Collecting Cyber-News from over 60 sources

Tag: phishing

Attackers use >>Contact Us<< forms and fake NDAs to phish industrial manufacturing firms

Aug 29, 2025 1:23 PM

Tags: defense, detection, phishing

A recently uncovered phishing campaign carefully designed to bypass security defenses and avoid detection by its intended victims is targeting firms in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/29/phishing-manufacturing-supply-chain/
The CBUAE’s SMS and OTP Ban is a Golden Opportunity

Aug 29, 2025 12:24 PM

Tags: attack, banking, compliance, finance, password, phishing, social-engineering
News alert: SquareX finds browser flaw undermining passkeys while exposing banking and SaaS apps

Aug 29, 2025 5:23 AM

Tags: authentication, banking, flaw, passkey, password, phishing, saas

Palo Alto, Calif., Aug. 28, 2025, CyberNewswire, It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/news-alert-squarex-finds-browser-flaw-undermining-passkeys-while-exposing-banking-and-saas-apps/
Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33

Aug 28, 2025 5:23 PM

Tags: authentication, cyber, fido, Hardware, passkey, password, phishing, vulnerability

It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over 15 billion accounts have been passkey-enabled, with 69%…
Weaponized ScreenConnect RMM Tool Deceives Users into Installing Xworm RAT

Aug 28, 2025 5:23 PM

Tags: access, attack, cyber, infection, malware, phishing, rat, social-engineering, tactics, threat, tool

The SpiderLabs Threat Hunt Team recently discovered a cyber campaign in which threat actors used the genuine ScreenConnect remote management application as a weapon to spread the Xworm Remote Access Trojan (RAT) through a multi-phase infection chain. The attack begins with social engineering tactics, including phishing, malvertising, and deceptive social media posts, luring users to…
115.000 Phishing-Emails in einer Woche versendet

Aug 28, 2025 11:23 AM

Tags: awareness, best-practice, cyber, email, google, infrastructure, mail, phishing, saas, software

Eine neue Art des Phishings breitet sich aus. Sie setzt dabei auf bewährte Marken, unaufgeklärte Mitarbeitende und ungeschützte Kanäle.Laut Google nutzen 40 Millionen Lehrer und Schüler weltweit Google Classroom, um Leistungsnachweise, Schulaufgaben und Lehrmaterial bereitzustellen. Da die Software weit verbreitet ist, wird sie attraktiv für Cyberkriminelle. Eine immer noch aktive, weltweite auftretende Kampagne hat der…
The CISO succession crisis: why companies have no plan and how to change that

Aug 28, 2025 10:23 AM

Tags: access, attack, business, ceo, cio, ciso, compliance, control, corporate, cyber, cybersecurity, data, email, flaw, framework, fraud, governance, jobs, phishing, privacy, risk, risk-management, skills, software, technology, threat, training

The technical-to-strategic divide: One major obstacle keeping many mid-level security pros from becoming CISOs isn’t their tech skills, it’s learning to shift from doing hands-on security work to acting as strategic business partners. That change takes a whole new set of skills and a different way of thinking.”I think you see this with a lot…
Ziplining into the Minds of US Supply Chains

Aug 28, 2025 5:23 AM

Tags: attack, malware, phishing, social-engineering, supply-chain

A recent report from Check Point Research uncovered Zipline, a phishing campaign that fuses subtle, patient social engineering with stealthy in-memory malware, together enabling attackers to slip past traditional defences and manipulate human behaviour on a wide scale. “‹ How did they do it, and who was targeted? “‹ A typical phishing attack relies on…
‘ZipLine’ Phishers Flip Script as Victims Email First

Aug 27, 2025 11:23 PM

Tags: email, phishing

ZipLine appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/zipline-phishers-victims-email-first
China Hijacks Captive Portals to Spy on Asian Diplomats

Aug 27, 2025 10:23 PM

Tags: apt, browser, china, chrome, google, network, phishing, spy

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-hijacks-captive-portals-spy-asian-diplomats
TDL001 – Cybersecurity Explained: Privacy, Threats, and the Future – Chester Wisniewski

Aug 27, 2025 8:23 PM

Tags: access, ai, attack, backdoor, breach, business, ciso, computer, country, crime, crimes, cyber, cybercrime, cybersecurity, data-breach, defense, detection, edr, email, finance, firewall, gartner, government, guide, hacker, hacking, Hardware, infosec, Internet, jobs, linkedin, mail, malicious, microsoft, military, monitoring, network, password, phishing, phone, privacy, programming, ransomware, risk, russia, scam, skills, software, sophos, spam, sql, strategy, switch, technology, threat, update, virus, vulnerability, wifi, windows

