Tag: qr

Phishing boomt (nicht nur) im Weihnachtsgeschäft

Dec 1, 2025 10:49 AM

Tags: mail, phishing, qr

Gefälschte und mit Schadsoftware verseuchte E-Mails, SMS oder QR-Codes: Sicherheitstipps für Online-Shopping vor Weihnachten. In der Vorweihnachtszeit boomt der Onlinehandel, angeheizt durch Rabattwochen rund um »Black Friday« und »Cyber Monday«. Doch wo Verbraucherinnen und Verbraucher nach Schnäppchen suchen, lauern häufig auch Betrüger. Phishing zählt dabei laut dem aktuellen »Bundeslagebild Cybercrime« des Bundeskriminalamts (BKA) zu den……
Sharjah Police Experiment Exposes How Easily People Fall for Fake QR Codes

Nov 26, 2025 1:49 PM

Tags: cybersecurity, qr

A cybersecurity experiment conducted by Sharjah Police has revealed how easily QR codes can mislead individuals, particularly when these codes promise conveniences such as free WiFi. The police placed an unbranded QR code in a public area with a simple message, “Free WiFi”, to measure how many people would scan it without verifying its source.…
Sharjah Police Experiment Exposes How Easily People Fall for Fake QR Codes

Nov 26, 2025 1:49 PM

Tags: cybersecurity, qr

A cybersecurity experiment conducted by Sharjah Police has revealed how easily QR codes can mislead individuals, particularly when these codes promise conveniences such as free WiFi. The police placed an unbranded QR code in a public area with a simple message, “Free WiFi”, to measure how many people would scan it without verifying its source.…
eSchool News: How K-12 IT Teams Lock Down QR-Based SSO Without Hurting Usability

Nov 19, 2025 3:49 PM

Tags: email, login, malicious, phishing, qr, risk

This article was originally published in eSchool News on 11/10/25 by Charlie Sander. Phishing via QR codes, a tactic now known as “quishing,” involves attackers embedding malicious QR codes in emails or posters Schools can keep QR logins safe and seamless by blending clear visual cues, ongoing user education, and risk-based checks behind the scenes…
Öffentliche Verwaltung im Visier von Cyberspionen

Nov 11, 2025 12:20 PM

Tags: access, alphv, bsi, cyberattack, cybercrime, encryption, germany, governance, government, infrastructure, lockbit, microsoft, open-source, phishing, qr, service, vulnerability

Laut BSI haben es Cyberspione aktuell besonders auf die öffentliche Verwaltung abgesehen.Cyberspione haben es in Deutschland derzeit besonders auf die öffentliche Verwaltung abgesehen. Das geht aus dem aktuellen Lagebericht des Bundesamtes für Sicherheit in der Informationstechnik (BSI) hervor. Eine nennenswerte Anzahl von Geschädigten gab es demnach auch in den Sektoren Verteidigung, Rechtspflege, öffentliche Sicherheit und…
Quishing: QRC-Scans können Kiste der Pandora öffnen

Nov 7, 2025 12:19 AM

Tags: qr

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/quishing-qrc-scans-kiste-pandora-oeffnung
Quishing: QRC-Scans können Kiste der Pandora öffnen

Nov 7, 2025 12:19 AM

Tags: qr

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/quishing-qrc-scans-kiste-pandora-oeffnung
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
The Phishing Renaissance, How AI Brought Back the Classics

Nov 1, 2025 8:20 AM

Tags: ai, attack, deep-fake, email, phishing, qr, scam
The Phishing Renaissance, How AI Brought Back the Classics

Nov 1, 2025 8:20 AM

Tags: ai, attack, deep-fake, email, phishing, qr, scam
Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters

Oct 22, 2025 4:26 PM

Tags: api, attack, cyber, cybercrime, email, password, phishing, qr, tactics, threat

Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In 2025, attackers are noted tried-and-true approaches”, like password-protected attachments and calendar invites”, with new twists such as QR codes, multi-stage verification chains, and live API integrations. These refinements not only…
New QR Code-Based Quishing Attack Targets Microsoft Users

Oct 9, 2025 3:23 PM

Tags: antivirus, attack, cyber, exploit, microsoft, qr

A sophisticated quishing campaign leveraging weaponized QR codes has been uncovered, specifically targeting Microsoft users with seemingly innocuous document review requests. By exploiting advanced evasion techniques”, splitting the QR code into two separate images, using non-standard color palettes, and drawing the code directly via PDF content streams”, attackers are able to bypass traditional antivirus and…
Phishing Is Moving From Email to Mobile. Is Your Security?

Oct 2, 2025 4:41 PM

Tags: email, mobile, phishing, qr

With SMS, voice, and QR-code phishing incidents on the rise, it’s time to take a closer look at securing the mobile user. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/phishing-moving-email-mobile-is-your-security
Phishing Is Moving From Email to Mobile. Is Your Security?

