Tag: phishing
-
Why attackers are moving beyond email-based phishing attacks
Phishing isn’t just email anymore. Attackers now use social media, chat apps & malicious ads to steal credentials. Push Security explains the latest tactics and shows how to stop multi-channel phishing where it happens, inside the browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-attackers-are-moving-beyond-email-based-phishing-attacks/
-
Sicherheit und Resilienz in der IT worauf es ankommt
Cyberangriffe sind in Deutschland mittlerweile Alltag. Unternehmen jeder Größe sehen sich wachsenden Bedrohungen ausgesetzt von gezielten Attacken bis hin zu groß angelegten Phishing-Kampagnen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cloud-security/sicherheit-und-resilienz-in-der-it
-
AI-powered phishing scams now use fake captcha pages to evade detection
The attack playbook: The phishing campaigns follow a familiar playbook at the outset. Victims typically receive spam emails that carry urgent, action-oriented messages such as “Password Reset Required” or “USPS Change of Address Notification”.Clicking on the embedded link doesn’t take the user directly to a credential-stealing site but instead loads what appears to be a…
-
AI-powered phishing scams now use fake captcha pages to evade detection
The attack playbook: The phishing campaigns follow a familiar playbook at the outset. Victims typically receive spam emails that carry urgent, action-oriented messages such as “Password Reset Required” or “USPS Change of Address Notification”.Clicking on the embedded link doesn’t take the user directly to a credential-stealing site but instead loads what appears to be a…
-
Massive Lucid PhaaS Campaign: 17,500 Phishing Domains Mimic 316 Global Brands
Cybersecurity researchers at Netcraft have uncovered two sophisticated phishing campaigns linked to the Lucid and Lighthouse Phishing-as-a-Service (PhaaS) platforms, revealing a massive operation that has deployed over 17,500 phishing domains targeting 316 brands across 74 countries. This discovery highlights the growing threat of commercialized cybercrime infrastructure that enables low-skilled attackers to conduct sophisticated phishing operations…
-
CSO Awards winners highlight security innovation and transformation
Tags: ai, attack, automation, awareness, best-practice, business, ciso, cloud, compliance, conference, control, cyber, cybersecurity, data, defense, detection, finance, flaw, framework, governance, group, guide, infrastructure, intelligence, login, malicious, metric, mitre, network, penetration-testing, phishing, privacy, programming, risk, risk-management, service, siem, skills, soc, software, technology, threat, tool, training, update, vulnerability, vulnerability-managementFSU tackles third-party risk with tighter vendor management program: Organization: Florida State UniversityProject: Third-Party Risk Management ProgramSecurity leader: Bill Hunkapiller, CISOOfficials at Florida State University wanted to ensure that data shared with outside entities was well protected. To achieve that, CISO Bill Hunkapiller and his team revamped its third-party risk management program so that the…
-
Cybercriminals Exploit ICS Computers via Scripts and Phishing Attacks
Industrial control systems (ICS) continue to face increasing cybersecurity challenges as threat actors employ sophisticated malicious scripts and phishing campaigns to target critical infrastructure. According to new data from Q2 2025, while overall attack rates have shown a marginal decline, specific threat vectors including email-based attacks and malicious documents are intensifying their assault on industrial…
-
Cybersecurity Consulting
Tags: attack, cyber, cybersecurity, exploit, phishing, ransomware, spam, supply-chain, threat, zero-dayAs businesses expand digitally, their attack surface grows exponentially. Cyber threats today are no longer limited to viruses or spam emails”, they include ransomware, insider threats, phishing, supply chain attacks, zero-day exploits, and nation-state campaigns. To counter this complexity, organizations need more than tools”, they need expert guidance. This is where cybersecurity consulting comes in.…
-
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries.”Phishing-as-a-Service (PhaaS) deployments have risen significantly recently,” Netcraft said in a new report. “The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases, First seen…
-
AI-Driven Phishing Attacks: Deceptive Tactics to Bypass Security Systems
Since January, Trend Micro has tracked a surge in phishing campaigns using AI-powered platforms (Lovable, Netlify, Vercel) to host fake captcha pages that lead to phishing websites. This ploy misleads users and evades security tools. Victims are first shown a captcha, lowering suspicion, while automated scanners only detect the challenge page, missing the hidden credential-harvesting…
-
Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks
Trend Micro said the use of AI platforms to create and host fake CAPTCHA pages helps attackers develop more sophisticated phishing campaigns at scale and speed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-abuse-ai-fake-captchas/
-
Phishing Attack
Phishing remains one of the most successful cyberattack techniques today. Despite decades of awareness campaigns, it continues to deceive individuals and organizations into giving away sensitive information, from login credentials to financial details. Why? Because phishing exploits the human element, which is often the weakest link in cybersecurity. Phishing attacks are evolving in sophistication, scale,…
-
Phishing Attack
Phishing remains one of the most successful cyberattack techniques today. Despite decades of awareness campaigns, it continues to deceive individuals and organizations into giving away sensitive information, from login credentials to financial details. Why? Because phishing exploits the human element, which is often the weakest link in cybersecurity. Phishing attacks are evolving in sophistication, scale,…
-
Breach Roundup: Microsoft, Cloudflare Dismantle RaccoonO365
