Tag: phishing
-
‘Matrix Push’ C2 Tool Hijacks Browser Notifications
Have you ever given two seconds of thought to a browser notification? No? That’s what hackers bent on phishing are counting on. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/matrix-push-c2-tool-hijacks-browser-notifications-phishing
-
Scam USPS and E-Z Pass Texts and Websites
Tags: banking, credit-card, cybercrime, google, government, group, password, phishing, scam, software, toolGoogle has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card…
-
API-Exploit für AI-Browser Comet entdeckt
Sicherheitsforscher haben einen API-Exploit für den KI-Browser Comet offengelegt.Der Security-Anbieter SquareX hat eine bisher nicht dokumentierte API innerhalb des KI-Browsers Comet offengelegt. Damit können beliebige Befehle über eingebettete Erweiterungen ausgeführt und Anwendungen gestartet werden Funktionen, die von Mainstream-Browsern absichtlich blockiert werden.Die API lässt sich direkt von perplexity.ai auslösen und schafft so einen verdeckten Execution Channel.…
-
Sind Phishing-Tests sinnvoll oder kontraproduktiv?
Phishing ist der Klassiker unter den Cyberangriffen, denn es ist kostengünstig, effektiv und oft der erste Schritt, um Systeme zu kompromittieren. Kein Wunder, dass Unternehmen ihren Mitarbeitenden mit Simulationen das richtige User-Verhalten bei Phishing-Versuchen antrainieren wollen. Doch helfen diese gefakten Phishing-Tests wirklich? Auf dem Papier klingt es einfach: Wer für den Ernstfall übt, ist besser…
-
WhatsApp ‘Eternidade’ Trojan Self-Propagates Through Brazil
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/whatsapp-eternidade-trojan-self-propagates-brazil
-
Scam USPS and E-Z Pass Texts and Websites
Tags: banking, credit-card, cybercrime, google, government, group, password, phishing, scam, software, toolGoogle has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card…
-
KI macht Phishing-Mails gefährlich echt: So schützt du dich vor dem Cyberangriff
First seen on t3n.de Jump to article: t3n.de/news/ki-phishing-mails-schuetzen-cyberangriff-1707881/
-
Smashing Security podcast #444: We’re sorry. Wait, did a company actually say that?
Stop the press – a company has actually said “sorry” after a data breach, and hotels are helping hackers phish their own guests. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-444/
-
Smashing Security podcast #444: We’re sorry. Wait, did a company actually say that?
Stop the press – a company has actually said “sorry” after a data breach, and hotels are helping hackers phish their own guests. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-444/
-
Phake-Phishing: Phundamental oder Pherrückt?
Auf dem Papier klingt es einfach: Wer für den Ernstfall übt, ist besser gewappnet. Das gilt im Sport, im Militär, in der Krisenvorsorge und auch in der Cybersicherheit. Simulierte Cyberangriffe (Red- und Purple-Teaming), Capture-the-Flag Cybersicherheitswettbewerbe oder Planspiele (Tabletop-Übungen) zeigen, dass Vorbereitungen wirksam sind. Warum also nicht auch beim Phishing? Die Realität ist jedoch komplex. First…
-
Black Friday-Warnung: Phishing-Welle mit IKEA, Amazon und Temu
Cyberkriminelle missbrauchen IKEA, Kaufland und MediaMarkt für großangelegte Betrugsaktionen. Deutschland ist dabei das zweitwichtigstes Ziel nach den USA First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/black-friday-phishing
-
Cybersecurity Report zeigt: Malware-Angriffe sind 2025 um 131 % gestiegen
Malware-Angriffe per E-Mail nahmen im Vergleich zum Vorjahr um 131 % zu, begleitet von einem Anstieg von Betrugsversuchen (+ 35 %) und Phishing (+ 21 %). 77 % der CISOs identifizieren KI-generiertes Phishing als ernsthafte und zunehmende Bedrohung. 68 % der Unternehmen investierten 2025 in KI-gestützte Schutzmaßnahmen. Der jährliche Cybersecurity Report von Hornetsecurity zeigt:… First…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
Sneaky2FA PhaaS kit now uses redteamers’ Browserthe-Browser attack
Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving “customers” the option to launch highly deceptive attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sneaky2fa-phaas-kit-now-uses-redteamers-browser-in-the-browser-attack/
-
