Google Threat Intelligence Group reported a novel phishing campaign attributed to a suspected Russian espionage actor, UNC5837, targeting European government and military organizations. Attackers used signed .rdp files to establish Remote Desktop Protocol connections, enabling them to access victim systems and potentially exfiltrate sensitive information, highlighting the risks associated with lesser-known RDP functionalities.

The article discusses the release of the source code for Ermac v3.0, a sophisticated banking Trojan that has been used to steal sensitive information from users. It highlights the potential risks associated with this malware and urges users to be vigilant against security threats.

A misconfigured Azure Blob storage container belonging to TalentHook has exposed nearly 26 million resumes, containing sensitive personal information of US job seekers. This breach poses significant risks for identity theft and targeted phishing attacks, leading to potential harassment and fraud against individuals whose data was leaked.

Scammers are exploiting unsecured cellular routers from Milesight IoT to launch SMS phishing campaigns, known as smishing, that have been active since October 2023. Researchers found over 18,000 routers exposed online, with many allowing unauthorized access and running outdated firmware, making them an effective tool for decentralized phishing efforts targeting users in multiple countries.

The article provides a comprehensive checklist for businesses to protect against business email compromise (BEC) scams, outlining key steps, best practices, and preventive measures. It emphasizes the importance of employee training and vigilance to recognize and respond to suspicious emails effectively. Additionally, it highlights the necessity of implementing security protocols and technologies to safeguard sensitive information.

An ongoing infostealer campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads. The LastPass TIME team is raising awareness of this threat, which employs SEO tactics to position malicious links prominently in search results, and has already initiated takedown efforts against some of these fraudulent sites.

The article discusses how Vercel's new AI tool has been exploited by malicious actors to automate and enhance phishing attacks. As a result, organizations are urged to bolster their cybersecurity measures to counteract the increasing sophistication of such threats. The misuse of AI in this context raises concerns about the broader implications for digital security and user safety.

Clicking the "unsubscribe" link in emails may seem like a straightforward way to reduce inbox clutter, but cybersecurity experts warn it could expose users to greater risks. Once you click the link, you leave the safety of your email client and potentially face new online threats. It’s crucial to evaluate the security of the source before taking such actions.

A cybersecurity researcher has introduced FileFix, a new variant of the ClickFix social engineering attack, which exploits the Windows File Explorer address bar to execute malicious PowerShell commands. This method tricks users into pasting commands by disguising them within what appears to be a legitimate file-sharing notification, making it a more user-friendly approach for attackers. FileFix highlights the adaptability of phishing techniques, as it presents a familiar interface to users while executing harmful commands.

Researchers at Mandiant have discovered a new malware strain dubbed "UNC6032," which utilizes AI-generated video content to deceive victims. The malware operates primarily through phishing campaigns, leveraging convincing videos to trick users into downloading malicious software. This highlights a growing trend in cyber threats where AI technology is exploited for malicious purposes.

French retailer Auchan has reported a data breach affecting several hundred thousand customers, compromising sensitive information linked to loyalty accounts, such as names, addresses, and contact details. The company has notified affected individuals and the French Data Protection Authority, advising them to be cautious of potential phishing attempts. However, bank data and passwords remain secure following the incident.

Phishing emails are increasingly targeting both human users and AI-based defenses, exploiting gaps in security measures to bypass traditional filters. The evolving tactics used by cybercriminals highlight the need for improved defenses to protect sensitive information and maintain user trust in digital communications.

The blog post discusses a sophisticated phishing scam that impersonates Google Careers, highlighting its various tactics and the challenges it presents in identifying and preventing such attacks. It emphasizes the need for heightened awareness and security measures among users to protect their credentials from these evolving scams.

VirusTotal uncovered a phishing campaign that utilizes SVG files to create deceptive portals mimicking Colombia's judicial system, leading users to download malware. The AI Code Insight feature enabled the detection of these previously undetected SVG files, which cleverly employ JavaScript to simulate a legitimate download process. This highlights the growing use of SVGs in cyberattacks and the importance of AI in identifying such threats.

An artist recounts a phishing experience where a seemingly legitimate journalist's email led to the installation of malware on his Mac. After realizing his mistake, he took immediate action to secure his accounts and reported the incident to authorities, while also analyzing the malware to better understand the threat it posed.

