Tag: qr
-
Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters
Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In 2025, attackers are noted tried-and-true approaches”, like password-protected attachments and calendar invites”, with new twists such as QR codes, multi-stage verification chains, and live API integrations. These refinements not only…
-
New QR Code-Based Quishing Attack Targets Microsoft Users
A sophisticated quishing campaign leveraging weaponized QR codes has been uncovered, specifically targeting Microsoft users with seemingly innocuous document review requests. By exploiting advanced evasion techniques”, splitting the QR code into two separate images, using non-standard color palettes, and drawing the code directly via PDF content streams”, attackers are able to bypass traditional antivirus and…
-
Phishing Is Moving From Email to Mobile. Is Your Security?
With SMS, voice, and QR-code phishing incidents on the rise, it’s time to take a closer look at securing the mobile user. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/phishing-moving-email-mobile-is-your-security
-
Phishing Is Moving From Email to Mobile. Is Your Security?
With SMS, voice, and QR-code phishing incidents on the rise, it’s time to take a closer look at securing the mobile user. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/phishing-moving-email-mobile-is-your-security
-
New npm Malware Steals Browser Passwords via Steganographic QR Code
A novel npm package named fezbox has been uncovered by the Socket Threat Research Team as a sophisticated malware delivery mechanism that exfiltrates username and password credentials from browser cookies via an embedded QR code. Published under the npm alias janedu (registration email janedu0216@gmail[.]com), the package masquerades as a harmless JavaScript/TypeScript utility library while quietly…
-
NPM package caught using QR Code to fetch cookie-stealing malware
Newly discovered npm package ‘fezbox’ employs QR codes to hide a second-stage payload to steal cookies from a user’s web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/npm-package-caught-using-qr-code-to-fetch-cookie-stealing-malware/
-
Microsoft DCU’s Takedown of RaccoonO365
When I saw the name of the Microsoft Digital Crime Unit’s latest target, “RaccoonO365” I probably reacted to it differently than most. With the help of a friend in Lagos, we’ve been watching the money launderers and things have reached a point that they now refer to what we previously called “Business Email Compromise” or…
-
Product showcase: Clean Links exposes what’s hiding behind a QR code
Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/product-showcase-clean-links-app-qr-code-scanner/
-
Product showcase: Clean Links exposes what’s hiding behind a QR code
Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/product-showcase-clean-links-app-qr-code-scanner/
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
EAngriffe steigen um 27 % dynamisches Phishing nimmt zu
Cyber-Kriminelle setzen verstärkt auf bewährte Angriffsmuster und nutzen dabei zunehmend QR-Codes für Phishing-Attacken. Gleichzeitig professionalisiert sich die Szene durch standardisierte Tools aus dem Darknet. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/e-mail-angriffe-steigen-27-prozent
-
Varonis buys AI email security firm SlashNext
An independent testing firm found that SlashNext’s product has a 100% detection rate for business email compromise and QR code attacks. First seen on cyberscoop.com Jump to article: cyberscoop.com/varonis-slashnext-acquisition-ai-email-security/
-
Breach Roundup: Scattered Spider Hacker Gets 10 Years
Also: New ‘Quishing’ Tactics, Pro-Houthi Hacker Sentenced to 20 Months. This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an…
-
Hackers Weaponize QR Codes With Malicious Links to Steal Sensitive Data
Quishing, a powerful form of phishing that uses malicious hyperlinks contained in QR codes to expose user credentials and sensitive data, has surfaced in the ever-changing field of cybersecurity threats. Unlike traditional phishing, which relies on clickable links or deceptive emails, quishing exploits the inherent opacity of QR codes, which are unreadable to the human…
-
Hackers Weaponize QR Codes in New ‘Quishing’ Attacks
Researchers discovered two new phishing techniques where attackers split malicious QR codes or embed them into legitimate ones First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-qr-codes-new-quishing/
-
Quishing die neue Dimension des Phishings mit QR-Codes
QR-Codes sind längst Alltag: ob für Restaurant-Speisekarten, Event-Tickets, Banking-Apps oder Logins. Doch gerade ihre Allgegenwärtigkeit macht sie zu einem attraktiven Angriffsziel für Cyberkriminelle. First seen on it-daily.net Jump to article: www.it-daily.net/shortnews/quishinf-phishing-mit-qr-codes
-
PoisonSeed Attack Tricks Users into Scanning Malicious MFA QR Codes
A sophisticated new cyber attack technique has emerged that exploits the cross-device sign-in features of FIDO keys, effectively bypassing one of the most secure forms of multifactor authentication (MFA) available today. Security researchers have identified this adversary-in-the-middle (AitM) attack, attributed to the PoisonSeed threat group, which demonstrates how attackers can circumvent hardware-based authentication protections through…
-
Hackers Exploit FIDO MFA With Novel Phishing Technique
PoisonSeed Threat Actor Uses Cross-Device Login Feature and QR Code to Trick Users. Expel researchers have found a novel adversary-in-the-middle phishing technique used by PoisonSeed, a cybercrime group previously tied to large-scale cryptocurrency thefts, to sidestep one of the most secure forms of multifactor authentication – FIDO2 physical keys. First seen on govinfosecurity.com Jump to…
-
‘PoisonSeed’ Attacker Skates Around FIDO Keys
Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/poisonseed-attacker-fido-keys
-
New QR Code Attacks Through PDFs Bypass Detection and Steal Credentials
Tags: attack, communications, credentials, cyber, detection, email, exploit, intelligence, phishing, qrResearchers at Cyble Research and Intelligence Labs (CRIL) have uncovered an ongoing quishing campaign dubbed >>Scanception,
-
Scanception Exposed: New QR Code Attack Campaign Exploits Unmonitored Mobile Access
Tags: access, attack, control, credentials, data-breach, detection, exploit, intelligence, malicious, mobile, qrCyble’s Research and Intelligence Lab (CRIL) has analyzed a new quishing campaign that leverages QR codes embedded in PDF files to deliver malicious payloads. The campaign, dubbed Scanception, bypasses security controls, harvests user credentials, and evades detection by traditional systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/scanception-qr-code-quishing-campaign/
-
Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech
Tags: qrFor decades, manufacturers and security professionals have been playing a high-stakes game of cat and mouse with counterfeiters. From holograms and QR codes to RFID tags and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/15/inorganic-dna-nanoparticles-anti-counterfeiting-tech/
-
Criminals Sending QR Codes in Phishing, Malware Campaigns
The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/criminals-send-qr-codes-phishing