Oct 2, 2025 4:41 PM

Tags: email, mobile, phishing, qr

With SMS, voice, and QR-code phishing incidents on the rise, it’s time to take a closer look at securing the mobile user. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/phishing-moving-email-mobile-is-your-security
That innocent PDF is now a Trojan Horse for Gmail attacks

Oct 2, 2025 5:41 AM

Tags: access, attack, awareness, cio, ciso, corporate, credentials, cybersecurity, defense, detection, email, endpoint, hacker, infrastructure, network, phishing, qr, ransomware, risk, social-engineering, spear-phishing, theft, threat, tool, training, zero-trust

Personal email use increases enterprise risk: Employees are increasingly accessing personal email accounts from corporate machines; it is commonplace in hybrid and remote work environments. But considering that hackers have access to easily-usable tools like MatrixPDF, experts advise enterprises to be more vigilant.CISOs and CIOs should consider opportunities to either restrict access to personal webmail…
New npm Malware Steals Browser Passwords via Steganographic QR Code

Sep 23, 2025 2:16 PM

Tags: credentials, cyber, email, malware, password, qr, threat

A novel npm package named fezbox has been uncovered by the Socket Threat Research Team as a sophisticated malware delivery mechanism that exfiltrates username and password credentials from browser cookies via an embedded QR code. Published under the npm alias janedu (registration email janedu0216@gmail[.]com), the package masquerades as a harmless JavaScript/TypeScript utility library while quietly…
NPM package caught using QR Code to fetch cookie-stealing malware

Sep 23, 2025 1:15 PM

Tags: credentials, data, malware, qr

Newly discovered npm package ‘fezbox’ employs QR codes to hide a second-stage payload to steal cookies from a user’s web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/npm-package-caught-using-qr-code-to-fetch-cookie-stealing-malware/
Microsoft DCU’s Takedown of RaccoonO365

Sep 23, 2025 5:16 AM

Tags: access, advisory, business, communications, computer, corporate, credentials, crime, crypto, cyber, data, detection, email, fraud, google, hacker, hacking, healthcare, infrastructure, intelligence, jobs, law, linkedin, login, malware, microsoft, password, phishing, privacy, qr, service, spam

When I saw the name of the Microsoft Digital Crime Unit’s latest target, “RaccoonO365” I probably reacted to it differently than most. With the help of a friend in Lagos, we’ve been watching the money launderers and things have reached a point that they now refer to what we previously called “Business Email Compromise” or…
Product showcase: Clean Links exposes what’s hiding behind a QR code

Sep 16, 2025 7:15 AM

Tags: qr, scam

Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/product-showcase-clean-links-app-qr-code-scanner/
Product showcase: Clean Links exposes what’s hiding behind a QR code

Sep 16, 2025 7:15 AM

Tags: qr, scam

Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/product-showcase-clean-links-app-qr-code-scanner/
5 ways CISOs are experimenting with AI

Sep 9, 2025 10:08 AM

Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-management

Translating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
5 ways CISOs are experimenting with AI

Sep 9, 2025 10:08 AM

Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-management

Translating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
EAngriffe steigen um 27 % dynamisches Phishing nimmt zu

Sep 7, 2025 12:20 PM

Tags: cyber, cyberattack, mail, phishing, qr, tool

Cyber-Kriminelle setzen verstärkt auf bewährte Angriffsmuster und nutzen dabei zunehmend QR-Codes für Phishing-Attacken. Gleichzeitig professionalisiert sich die Szene durch standardisierte Tools aus dem Darknet. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/e-mail-angriffe-steigen-27-prozent
Varonis buys AI email security firm SlashNext

Sep 2, 2025 5:20 PM

Tags: ai, business, detection, email, qr

An independent testing firm found that SlashNext’s product has a 100% detection rate for business email compromise and QR code attacks. First seen on cyberscoop.com Jump to article: cyberscoop.com/varonis-slashnext-acquisition-ai-email-security/
Breach Roundup: Scattered Spider Hacker Gets 10 Years

Aug 21, 2025 9:55 PM

Tags: apple, breach, business, hacker, north-korea, qr, tactics

Also: New ‘Quishing’ Tactics, Pro-Houthi Hacker Sentenced to 20 Months. This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an…
Hackers Weaponize QR Codes With Malicious Links to Steal Sensitive Data

Aug 21, 2025 9:55 PM

Tags: credentials, cyber, cybersecurity, data, email, exploit, hacker, malicious, phishing, qr

Quishing, a powerful form of phishing that uses malicious hyperlinks contained in QR codes to expose user credentials and sensitive data, has surfaced in the ever-changing field of cybersecurity threats. Unlike traditional phishing, which relies on clickable links or deceptive emails, quishing exploits the inherent opacity of QR codes, which are unreadable to the human…
Hackers Weaponize QR Codes in New ‘Quishing’ Attacks

Aug 20, 2025 3:54 PM

Tags: attack, hacker, malicious, phishing, qr

Researchers discovered two new phishing techniques where attackers split malicious QR codes or embed them into legitimate ones First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-qr-codes-new-quishing/
Quishing die neue Dimension des Phishings mit QR-Codes

Aug 20, 2025 1:54 PM

Tags: banking, phishing, qr

QR-Codes sind längst Alltag: ob für Restaurant-Speisekarten, Event-Tickets, Banking-Apps oder Logins. Doch gerade ihre Allgegenwärtigkeit macht sie zu einem attraktiven Angriffsziel für Cyberkriminelle. First seen on it-daily.net Jump to article: www.it-daily.net/shortnews/quishinf-phishing-mit-qr-codes