Coinbase experienced a significant data breach in 2025 that compromised the personal information of nearly 70,000 users due to unauthorized access by outsourced call center agents in India. The attackers leveraged social engineering tactics, leading to a rise in phishing attempts, while Coinbase faced estimated remediation costs between $180 million to $400 million and launched a bounty for information on the perpetrators. The incident has sparked discussions on the vulnerabilities associated with outsourcing sensitive customer data management.

A new phishing kit named SessionShark has been discovered, capable of bypassing multi-factor authentication (MFA) to steal Office 365 login credentials. This kit employs sophisticated techniques that make it easier for attackers to gain unauthorized access to sensitive accounts, raising concerns about the effectiveness of current security measures.

Check Point Research reveals that the cyber threat group Scattered Spider is expanding its attacks to include aviation and enterprise sectors, employing sophisticated phishing techniques to compromise organizations. Recent incidents, including a major breach affecting Qantas, highlight the group's tactics such as MFA fatigue and voice phishing, prompting a call for enhanced security measures across affected industries. The report outlines specific phishing domain patterns and offers defensive strategies to mitigate these emerging threats.

Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.

A recent phishing attempt exploited a legitimate Zoom email notification to deceive users into entering their Gmail credentials on a fake login page. The attackers used a "bot protection" gate to enhance the page's legitimacy, allowing for real-time credential exfiltration via WebSocket connections, showcasing how trusted platforms can be manipulated for cybercrime.

Toys “R” Us Canada has notified customers of a data breach in which threat actors leaked personal customer information, including names, addresses, emails, and phone numbers, but not passwords or credit card details. The breach was discovered on July 30, 2025, when the data was posted on the dark web, prompting the company to enhance its cybersecurity measures and notify regulatory authorities. Customers are advised to be vigilant against phishing attempts following the breach.

A sophisticated phishing campaign is leveraging weaknesses in Google Sites to spoof Google no-reply email addresses, allowing attackers to bypass email authentication checks. By redirecting users to deceptive Google Sites pages, the campaign exploits the platform's trusted domain and SSL certificates to appear legitimate.

VoidProxy is a new phishing service that effectively bypasses multi-factor authentication (MFA) from major platforms such as Microsoft and Google. It allows cybercriminals to exploit vulnerabilities in the MFA process, increasing the risk of account breaches for users who rely on these security measures. The service is designed to steal user credentials and session tokens, making it a significant threat to online security.

The article discusses the exploitation of Microsoft Teams for delivering malware through direct messages, highlighting the tactics employed by cybercriminals to bypass security measures. It emphasizes the need for organizations to enhance their cybersecurity protocols to mitigate such threats.

Scammers are targeting LastPass users by sending deceptive messages claiming that the users are deceased in an attempt to extract their login credentials. These phishing attempts exploit users' emotions and trust to gain unauthorized access to their accounts. Users are advised to remain vigilant and report any suspicious communications.

iClicker's website was compromised in a ClickFix attack that used a fake CAPTCHA to trick users into executing a PowerShell script that potentially installed malware on their devices. The attack, targeting college students and instructors, aimed to steal sensitive data, but the malware's specific nature varied based on the visitor type. Users who interacted with the fake CAPTCHA between April 12 and April 16, 2025, are advised to change their passwords and run security checks on their devices.

A series of data breaches affecting companies such as Qantas, Allianz Life, LVMH, and Adidas has been attributed to the ShinyHunters extortion group, which uses voice phishing to compromise Salesforce CRM accounts. The attackers impersonate IT support to manipulate employees into entering connection codes that link malicious applications to Salesforce environments, leading to data theft and potential extortion attempts without public leaks so far. Salesforce has confirmed that their platform is not compromised, emphasizing the importance of customer vigilance against social engineering attacks.

Spanish authorities have arrested a 25-year-old Brazilian national known as GoogleXcoder, who is accused of leading the GXC Team crime-as-a-service operation that sold phishing kits and Android malware. The GXC Team targeted banks and other organizations, contributing to significant financial losses through their phishing campaigns.

