Tag: phishing
-
New Microsoft Teams feature will let you report suspicious calls
Microsoft plans to introduce a call reporting feature in Teams by mid-March, allowing users to flag suspicious or unwanted calls as potential scams or phishing attempts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-teams-feature-will-let-you-report-suspicious-calls/
-
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q4-2025/
-
Bumble, Panera Bread, Match Group, and CrunchBase Hit by New Wave of Cyberattacks
A new wave of cyberattacks has recently struck several prominent U.S. companies, including Bumble Inc., Panera Bread Co., Match Group Inc., and CrunchBase. Bumble Inc., the parent company of dating apps Bumble, Badoo, and BFF, reported that one of its contractor accounts was compromised in a phishing incident. First seen on thecyberexpress.com Jump to article:…
-
I’m a tech-savvy zillennial who knows how to safeguard against hacking. Scammers still managed to get me | Caitlin Cassidy
Had I received any suspicious text messages claiming to be from my bank, the fraud team asked. Had I clicked on the links? My stomach dropped<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>The scariest part about getting scammed was not realising it was happening in the first place.Perhaps naively,…
-
When MFA Fails Quietly: Inside the Rise of AiTM Phishing Attacks
Multi-factor authentication has long been treated as a security finish line. Once enabled, organizations assume that account takeover risks drop dramatically. Recent attacker behavior suggests otherwise. New reporting details a growing wave of adversary-in-the-middle (AiTM) phishing campaigns that are specifically designed to bypass MFA by hijacking authentication sessions in real time, according to IT Pro.…
-
Everybody is WinRAR phishing, dropping RATs as fast as lightning
Russians, Chinese spies, run-of-the-mill crims “¦ First seen on theregister.com Jump to article: www.theregister.com/2026/01/28/winrar_bug_under_attack/
-
Massives Datenleck bedroht rund 150 Millionen Benutzer
Tags: credentials, credit-card, crypto, cyberattack, data-breach, finance, fraud, login, mail, malware, password, phishing, riskDie offengelegten Zugangsdaten stellen ein erhebliches Sicherheitsrisiko dar.Der Cybersicherheitsforscher Jeremiah Fowler deckte kürzlich ein Datenleck mit 149 Millionen Login-Daten auf. Zu den Opfern zählen vor allem Nutzer großer Tech-und Streaming-Anbieter. Aber auch Finanzdienstleistungskonten, Krypto-Wallets oder Handelskonten, Bank- und Kreditkarten-Logins tauchten in den offengelegten Datensätzen auf. Laut Forschungsbericht enthält die Datenbank jedoch nicht nur Benutzernamen und…
-
Cybercriminals Leverage AI-Generated Malicious Job Offers to Spread PureRAT Malware
A Vietnamese threat actor is using AI-authored code to power a phishing campaign that delivers the PureRAT malware and related payloads, leveraging realistic job-themed lures to compromise corporate systems. The campaign, first documented by Trend Micro in December 2025, initially used malicious ZIP and RAR attachments posing as job opportunity documents. More recent activity observed…
-
Cybercriminals Exploit Canadians’ Dependence on Digital Services in Widespread Attacks
Canadian citizens are facing a coordinated phishing campaign that leverages government impersonation and brand spoofing to harvest personal and financial data at scale. The campaign is heavily aligned with PayTool, a known phishing-as-a-service ecosystem specializing in traffic violation scams targeting Canadians via SMS. Beyond traffic fines, threat actors are impersonating Canada Revenue Agency (CRA), Air…
-
Password Reuse in Disguise: An Often-Missed Risky Workaround
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remains far more ordinary.Near-identical password reuse continues to slip past security controls, often First seen…
-
Trade Republic: Cyberkriminelle verschicken Phishing-Mails so schützt ihr euch
First seen on t3n.de Jump to article: t3n.de/news/trade-republic-cyberkriminelle-verschicken-pishing-mails-so-schuetzt-ihr-euch-1726527/
-
Report: Attacks ‘Cascade’ From IT, OT to Patient Care
Trellix Says Email, Identify Failures Are Among Top Vectors in Health Compromises. Of the millions of threats detected in healthcare IT environments last year, email phishing, identity failures and device vulnerabilities were among the top vectors for non-clinical IT compromises – often cascading and disrupting patient care, said a new report from security firm Trellix.…
-
‘Stanley’ Toolkit Turns Chrome Into Undetectable Phishing Vector
The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/stanley-toolkit-chrome-undetectable-phishing
-
NDSS 2025 Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach
Tags: attack, conference, cyber, detection, exploit, Internet, monitoring, network, phishing, ransomware, risk, windows, zero-daySession 10B: Ransomware Authors, Creators & Presenters: Christian van Sloun (RWTH Aachen University), Vincent Woeste (RWTH Aachen University), Konrad Wolsing (RWTH Aachen University & Fraunhofer FKIE), Jan Pennekamp (RWTH Aachen University), Klaus Wehrle (RWTH Aachen University) PAPER Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach Ransomware attacks have become one of the most widely…
-
Wave of ShinyHunters vishing attacks spreading fast
The ShinyHunters hacking collective that caused chaos in 2025 is ramping up a new voice phishing campaign, with several potential victims already identified. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637762/Wave-of-ShinyHunters-vishing-attacks-spreading-fast
-
Fighting The Next Evolution of Email Threats With Layered, AI-Driven Security
For decades, email has been the backbone of corporate communications and for precisely this reason, it remains the attacker’s preferred gateway into organisations. Phishing, Business Email Compromise (BEC), and supply chain attacks continue to increase, with adversaries using AI and compromised accounts to bypass classic protection mechanisms. The rapid evolution of threats presents significant challenges…
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (SSO) platforms particularly Okta across more than 100 high-value enterprises. Unlike automated phishing campaigns, this operation is human-led. It relies on voice…
-
New Deepfake Phishing Attack Targets Bitcoin Users via Zoom and Teams
A sophisticated deepfake-enabled phishing campaign is actively targeting Bitcoin users through fake Zoom and Microsoft Teams calls. The attackers are exploiting video conferencing, Telegram, and AI-generated identities to steal bitcoin and compromise victims’ digital lives. The attack chain begins on Telegram, where victims receive what appears to be a legitimate message or call request from…
-
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-malware-service-guarantees-phishing-extensions-on-chrome-web-store/
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
Fake Microsoft Teams Billing Phishing Alerts Reach 6,135 Users via 12,866 Emails
Scammers are abusing Microsoft Teams invitations to send fake billing notices, with 12,866 emails reaching around 6,135 users in a phone-based phishing campaign. First seen on hackread.com Jump to article: hackread.com/fake-microsoft-teams-billing-phishing-alerts-emails/
-
Fake Microsoft Teams Billing Phishing Alerts Reach 6,135 Users via 12,866 Emails
Scammers are abusing Microsoft Teams invitations to send fake billing notices, with 12,866 emails reaching around 6,135 users in a phone-based phishing campaign. First seen on hackread.com Jump to article: hackread.com/fake-microsoft-teams-billing-phishing-alerts-emails/
-
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign.The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat First…