How to Improve Credential Security
Michael Leland of Island on How to Enhance Credential Security. From infostealers to phishing, almost 90% of all data breaches now involve the use of stolen credentials – leading to billions of dollars in losses. Michael Leland of Island opens up on the role of the modern enterprise browser in mitigating these risks created by…
-
eSchool News: How K-12 IT Teams Lock Down QR-Based SSO Without Hurting Usability
This article was originally published in eSchool News on 11/10/25 by Charlie Sander. Phishing via QR codes, a tactic now known as “quishing,” involves attackers embedding malicious QR codes in emails or posters Schools can keep QR logins safe and seamless by blending clear visual cues, ongoing user education, and risk-based checks behind the scenes…
-
Security startup Guardio nabs $80M from ION Crossover Partners
Guardio is leveraging its experience building browser extensions and apps that scan for malicious and phishing sites to build a tool that looks for artifacts in code and websites made with vibe coding tools. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/19/security-startup-guardio-nabs-80m-from-ion-crossover-partners/
-
Sue The Hackers Google Sues Over Phishing as a Service
Google’s Lighthouse lawsuit signals a new era in cybersecurity, where companies use civil litigation”, including the CFAA, Lanham Act, and RICO”, to dismantle phishing networks, seize malicious infrastructure, and fight hackers when criminal prosecution falls short. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/sue-the-hackers-google-sues-over-phishing-as-a-service/
-
Sue The Hackers Google Sues Over Phishing as a Service
Google’s Lighthouse lawsuit signals a new era in cybersecurity, where companies use civil litigation”, including the CFAA, Lanham Act, and RICO”, to dismantle phishing networks, seize malicious infrastructure, and fight hackers when criminal prosecution falls short. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/sue-the-hackers-google-sues-over-phishing-as-a-service/
-
Fraud Awareness Week Wie sich Organisationen wirksam vor Betrug und Phishing schützen
Moderne Technologien sind unverzichtbar, aber sie können das menschliche Urteilsvermögen nicht ersetzen. Die Fraud Awareness Week bietet deshalb eine gute Gelegenheit, bestehende Schulungsprogramme zu überprüfen, interne Abläufe weiterzuentwickeln und das Engagement für eine menschenzentrierte Sicherheitsstrategie zu stärken. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/fraud-awareness-week-wie-sich-organisationen-wirksam-vor-betrug-und-phishing-schuetzen/a42879/
-
LinkedIn Phishing: die neue Spielwiese der Betrüger
LinkedIn Phishing ist ein wachsendes Problem. Das Netzwerk wurde zu einem guten Einstiegspunkt, um betrügerische Nachrichten zu verschicken. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/szene/linkedin-phishing-die-neue-spielwiese-der-betrueger-323192.html
-
New Phishing Kit Using BitB Technique Targets Microsoft Accounts to Steal Credentials via Sneaky 2FA Attack
The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated phishing techniques to bypass security controls and steal user credentials. Security researchers at Push Security have recently identified a concerning development in the Phishing-as-a-Service (PhaaS) ecosystem: the Sneaky2FA phishing kit has incorporated the Browser-in-the-Browser (BitB) technique to target Microsoft account credentials with unprecedented…
-
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale.Push Security, in a report shared with The Hacker News, said it observed the…
-
The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA
Tycoon 2FA enables turnkey real-time MFA relays behind 64,000+ attacks this year, proving legacy MFA collapses the moment a phishing kit targets it. Learn from Token Ring how biometric, phishing-proof FIDO2 hardware blocks these relay attacks before they succeed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-tycoon-2fa-phishing-platform-and-the-collapse-of-legacy-mfa/
-
Thousands of fake travel sites used in ongoing Russian phishing campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/thousands-of-fake-travel-sites-used-in-ongoing-russian-phishing-campaign