Summary “The Defenders Log” Episode 1 features host David Redekop and guest Chet Wisniewski discussing the dynamic world of cybersecurity. Wisniewski, with decades of experience, traces his journey from early BBS and phone network exploration to becoming a cybersecurity expert. They delve into the evolution of hacking, the emergence of profitable cybercrime like email spam,…
Google Data Breach Sparks Phishing Wave Targeting Gmail Users

Aug 27, 2025 7:23 PM

Tags: breach, business, data, data-breach, google, phishing, scam

A Google Salesforce breach exposed business data, fueling phishing scams against Gmail users. Learn what happened and how to protect your account. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/google-data-breach-targets-gmail/
Phishing Emails Are Now Aimed at Users and AI Defenses.

Aug 27, 2025 4:24 PM

Tags: email, phishing

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/phishing-emails-are-now-aimed-at-users-and-ai-defenses/
Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Aug 27, 2025 12:23 PM

Tags: attack, cybersecurity, dns, government, group, intelligence, phishing, rat, threat

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025.These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under…
New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over Devices

Aug 27, 2025 11:23 AM

Tags: ai, phishing, software, tactics

Abnormal AI said the campaign, which lures victims into downloading legitimate RMM software, marks a major evolution in phishing tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-abuses-connectwise-take/
TDL003 – Breaking Barriers: IPv6 Adoption and DNS Transformation with Tommy Jensen

Aug 27, 2025 5:23 AM

Tags: access, ai, apple, attack, backup, banking, browser, business, ceo, chrome, ciso, compliance, computer, computing, control, country, credentials, cybersecurity, data, data-breach, ddos, dns, encryption, endpoint, google, government, group, international, Internet, jobs, law, microsoft, mobile, network, phishing, phone, privacy, programming, radius, risk, service, smishing, strategy, switch, technology, threat, update, vpn, windows, zero-trust

Summary This episode of the Defender’s Log features special guest Tommy Jensen, an internet technologist specializing in IPv6, Zero Trust, and standards. Jensen’s career path, from an AppleCare contractor to a key figure in advancing internet technologies, is explored. The discussion highlights the critical importance and challenges of migrating to IPv6 and the necessity of…
New ZipLine Campaign Targets Critical Manufacturing Firms with In-Memory MixShell Malware

Aug 27, 2025 1:23 AM

Tags: attack, business, cyber, email, exploit, malicious, malware, phishing, supply-chain

Check Point Research has uncovered a highly persistent phishing operation dubbed ZipLine, which reverses traditional attack vectors by exploiting victims’ own >>Contact Us
Threat Actors Leverage AI Agents to Conduct Social Engineering Attacks

Aug 26, 2025 11:23 PM

Tags: ai, attack, cyber, cybersecurity, deep-fake, email, phishing, social-engineering, threat

Cybersecurity landscapes are undergoing a paradigm shift as threat actors increasingly deploy agentic AI systems to orchestrate sophisticated social engineering attacks. Unlike reactive generative AI models that merely produce content such as deepfakes or phishing emails, agentic AI exhibits autonomous decision-making, adaptive learning, and multi-step planning capabilities. These systems operate independently, pursuing predefined objectives without…
Warning for Windows Users: Global UpCrypter Phishing Attack is Expanding

Aug 26, 2025 10:23 PM

Tags: attack, control, hacker, malware, phishing, windows

Hackers are using fake voicemails and purchase orders to spread UpCrypter malware, giving them remote control over Windows systems worldwide. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-upcrypter-phishing-microsoft-windows/
Sicherheitsrisiken bei Microsoft-365 Manipulation von E-Mail-Regeln, Formularen und Konnektoren

Aug 26, 2025 6:23 PM

Tags: mail, microsoft, phishing, risk, software

Viele IT- und Sicherheitsverantwortliche denken beim Thema E-Mail-Sicherheit vor allem an Phishing und ähnliche Gefahren in Verbindung mit dem Diebstahl von Zugangsdaten durch Cyberkriminelle. Aber zunehmend rücken auch bislang weniger beachtete Funktionen von E-Mail-Software wie Outlook in den Fokus der Diskussion: E-Mail-Regeln, Formulare und Mailfluss-Konnektoren können manipuliert werden und bergen ein ernstzunehmendes Risiko für Unternehmen,…
Phishing Campaign Uses UpCrypter to Deploy Remote Access Tools

Aug 26, 2025 6:23 PM

Tags: access, email, malware, phishing, tool

A global phishing campaign has been identified using personalized emails and fake websites to deliver malware via UpCrypter First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-upcrypter-deploy-rat/
Check Point Research deckt hochentwickelte Phishing-Kampagne ZipLine auf

