Tag: phishing
-
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access
MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity… First seen on hackread.com Jump to article: hackread.com/mostererat-windows-anydesk-tightvnc-access/
-
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access
MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity… First seen on hackread.com Jump to article: hackread.com/mostererat-windows-anydesk-tightvnc-access/
-
Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan.The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025.”The campaign is targeted towards…
-
MostereRAT Targets Windows Users With Stealth Tactics
Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rat-targets-windows-users-stealth/
-
Hackers Exploit Amazon SES to Blast Over 50,000 Malicious Emails Daily
Tags: cloud, credentials, cyber, cyberattack, cybercrime, email, exploit, hacker, malicious, phishing, service, threatA sophisticated cyberattack campaign where threat actors exploited compromised AWS credentials to hijack Amazon’s Simple Email Service (SES), launching large-scale phishing operations capable of sending over 50,000 malicious emails daily. The Wiz Research team identified this alarming SES abuse campaign in May 2025, highlighting a concerning trend where cybercriminals are weaponizing legitimate cloud services to…
-
Kimsuky Hackers’ Playbook Uncovered in Exposed ‘Kim’ Data Dump
A rare breach attributed to a North Koreanaffiliated actor named “Kim” by the leakers has unveiled unprecedented insight into Kimsuky (APT43) operations. Dubbed the “Kim” dump, the 9 GB dataset includes active bash histories, phishing domains, OCR workflows, custom stagers, and Linux rootkit evidence”, revealed a hybrid campaign that leverages Chinese-language tooling and infrastructure to…
-
The Cyberthreats No One Talks About but Everyone Faces
Beyond ransomware and phishing, hidden cyberthreats are rising, from AI-driven deepfakes and scams to shadow IT, and supply chain attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-cyberthreats-no-one-talks-about-but-everyone-faces/
-
The Cyberthreats No One Talks About but Everyone Faces
Beyond ransomware and phishing, hidden cyberthreats are rising, from AI-driven deepfakes and scams to shadow IT, and supply chain attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-cyberthreats-no-one-talks-about-but-everyone-faces/
-
iCloud Calendar abused to send phishing emails from Apple’s servers
iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/icloud-calendar-abused-to-send-phishing-emails-from-apples-servers/
-
EAngriffe steigen um 27 % dynamisches Phishing nimmt zu
Cyber-Kriminelle setzen verstärkt auf bewährte Angriffsmuster und nutzen dabei zunehmend QR-Codes für Phishing-Attacken. Gleichzeitig professionalisiert sich die Szene durch standardisierte Tools aus dem Darknet. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/e-mail-angriffe-steigen-27-prozent
-
E-Mail Threat Landscape Report: Zunahme dynamischer Phishing-Angriffe auf Unternehmen
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/e-mail-threat-landscape-report-zunahme-phishing-angriffe-unternehmen
-
Vorsicht EinkommensteuerrückerstattungsMails
Nachdem in Deutschland am 31. Juli 2025 die Frist zur Abgabe der Einkommensteuererklärungen 2024 abgelaufen ist, trudeln einerseits die Steuerbescheide bei den Steuerpflichtigen ein. Andererseits machen sich Phisher diesen Umstand zunutze und versuchen im Umfeld der Steuerbescheide “im Trüben zu … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/07/vorsicht-einkommensteuerrueckerstattungs-phishing-mails/
-
VirusTotal finds hidden malware phishing campaign in SVG files
VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia’s judicial system that deliver malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/virustotal-finds-hidden-malware-phishing-campaign-in-svg-files/
-
Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan.The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025.”The campaign is targeted towards…
-
Cybersecurity Snapshot: Expert Advice for Securing Critical Infrastructure’s OT and Industrial Control Systems, IoT Devices and Network Infrastructure
Tags: access, advisory, apt, attack, authentication, breach, china, cisa, cisco, cloud, compliance, computer, computing, control, credentials, cryptography, cve, cyber, cybersecurity, data, defense, detection, espionage, exploit, firmware, framework, google, government, guide, hacker, Hardware, incident response, infrastructure, international, Internet, iot, login, mfa, military, mitigation, monitoring, network, nist, organized, password, phishing, ransomware, regulation, risk, russia, sans, service, software, technology, theft, threat, tool, update, vulnerability, zero-trustDestructive cyber attacks against critical infrastructure have unfortunately become increasingly frequent. Just last week, multinational government agencies blared the alarm about a global cyber espionage campaign targeting critical infrastructure networks. With this type of cyber threat in the spotlight, we’re rounding up recent cyber advice for securing critical infrastructure. In case you missed it, here…
