been observed impersonating diplomats to steal access codes First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-hackers-target-ngos-oauth/
-
BforeAI Identifies Phishing Campaign Using Same Infrastructure Across Multiple Domains
BforeAI today disclosed the discovery of a phishing campaign that is leveraging the same core infrastructure to spoof multiple domains. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/bforeai-identifies-phishing-campaign-using-same-infrastructure-across-multiple-domains/
-
Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack
Tags: attack, authentication, credentials, detection, github, malicious, mfa, phishing, rce, remote-code-execution, supply-chain, updateAutomated GitHub alarms triggered a quick response: Detection was swift once the updates bypassed GitHub’s usual commit-based alerts and raised red flags in registry logs. The maintainer revoked the compromised token, deprecated the malicious releases, and collaborated with npm to remove them.Socket noted that the attack is a textbook example of “multi-stage supply chain compromise,”…
-
Mehr Schutz vor Phishing: YubiKey 5 Enhanced PIN jetzt weltweit verfügbar
Mit dem neuen Enhanced PIN können Unternehmen den steigenden Anforderungen an sichere, phishing-resistente Authentifizierung proaktiv begegnen und gleichzeitig ihre Sicherheitsinfrastruktur zukunftssicher aufstelle First seen on infopoint-security.de Jump to article: www.infopoint-security.de/mehr-schutz-vor-phishing-yubikey-5-enhanced-pin-jetzt-weltweit-verfuegbar/a41466/
-
New Report Reveals Just 10% of Employees Drive 73% of Cyber Risk
Tags: access, ai, attack, awareness, ceo, compliance, cyber, cybersecurity, data, finance, government, identity, office, phishing, resilience, risk, risk-management, strategy, technology, threat, trainingHuman risk is concentrated, not widespread: Just 10% of employees are responsible for nearly three-quarters (73%) of all risky behavior.Visibility is alarmingly low: Organizations relying solely on security awareness training (SAT) have visibility into only 12% of risky behavior, compared to 5X that for mature HRM programs.Risk is often misidentified: Contrary to popular belief, remote…
-
DeerStealer Malware Spread Through Weaponized .LNK and LOLBin Tools
A new wave of cyber-attacks has emerged, exploiting Windows shortcut files (.LNK) combined with legitimate system utilities collectively known as Living-off-the-Land Binaries and Scripts (LOLBin/S) to deliver the DeerStealer infostealer through highly obfuscated multi-stage chains. Recent campaigns begin with phishing emails or fraudulent file shares containing weaponized .LNK files camouflaged as seemingly benign documents, often…
-
Threat Actors Compromise Popular npm Packages to Steal Maintainers’ Tokens
Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used JavaScript tooling libraries. The campaign, first reported on July 18, 2025, utilizes a typosquatted domain, npnjs.com, to mimic legitimate npm communications and trick developers into surrendering their authentication tokens. This multi-stage operation begins with automated emails scraped…
-
Beware of npm Phishing Emails Targeting Developer Credentials
An developer recently came across a highly advanced phishing email that spoofs the support@npmjs.org address in order to impersonate npm, the Node.js package registry. The email directed recipients to a malicious link on npnjs.com, a domain cleverly typosquatted to mimic npmjs.com by swapping ‘m’ for ‘n’. This fake site hosted a complete clone or proxy…
-
AI-Powered Cloaking Tools Help Threat Actors Hide Malicious Domains from Security Scans
Threat actors are increasingly adopting AI-powered cloaking services to obfuscate phishing domains, counterfeit e-commerce sites, and malware distribution endpoints from automated security scanners. This technique, known as cloaking, involves dynamically serving innocuous >>white pages>black pages.
-
Fake npm Website Used to Push Malware via Stolen Token
Fake npm website used in phishing attack to steal maintainer token, leading to malware in popular JavaScript packages like eslint-config-prettier. First seen on hackread.com Jump to article: hackread.com/fake-npm-website-used-push-malware-via-stolen-token/
-
Snake Keylogger Uses Persistence via Scheduled Tasks to Steal Login Data Undetected
Researchers have uncovered a sophisticated phishing campaign zeroing in on Turkish enterprises, with a particular focus on the defense and aerospace industries. Threat actors are masquerading as Turkish Aerospace Industries (TUSAÅž), a key defense contractor, to disseminate malicious emails that mimic legitimate contractual documents. These emails carry a variant of the Snake Keylogger, an infamous…
-
PoisonSeed outsmarts FIDO keys without touching them
Tags: attack, authentication, ceo, cryptography, exploit, fido, Hardware, login, phishing, vulnerabilityFIDO isn’t broken, just outsmarted: Expel researchers called the campaign a concerning development, given that FIDO keys are often regarded as one of the pinnacles of secure MFA. “While we haven’t uncovered a vulnerability in FIDO keys, IT and SecOps folks will want to sit up and take notice,” they said. “This attack demonstrates how…
-
Falsche interne E-Mails erzielen in Phishing-Simulationen die höchste Klickrate
Eine der wichtigsten Erkenntnisse aus der zusammengefassten Analyse der Phishing-Simulationen im zweiten Quartal ist die entscheidende Rolle, die Vertrauen in der Cybersicherheit spielt First seen on infopoint-security.de Jump to article: www.infopoint-security.de/falsche-interne-e-mails-erzielen-in-phishing-simulationen-die-meisten-klicks/a41441/
-
Is AI here to take or redefine your cybersecurity role?
Tags: ai, attack, automation, business, ceo, cloud, compliance, conference, control, crowdstrike, cyber, cybersecurity, data, governance, intelligence, jobs, monitoring, phishing, risk, skills, soc, software, strategy, technology, threat, training, vulnerability“AI is coming, and will take some jobs, but no need to worry.”That headline ran atop a CSO story published in 2016. Nine years later, the prediction feels closer to coming true, with questions around jobs being replaced or redefined and whether cybersecurity pros should be worried taking on greater nuance, and still hanging in…
-
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals.The activity, observed by Expel as part of a phishing campaign in the wild, has been attributed to a threat actor named PoisonSeed, which…
-
Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers’ npm tokens.The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub…
-
Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers’ npm tokens.The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub…
-
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actors-downgrade-fido2-mfa-auth-in-poisonseed-phishing-attack/
-
Hackers Exploit FIDO MFA With Novel Phishing Technique
PoisonSeed Threat Actor Uses Cross-Device Login Feature and QR Code to Trick Users. Expel researchers have found a novel adversary-in-the-middle phishing technique used by PoisonSeed, a cybercrime group previously tied to large-scale cryptocurrency thefts, to sidestep one of the most secure forms of multifactor authentication – FIDO2 physical keys. First seen on govinfosecurity.com Jump to…