Aug 26, 2025 6:23 PM

Tags: ai, cyberattack, mail, phishing, social-engineering

ZipLine zeigt, wie ausgeklügelt Social-Engineering-Angriffe inzwischen sind. Webformular-Missbrauch, langfristige E-Mail-Konversationen und KI-bezogene Köder machen herkömmliche Erkennungsmethoden wirkungslos. Um mit der Geschwindigkeit der Angreifer Schritt zu halten, müssen Unternehmen auf ganzheitliche Schutzlösungen setzen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-research-deckt-hochentwickelte-phishing-kampagne-zipline-auf/a41800/
Hochentwickelte Phishing-Kampagne ‘ZipLine” zielt auf Fertigungs- und Lieferkettenindustrie ab

Aug 26, 2025 4:54 PM

Tags: mail, phishing, social-engineering, software

Check Point Research, die Sicherheitsforscher von Check Point Software Technologies warnt vor ‘ZipLine”, eine der fortschrittlichsten Social-Engineering-Phishing-Kampagnen der vergangenen Jahre. Die Attacken zielen präzise auf Unternehmen der US-amerikanischen und kombinieren neuartige Angriffsmethoden mit hohem Schadenspotenzial. Zipline: Umgedrehter Phishing-Ansatz Anstatt klassische Phishing-E-Mails zu versenden, wenden die Angreifer eine ungewöhnliche Vorgehensweise an: Sie nehmen über die öffentlichen…
Hochentwickelte Phishing-Kampagne ‘ZipLine” zielt auf Fertigungs- und Lieferkettenindustrie ab

Aug 26, 2025 4:54 PM

Tags: mail, phishing, social-engineering, software

Check Point Research, die Sicherheitsforscher von Check Point Software Technologies warnt vor ‘ZipLine”, eine der fortschrittlichsten Social-Engineering-Phishing-Kampagnen der vergangenen Jahre. Die Attacken zielen präzise auf Unternehmen der US-amerikanischen und kombinieren neuartige Angriffsmethoden mit hohem Schadenspotenzial. Zipline: Umgedrehter Phishing-Ansatz Anstatt klassische Phishing-E-Mails zu versenden, wenden die Angreifer eine ungewöhnliche Vorgehensweise an: Sie nehmen über die öffentlichen…
MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Aug 26, 2025 3:55 PM

Tags: cybersecurity, email, malware, phishing, social-engineering, supply-chain

Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell.The activity has been codenamed ZipLine by Check Point Research.”Instead of sending unsolicited phishing emails, attackers initiate contact through a company’s public ‘Contact Us’ form, tricking First seen on thehackernews.com Jump to article:…
The Enterprise Risk of OAuth Device Flow Vulnerabilities And How SSOJet Solves It

Aug 26, 2025 10:54 AM

Tags: control, identity, intelligence, phishing, risk, vulnerability

SSOJet delivers far more than “just SSO”: we give your team the visibility, control, and security intelligence needed to defeat device flow phishing and build a future-proof identity management framework. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/the-enterprise-risk-of-oauth-device-flow-vulnerabilities-and-how-ssojet-solves-it/
ThreatActors Leverage Google Classroom to Target 13,500 Organizations

Aug 25, 2025 10:54 PM

Tags: cyber, email, exploit, google, malicious, phishing, threat

Google Classroom, a popular educational platform, has been exploited by threat actors to launch a major phishing campaign in a complex operation discovered by Check Point researchers. Over a single week from August 6 to August 12, 2025, attackers disseminated more than 115,000 malicious emails across five coordinated waves, targeting approximately 13,500 organizations globally. These…
Fast-Spreading, Complex Phishing Campaign Installs RATs

Aug 25, 2025 9:55 PM

Tags: access, corporate, credentials, network, phishing, rat

Attackers not only steal credentials but also can maintain long-term, persistent access to corporate networks through the global campaign. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/fast-spreading-phishing-installs-rats
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Aug 25, 2025 8:55 PM

Tags: cybersecurity, email, fortinet, malicious, malware, phishing, rat

Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware loader called UpCrypter.The campaign leverages “carefully crafted emails to deliver malicious URLs linked to convincing phishing pages,” Fortinet FortiGuard Labs researcher Cara Lin said. “These pages are designed to entice recipients into downloading JavaScript First seen…
Fake Voicemail Emails Install UpCrypter Malware on Windows

Aug 25, 2025 7:54 PM

Tags: control, email, hacker, malware, phishing, windows

FortiGuard Labs warns of a global phishing campaign that delivers UpCrypter malware, giving hackers complete control of infected… First seen on hackread.com Jump to article: hackread.com/fake-voicemail-emails-install-upcrypter-malware-windows/