Tag: phishing
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
Cybersecurity management for boards: Metrics that matter
Tags: ai, attack, automation, breach, business, cloud, compliance, control, cyber, cybersecurity, data-breach, deep-fake, detection, dora, finance, firewall, governance, insurance, jobs, metric, mitigation, nis-2, nist, phishing, ransomware, regulation, resilience, risk, scam, soc, threat, trainingWhy does this matter? Resilience aligns with your actual business goals: continuity, trust and long-term value. It reflects your appetite for risk and your ability to adapt. And with regulations like DORA and NIS2 pushing accountability higher up the ladder, your board is on the hook. Financial impact and continuity metrics: You can’t fight cyber…
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
Old threats, new consequences: 90% of cyber claims stem from email and remote access
Tags: access, ai, attack, awareness, cisco, ciso, citrix, cloud, communications, control, credentials, cve, cyber, cybersecurity, data, defense, detection, email, encryption, finance, fraud, hacker, insurance, mail, malicious, microsoft, network, phishing, phone, ransomware, risk, sophos, tactics, threat, tool, update, vpn, vulnerability2025 InsurSec Rankings Report, email and remote access remain the most prominent cyber threat vectors, accounting for 90% of cyber insurance claims in 2024.And, no surprise, larger companies continue to get hit hardest. But, interestingly, the virtual private networks (VPNs) many rely on are anything but secure, despite assumptions to the contrary.”We know from our…
-
Email breaches are the silent killers of business growth
78% of organizations were hit by an email breach in the past 12 months, according to the Email Security Breach Report 2025 by Barracuda. Phishing, impersonation, and account … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/30/barracuda-report-email-breach-response/
-
KnowBe4 Threat Lab warnt vor Missbrauch von Webformularen als Phishing-Einfallstor
Die Taktik zeigt einen klaren Trend: Cyberkriminelle kapern zunehmend legitime Systeme, um von deren Domain-Autorität und Markenvertrauen zu profitieren. Damit verlieren klassische Authentifizierungsverfahren ihre Schutzwirkung und eine scheinbar routinemäßige E-Mail kann längst Teil eines groß angelegten Angriffs sein. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-threat-lab-warnt-vor-missbrauch-von-webformularen-als-phishing-einfallstor/a42570/
-
KnowBe4 Threat Lab warnt vor Missbrauch von Webformularen als Phishing-Einfallstor
Die Taktik zeigt einen klaren Trend: Cyberkriminelle kapern zunehmend legitime Systeme, um von deren Domain-Autorität und Markenvertrauen zu profitieren. Damit verlieren klassische Authentifizierungsverfahren ihre Schutzwirkung und eine scheinbar routinemäßige E-Mail kann längst Teil eines groß angelegten Angriffs sein. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-threat-lab-warnt-vor-missbrauch-von-webformularen-als-phishing-einfallstor/a42570/
-
StrongestLayer Adds AI Reasoning Engine to Validate Emails
StrongestLayer has launched AI Advisor, an advanced email protection tool powered by large language models (LLMs) that evaluates message provenance in real time to detect phishing attacks. By triangulating sender legitimacy and assigning dynamic risk scores, AI Advisor cuts false positives to under 1% and saves security teams hundreds of analyst hours each quarter. First…
-
Security Training Just Became Your Biggest Security Risk
Traditional security awareness training is now undermining enterprise security and productivity. As AI-generated phishing eliminates familiar “red flags,” organizations must move beyond vigilance culture toward AI-assisted trust calibration”, combining cognitive science and machine intelligence to rebuild trust, reduce false positives, and enhance real security outcomes. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/security-training-just-became-your-biggest-security-risk/
-
Top 7 agentic AI use cases for cybersecurity
Tags: access, ai, attack, authentication, ceo, cyber, cybersecurity, data, detection, fraud, identity, infrastructure, jobs, mitigation, monitoring, office, phishing, resilience, risk, scam, service, soc, strategy, technology, threat, tool, vulnerability, zero-trust2. Security operations center support: Security operations centers (SOCs) are a great use case for agentic AI because they serve as the frontline for detecting and responding to threats, says Naresh Persaud, principal, cyber risk services, at Deloitte.With thousands of incidents to triage daily, SOCs are experiencing mounting alert fatigue. “Analysts can spend an average…
-
Top 7 agentic AI use cases for cybersecurity
Tags: access, ai, attack, authentication, ceo, cyber, cybersecurity, data, detection, fraud, identity, infrastructure, jobs, mitigation, monitoring, office, phishing, resilience, risk, scam, service, soc, strategy, technology, threat, tool, vulnerability, zero-trust2. Security operations center support: Security operations centers (SOCs) are a great use case for agentic AI because they serve as the frontline for detecting and responding to threats, says Naresh Persaud, principal, cyber risk services, at Deloitte.With thousands of incidents to triage daily, SOCs are experiencing mounting alert fatigue. “Analysts can spend an average…
-
Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa
Africa becomes a proving ground for AI-driven phishing, deepfakes, and impersonation, with attackers testing techniques against governments and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cybersecurity-firms-see-surge-in-ai-powered-attacks-across-africa
-
Rethinking Identity Security in the Age of AI