Cybersecurity experts warn that malicious PDFs are increasingly being used as delivery mechanisms for phishing attacks, particularly targeting Gmail users. These PDFs can masquerade as legitimate documents but contain links or scripts designed to steal user credentials and sensitive information. Awareness and caution are crucial for users to avoid falling victim to these deceptive tactics.

A recent phishing scam has been exploiting Google's email system by using "no-reply" addresses to trick users into revealing sensitive information. The scam takes advantage of legitimate-looking emails to bypass security measures, highlighting the need for better user awareness and email authentication practices. Google has taken steps to improve its security protocols to combat such fraudulent activities.

ParkMobile has settled a class action lawsuit regarding a 2021 data breach that affected 22 million users, offering a meager $1 in-app credit to victims. Users must manually claim the credit, which comes with an expiration date, and the company denies any wrongdoing despite the settlement. Caution is advised as phishing attempts targeting ParkMobile customers have increased following the breach announcement.

A phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, prompting recipients to download a malicious desktop application. The downloaded software installs a remote management tool called Syncro, enabling threat actors to remotely access users' computers and potentially steal sensitive information. LastPass has clarified that these claims are false and users should verify security alerts through official channels.

Cybercriminals are increasingly targeting brokerage accounts using sophisticated phishing schemes to execute "ramp and dump" scams, manipulating stock prices without traditional social media promotions. By utilizing compromised accounts, they purchase shares to inflate prices and then sell at a profit, leaving victims with worthless stocks. The scheme highlights vulnerabilities in multi-factor authentication processes that many financial institutions still rely on.

A multi-stage reverse proxy card skimming attack has been discovered that exploits fake GIFs to capture sensitive payment information. The attack involves complex techniques to evade detection and highlights the importance of securing payment processes against such sophisticated threats.

A recent phishing campaign targeting Ukraine impersonates government agencies, using malicious SVG files to deliver malware including Amatera Stealer and PureMiner. Upon opening the attachment, victims unwittingly download a CHM file that executes a series of malicious actions, ultimately compromising sensitive information and hijacking system resources.

BitMEX successfully thwarted a social engineering attack by the Lazarus Group, a North Korean hacking collective, uncovering potential IP addresses and significant security lapses in the process. The attack involved an employee being targeted for malicious code execution, which led to an investigation revealing critical insights into the group's methods and operational weaknesses.

A sophisticated phishing scheme named BeaverTail masquerades as a job offer for an AI engineering role, tricking developers into executing malicious code from a fake GitHub repository. This malware operates in five stages, stealing sensitive information, establishing remote access, and deploying additional malicious components while exploiting trust through social engineering tactics.

A fake version of ChatGPT, disguised as an InVideo AI tool, is tricking users into downloading ransomware. This malicious software locks users out of their systems and demands a ransom for access. The incident highlights the urgent need for vigilance against such deceptive schemes in the AI landscape.

Payroll fraud has emerged as a significant threat, with attackers leveraging SEO poisoning to steal paychecks from unsuspecting employees. By manipulating search engine results, these fraudsters lead victims to phishing sites designed to harvest sensitive payroll information. Organizations need to enhance their cybersecurity measures to protect against these evolving tactics.

A phishing scam targeting Booking.com users is spreading, utilizing a fake CAPTCHA to deceive victims into revealing their personal information. The scam is designed to look legitimate, making it crucial for users to remain vigilant and verify any unexpected requests for sensitive data. Cybersecurity experts are urging users to report suspicious activities promptly.

Microsoft has issued a warning about a phishing scam known as "Payroll Pirate" that compromises employee accounts on Workday and other HR platforms. Attackers gain access through deceptive emails and adversary-in-the-middle tactics, allowing them to redirect payroll deposits to their own accounts. The scam has targeted multiple universities, resulting in compromised accounts and widespread phishing attempts.

APT36 is a sophisticated phishing campaign targeting Indian government entities, primarily using deceptive emails to harvest sensitive information. The campaign employs various tactics to circumvent security measures, posing significant risks to national cybersecurity. Continuous monitoring and awareness are crucial for mitigating these threats.

A hacker successfully executed a voice phishing attack targeting Cisco customers, managing to steal their personal information. This incident highlights the ongoing risks associated with social engineering tactics in cybersecurity. Cisco has urged its clients to remain vigilant against such fraudulent schemes.

