Tag: phishing
-
Phishing Alert: Kimusky Hackers Masquerade as Tax Authority with ‘September Tax Return Due Date’ Email
South Korean internet users are being targeted by a sophisticated phishing campaign attributed to the North Korean threat actor known as Kimsuky. The malicious emails, masquerading as official notices from the National Tax Service (NTS), inform recipients of a “September Tax Return Payment Due Notice” and urge them to click a link to view an…
-
Phishing Alert: Kimusky Hackers Masquerade as Tax Authority with ‘September Tax Return Due Date’ Email
South Korean internet users are being targeted by a sophisticated phishing campaign attributed to the North Korean threat actor known as Kimsuky. The malicious emails, masquerading as official notices from the National Tax Service (NTS), inform recipients of a “September Tax Return Payment Due Notice” and urge them to click a link to view an…
-
Salty2FA Phishing Kit Unveils New Level of Sophistication
Salty2FA phishing campaign showcases advanced techniques and professionalism of cybercrime operations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/salty2fa-phishing-kit/
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Axios User Agent Helps Automate Phishing on “Unprecedented Scale”
Tags: phishingReliaQuest warns that phishing campaigns abusing the Axios user agent have surged 241% in three months First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/axios-user-agent-automate-phishing/
-
Axios User Agent Helps Automate Phishing on “Unprecedented Scale”
Tags: phishingReliaQuest warns that phishing campaigns abusing the Axios user agent have surged 241% in three months First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/axios-user-agent-automate-phishing/
-
SpamGPT: New AI Email Attack Tool Fueling Massive Phishing Operations
A novel AI-driven email attack toolkit namedSpamGPThas surfaced on underground hacking forums, promising cybercriminals an all-in-one platform for launching large-scale phishing campaigns. Advertised as an “AI-powered spam-as-a-service” solution, SpamGPT automates compromise of email servers, bypasses major spam filters, and offers marketing-style campaign analytics. Security researchers warn that its user-friendly interface and AI-assisted content generation significantly…
-
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT.The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said.” First seen on thehackernews.com Jump…
-
SpamGPT: New AI Email Attack Tool Fueling Massive Phishing Operations
A novel AI-driven email attack toolkit namedSpamGPThas surfaced on underground hacking forums, promising cybercriminals an all-in-one platform for launching large-scale phishing campaigns. Advertised as an “AI-powered spam-as-a-service” solution, SpamGPT automates compromise of email servers, bypasses major spam filters, and offers marketing-style campaign analytics. Security researchers warn that its user-friendly interface and AI-assisted content generation significantly…
-
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT.The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said.” First seen on thehackernews.com Jump…
-
SpamGPT: New AI Email Attack Tool Fueling Massive Phishing Operations
A novel AI-driven email attack toolkit namedSpamGPThas surfaced on underground hacking forums, promising cybercriminals an all-in-one platform for launching large-scale phishing campaigns. Advertised as an “AI-powered spam-as-a-service” solution, SpamGPT automates compromise of email servers, bypasses major spam filters, and offers marketing-style campaign analytics. Security researchers warn that its user-friendly interface and AI-assisted content generation significantly…
-
MostereRAT Exploits AnyDesk and TightVNC for Remote Access on Windows Systems
Cybersecurity researchers at FortiGuard Labs have uncovered a sophisticated phishing campaign that deploys the MostereRAT remote access trojan to compromise Windows systems. The malware leverages advanced evasion techniques and installs legitimate remote access tools like AnyDesk and TightVNC to maintain persistent, covert access to infected machines. The attack begins with carefully crafted phishing emails targeting…
-
Supply-Chain-Angriff: NPM-Pakete mit Milliarden von Downloads kompromittiert
Ein erfolgreicher Phishing-Angriff erschüttert das Javascript-Ökosystem. Eine Malware hat ihren Weg in zahlreiche prominente NPM-Pakete gefunden. First seen on golem.de Jump to article: www.golem.de/news/supply-chain-angriff-npm-pakete-mit-milliarden-von-downloads-kompromittiert-2509-199901.html
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack.The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, by…
-
Cyberresilienz einer der größten Wettbewerbsvorteile der Neuzeit
Analyse der IT-Sicherheitsvorfälle im ersten Halbjahr 2025 zeigt, dass Ransomware weiterhin dominiert und Cyberangriffe zunehmend Industrie und IT treffen. Riedel Networks, Anbieter von maßgeschneiderten IT-Security- und Netzwerkdienstleistungen, veröffentlicht seinen aktuellen Report mit über 100 dokumentierten IT-Sicherheitsvorfällen aus dem ersten Halbjahr 2025, von Phishing über Zero-Day-Attacken bis hin zu Schwachstellen in der Lieferkette, und zeigt,… First…
-
Cyberresilienz einer der größten Wettbewerbsvorteile der Neuzeit
Analyse der IT-Sicherheitsvorfälle im ersten Halbjahr 2025 zeigt, dass Ransomware weiterhin dominiert und Cyberangriffe zunehmend Industrie und IT treffen. Riedel Networks, Anbieter von maßgeschneiderten IT-Security- und Netzwerkdienstleistungen, veröffentlicht seinen aktuellen Report mit über 100 dokumentierten IT-Sicherheitsvorfällen aus dem ersten Halbjahr 2025, von Phishing über Zero-Day-Attacken bis hin zu Schwachstellen in der Lieferkette, und zeigt,… First…
-
Amazon SES Turned Rogue: 50K Phishing Emails a Day
Hackers abuse Amazon SES to send 50K+ phishing emails daily, spoofing domains and evading detection. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/amazon-ses-phishing-emails/
-
Dev snared in crypto phishing net, 18 npm packages compromised
Popular npm packages debug, chalk, and others hijacked in massive supply chain attack First seen on theregister.com Jump to article: www.theregister.com/2025/09/08/dev_falls_for_phishing_email/
-
Kazakh oil giant denies cyberattack, says incident was ‘planned’ phishing drill
Indian cybersecurity researchers claimed Kazakhstan’s state-owned oil company had been hacked by a Russian-speaking operation. It was all just a pentest, though, the company said. First seen on therecord.media Jump to article: therecord.media/kazakstan-oil-company-kazmunaygas-phishing-simulation-not-cyberattack
-
Kazakh oil giant denies cyberattack, says incident was ‘planned’ phishing drill
Indian cybersecurity researchers claimed Kazakhstan’s state-owned oil company had been hacked by a Russian-speaking operation. It was all just a pentest, though, the company said. First seen on therecord.media Jump to article: therecord.media/kazakstan-oil-company-kazmunaygas-phishing-simulation-not-cyberattack
-
Kazakh oil giant denies cyberattack, says incident was ‘planned’ phishing drill
Indian cybersecurity researchers claimed Kazakhstan’s state-owned oil company had been hacked by a Russian-speaking operation. It was all just a pentest, though, the company said. First seen on therecord.media Jump to article: therecord.media/kazakstan-oil-company-kazmunaygas-phishing-simulation-not-cyberattack
-
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers’ accounts in a phishing attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/