-
TAG-150 Hackers Escalate Attacks with Proprietary Malware Families
A sophisticated threat actor, TAG-150, active since at least March 2025. Characterized by rapid malware development, technical sophistication, and a sprawling multi-tiered infrastructure, TAG-150 has deployed several self-developed families”, CastleLoader, CastleBot, and most recently CastleRAT”, targeting organizations via phishing campaigns and fraudulent repositories. TAG-150 first surfaced with CastleLoader, a loader that delivers a diverse set…
-
Smishing, Vishing, Whaling: Diese 9 Phishing-Fallen solltet ihr kennen
First seen on t3n.de Jump to article: t3n.de/news/smishing-vishing-whaling-diese-9-phishing-fallen-solltet-ihr-kennen-1679869/
-
SVG files used in hidden malware campaign impersonating Colombian authorities
VirusTotal uncovered an undetected malware campaign using SVG files that impersonated the Colombian justice system. VirusTotal researchers uncovered a phishing campaign using SVG files with hidden JavaScript to deploy fake FiscalÃa General de la Nación login pages in Colombia and spread malware. VirusTotal noticed that, despite being outdated, SWF files are still abused in attacks.…
-
Massiver Anstieg bei Hackerangriffen auf deutschen Bildungssektor
Tags: access, authentication, cyberattack, data, germany, group, hacker, login, mail, phishing, threat, vulnerabilityVor dem Schul- und Semesterstart in Deutschland ist die Zahl der Cyberattacken stark gestiegen.Während im September in vielen Bundesländern das neue Schuljahr beginnt, haben es Cyberkriminelle vermehrt auf den Bildungssektor abgesehen. Forscher des Security-Spezialisten Check Point stellten fest, dass Cyberattacken vor Schul- und Semesterstart hierzulande um 56 Prozent zugenommen haben. Das liegt weit über dem weltweiten…
-
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system.The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as…
-
Phishing Empire Runs Undetected on Google, Cloudflare
What’s believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/phishing-empire-undetected-google-cloudflare
-
Identity-First Security: Mitigating the Cloud’s Greatest Risk Vector
Tags: access, ai, attack, best-practice, breach, business, cloud, credentials, data, defense, exploit, framework, google, iam, identity, infrastructure, least-privilege, microsoft, phishing, ransomware, risk, service, strategy, threat, vulnerabilityCompromised credentials are now the leading cause of cloud breaches, making identity your most critical attack surface. A new IDC white paper explores why this shift is happening and where traditional defenses fall short. Read on to learn how Tenable’s identity-first approach turns this risk into your strongest defense. Hack the user, own the cloud.…
-
New Phishing Tactic Targets PayPal’s 434M Users
A new PayPal phishing scam adds attackers as secondary users, letting them drain accounts while evading traditional detection. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/paypal-email-scam-2025/
-
Iran-Nexus Hackers Impersonate Omani MFA to Target Governments Entities
Tags: breach, communications, cyber, cybersecurity, exploit, government, group, hacker, intelligence, iran, malicious, mfa, phishing, spear-phishingCybersecurity researchers uncovered a sophisticated, Iran-linked spear-phishing operation that exploited a compromised Ministry of Foreign Affairs (MFA) mailbox in Oman to deliver malicious payloads to government entities worldwide. Analysts attribute the operation to the “Homeland Justice” group, believed to be aligned with Iran’s Ministry of Intelligence and Security (MOIS). Leveraging stolen diplomatic communications, encoded macros,…
-
6 browser-based attacks all security teams should be ready for in 2025
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/
-
North Korean Hackers Exploit Threat Intel Platforms For Phishing
North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-exploit-threat-intel/
-
NoisyBear Exploits ZIP Files for PowerShell Loaders and Data Exfiltration
The threat actor known as NoisyBear has launched a sophisticated cyber-espionage effort called Operation BarrelFire, using specially designed phishing lures that imitate internal correspondence to target Kazakhstan’s energy sector, particularly workers of the state oil and gas major KazMunaiGas. Security researchers at Seqrite Labs first observed the campaign in April 2025 and noted its rapid…