Tags: ai, breach, china, data, data-breach, hacker, microsoft, phishing, privacy, service, spear-phishing, technologyAlso, Colt Services Outage Persists, Finland Charges Americans in Vastaamo Hack. This week, Microsoft hit RaccoonO365, Colt Technology Services, Finland charged a U.S. citizen in Vastaamo hack. RevengeHotels hackers used AI, Meta can’t overturn a privacy case verdict. Chinese hackers unleashed spear phishing emails. Prosper confirmed a data breach, as did Kering fashion houses. First…
-
Microsoft Disrupts Major Phishing Operation Targeting Microsoft 365
Microsoft dismantled a major phishing service stealing Microsoft 365 credentials. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-disrupts-major-phishing-operation-targeting-microsoft-365/
-
Brute force attacks hitting SonicWall firewall configuration backups
Tags: attack, authentication, backup, breach, cloud, computer, computing, credentials, data, defense, encryption, firewall, Hardware, login, mfa, password, phishing, software, technology, threatWhat are brute force attacks?: Brute force attacks use trial and error to crack passwords, login credentials, and encryption keys. They’ve been around since the beginning of the computer age, yet are still effective. Why? In part because people still use easily guessable passwords like ‘1234’, or their company’s name, or default passwords left on…
-
Microsoft beschlagnahmt 338 Websites zur Zerschlagung des schnell wachsenden Phishing-Dienstes ‘RaccoonO365″
Die Digital-Crimes-Unit (DCU) von Microsoft hat mit einem Gerichtsbeschluss des Southern District of New York 338 Websites beschlagnahmt, die mit ‘RaccoonO365″ verbunden sind. Ziel war es, die technische Infrastruktur des Dienstes zu stören und Kriminellen den Zugriff auf Opferkonten zu entziehen. RaccoonO365 ist ein Phishing-Toolkit, mit dem Microsoft-365-Zugangsdaten gestohlen werden. Dieser Fall zeigt, dass Cyberkriminelle…
-
New ‘shinysp1d3r’ Ransomware-as-a-Service Targets VMware ESXi in Ongoing Development
EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such as employees or contractors, who can provide direct access to enterprise networks. ShinyHunters is very likely relying on members of Scattered Spider and The Com to conduct voice phishing attacks…
-
New ‘shinysp1d3r’ Ransomware-as-a-Service Targets VMware ESXi in Ongoing Development
EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such as employees or contractors, who can provide direct access to enterprise networks. ShinyHunters is very likely relying on members of Scattered Spider and The Com to conduct voice phishing attacks…
-
Microsoft schaltet gefährliches Phishing-Netzwerk ab
Über die Phishing-as-a-Service-Plattform RaccoonO365 sollen mehr als 5.000 Microsoft-Accounts in 94 Ländern kompromittiert worden sein.Die Digital Crimes Unit (DCU) von Microsoft hat die Phishing-as-a-Service-Plattform RaccoonO365 lahmgelegt. Wie das Unternehmen aus Redmond berichtet, wurden dabei 338 Webseiten beschlagnahmt, um die Infrastruktur zu zerstören.Das von Microsoft als Storm-2246 verfolgte kriminelle Netzwerk hinter der Plattform hat sich auf…
-
Hackers Target Facebook Accounts in Latest Phishing Attack
A newly discovered phishing campaign is exploiting Facebook’s external URL warning feature to dupe users into handing over their login credentials. By abusing Facebook’s “You’re about to leave Facebook” redirect mechanism, attackers can conceal malicious URLs behind the social media giant’s official domain and graphic style”, making the lure appear bona fide even to cautious…
-
Raccoon O365: Microsoft zerschlägt Phishing-Dienst
Raccoon O365 bietet abobasierte Phishing-Kits für Microsoft-Konten. Microsoft zählt in einem Jahr mindestens 5.000 kompromittierte Konten. First seen on golem.de Jump to article: www.golem.de/news/raccoon-o365-microsoft-zerschlaegt-phishing-dienst-2509-200213.html
-
Warning: Brute force attacks hitting SonicWall firewall configuration backups
Tags: attack, authentication, backup, breach, cloud, computer, computing, credentials, data, defense, encryption, firewall, Hardware, login, mfa, password, phishing, software, technology, threatWhat are brute force attacks?: Brute force attacks use trial and error to crack passwords, login credentials, and encryption keys. They’ve been around since the beginning of the computer age, yet are still effective. Why? In part because people still use easily guessable passwords like ‘1234’, or their company’s name, or default passwords left on…
-
China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy
China-linked group APT41 impersonated a U.S. lawmaker in phishing attacks on government, think tanks, and academics tied to US-China trade and policy. Proofpoint observed China-linked cyber espionage group APT41 impersonating a U.S. lawmaker in a phishing campaign targeting government, think tanks, and academics tied to U.S.-China trade and policy. APT41, known also as Amoeba, BARIUM,…
-
Microsoft Disrupts ‘RaccoonO365’ Phishing Service
Phishing-as-a-service (PhaaS) kits have become an increasingly popular way for lower-skill individuals who want to get into cybercrime. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-disrupts-raccoono365-phishing-service
-
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets.Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels.”The threat actors continue to employ…
-
The Industry’s Passkey Pivot Ignores a Deeper Threat: Device-Level Infections
Passkeys Are Progress, But They’re Not Protection Against Everything The cybersecurity community is embracing passkeys as a long-overdue replacement for passwords. These cryptographic credentials, bound to a user’s device, eliminate phishing and prevent credential reuse. Major players, like Google, Apple, Microsoft, GitHub, and Okta, have made passkey login widely available across consumer and enterprise services….…
-
Microsoft scores win against Office 365 credential thieves
Microsoft’s Digital Crimes Unit disrupts a major phishing-as-a-service operation that targeted and stole Office 365 usernames and credentials First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366631473/Microsoft-scores-win-against-Office-365-credential-thieves
-
Microsoft disrupts global phishing campaign that led to widespread credential theft
Officials say the operation led to ransomware and BEC attacks on U.S. hospitals and healthcare organizations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disrupts-global-phishing-credential-theft/760378/