Tags: access, ai, api, attack, authentication, automation, awareness, best-practice, breach, business, captcha, ceo, container, control, credentials, cyber, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, endpoint, exploit, finance, fraud, Hardware, iam, identity, login, malware, mfa, monitoring, passkey, password, phishing, risk, risk-management, scam, threat, tool, vulnerabilityRethinking Identity Security in the Age of AI madhav Tue, 10/28/2025 – 06:35 Traditional identity protections were never designed for the age of AI. They can’t stop the lightning-fast, highly convincing identity attacks AI facilitates. There’s a reason that nearly 60% of businesses say compromised credentials are the leading cause of breaches. Data Security Marco…
-
Rethinking Identity Security in the Age of AI
Tags: access, ai, api, attack, authentication, automation, awareness, best-practice, breach, business, captcha, ceo, container, control, credentials, cyber, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, endpoint, exploit, finance, fraud, Hardware, iam, identity, login, malware, mfa, monitoring, passkey, password, phishing, risk, risk-management, scam, threat, tool, vulnerabilityRethinking Identity Security in the Age of AI madhav Tue, 10/28/2025 – 06:35 Traditional identity protections were never designed for the age of AI. They can’t stop the lightning-fast, highly convincing identity attacks AI facilitates. There’s a reason that nearly 60% of businesses say compromised credentials are the leading cause of breaches. Data Security Marco…
-
Die Ära der autonomen Cyber-Kriminalität
Unternehmen auf der ganzen Welt setzen zunehmend auf künstliche Intelligenz (KI), denn sie sorgt für teils erhebliche Effizienzsteigerungen. Gleichzeitig nutzen Hacker sie, um ihre Angriffe raffinierter zu gestalten, zu skalieren oder zu automatisieren. Infolgedessen steht die Cybersicherheit vor einem Wendepunkt, an dem KI gegen KI kämpft. Die Phishing-Betrügereien und Deepfakes von heute sind nur die…
-
BiDi Swap: The bidirectional text trick that makes fake URLs look real
Attackers are abusing bidirectional text to make fake URLs look real, reviving a decade-old browser flaw now fueling new phishing tricks. Varonis reveals how the “BiDi Swap” technique works and what organizations need to watch out for. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bidi-swap-the-bidirectional-text-trick-that-makes-fake-urls-look-real/
-
New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding
Security researchers have discovered a sophisticated phishing technique that weaponizes invisible Unicode characters embedded within email subject lines using MIME encoding”, a tactic that remains largely unknown among email security professionals. The discovery reveals how attackers are evolving their evasion methods to bypass automated filtering systems while maintaining complete readability to end users. During routine…
-
New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding
Security researchers have discovered a sophisticated phishing technique that weaponizes invisible Unicode characters embedded within email subject lines using MIME encoding”, a tactic that remains largely unknown among email security professionals. The discovery reveals how attackers are evolving their evasion methods to bypass automated filtering systems while maintaining complete readability to end users. During routine…
-
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations
Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threatAdvanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
-
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations
Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threatAdvanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Auch deutsche Nutzer betroffen: Riesige Smishing-Kampagne umfasst 194.000 Domains
Die Angreifer registrieren täglich Tausende neuer Domains bei einem chinesischen Registrar und locken ihre Opfer per SMS auf Phishing-Seiten. First seen on golem.de Jump to article: www.golem.de/news/auch-deutsche-nutzer-betroffen-riesige-smishing-kampagne-umfasst-194-000-domains-2510-201594.html
-
Gamaredon Phishing Campaign Exploits WinRAR Vulnerability to Target Government Agencies
Tags: attack, cve, cyber, cybersecurity, exploit, government, group, malicious, phishing, software, threat, vulnerabilityCybersecurity researchers have uncovered a sophisticated phishing campaign orchestrated by the notorious Gamaredon threat group, specifically targeting government entities through exploitation of a critical WinRAR vulnerability. The attack leverages CVE-2025-8088, a path traversal vulnerability in the popular file compression software, to deliver weaponized RAR archives that silently deploy malicious payloads without requiring user interaction beyond…
-
‘ChatGPT Tainted Memories’ Exploit Enables Command Injection in Atlas Browser
LayerX Security found a flaw in OpenAI’s ChatGPT Atlas browser that lets attackers inject commands into its memory, posing major security and phishing risks. First seen on hackread.com Jump to article: hackread.com/chatgpt-tainted-memories-atlas-browser/
-
New HyperRat Android Malware Sold as Ready-Made Spy Tool
Researchers have uncovered HyperRat, a new Android malware sold as a service, giving attackers remote control, data theft tools, and mass phishing features. First seen on hackread.com Jump to article: hackread.com/hyperrat-android-malware-sold-spy-tool/
-
Critical Chrome 0-Day Under Attack: Mem3nt0 Mori Hackers Actively Exploiting Vulnerability
In March 2025, security researchers at Kaspersky detected a sophisticated campaign exploiting a previously unknown Chrome vulnerability to deliver advanced spyware to high-profile targets. The attack, dubbed Operation ForumTroll, leveraged personalized phishing links to compromise organizations across Russia, including media outlets, universities, research centers, government agencies, and financial institutions. A single click on a malicious…