A significant rise in identity-based cyberattacks, driven by advanced phishing kits and infostealers, has led to a 156% increase in login-targeting attacks, making them 59% of all investigations by eSentire. Organizations are urged to adopt stronger security measures, such as passkeys, to combat the growing threat of business email compromise (BEC) and ransomware, which are often facilitated by phishing-as-a-service platforms.

Takuya shares a frightening experience of receiving a phishing email disguised as a user support inquiry. The email led him to a malicious link that prompted him to execute a dangerous command in his terminal, highlighting the increasing sophistication of phishing attempts and the importance of staying vigilant against such threats.

A significant rise in phishing activities using .es domains has been reported, with a 19-fold increase in malicious campaigns since January, making it the third most common TLD for such activities. Most of these campaigns focus on credential phishing, primarily spoofing Microsoft, and are often hosted on Cloudflare services. Researchers warn that this trend may indicate a growing tactic among various threat actors rather than just a few specialized groups.

Security researchers have linked various malware campaigns to the Proton66 network, which provides bulletproof hosting services for cybercriminals. These campaigns exploit compromised WordPress websites and have targeted users with phishing schemes and information stealers, particularly in specific regions such as Korea and Europe.

Phishing sites are masquerading as legitimate downloads from DeepSeek, distributing a proxy backdoor that compromises users' systems. These malicious sites exploit trust to lure victims into downloading harmful software. Users are advised to be cautious and verify sources before downloading applications.

Cybercriminals are impersonating job seekers to deliver ransomware through malicious resumes. By establishing trust on platforms like LinkedIn and using phishing tactics, they manipulate recruiters into opening harmful files. Security experts advise organizations to implement stricter measures to protect against these sophisticated social engineering attacks.

Stormshield's CTI team discovered servers linked to APT35, an Iranian APT group known for phishing campaigns. The team provided insights on how to identify these servers, highlighting ongoing phishing tactics targeting various sectors, particularly in Israel. They shared specific indicators of compromise and methods for tracking related domains.

The article discusses how Microsoft Edge implements website typo protection to combat typosquatting, a form of cybercrime where attackers register domains that are similar to popular sites to deceive users. It emphasizes the importance of this feature in enhancing user security and preventing phishing attacks through misspelled URLs.

Ransomware is evolving with the integration of GenAI and LLMs, leading to more sophisticated attacks such as AI-driven phishing and quadruple extortion. Experts discuss how groups like CL0P and FunkSec utilize AI to enhance their operations and pressure victims, while emphasizing the need for defenders to implement AI-aware security measures across various platforms. Strategies for securing identities and leveraging API visibility against emerging threats are also highlighted.

Silent smishing exploits vulnerable cellular router APIs to conduct phishing attacks via SMS, allowing attackers to access sensitive information without authentication. The article discusses various attack methods, including the impersonation of legitimate organizations, and emphasizes the need for vigilance against such threats.

A significant smishing campaign attributed to a Chinese-speaking threat actor, known as the Smishing Triad, has exploited over 194,000 domains to gather sensitive information, including Social Security numbers. The campaign impersonates various services, targeting users worldwide, and employs a decentralized approach to evade detection.

Air France and KLM have reported a data breach resulting from unauthorized access to a third-party platform, compromising customer information such as names, contact details, and loyalty program numbers. The airlines have advised customers to be cautious of phishing attempts but confirmed that sensitive information like passwords and credit card details were not accessed.

A massive leak of 16 billion login credentials from various online services has been confirmed, marking one of the largest data breaches in history. Cybersecurity experts warn that these compromised credentials pose a significant risk for account takeovers and phishing attacks, emphasizing the importance of switching to secure passkeys and maintaining strong password hygiene. Users are urged to change passwords, utilize password managers, and adopt multi-factor authentication to protect their accounts.

Cybercriminals are exploiting Meta's advertising platforms to promote a fake TradingView Premium app that distributes the Brokewell malware for Android devices. This malware is capable of stealing sensitive information, monitoring users, and taking control of compromised devices, specifically targeting mobile users with localized ads since July 22nd. Researchers from Bitdefender have detailed the malware's advanced functionalities, including stealing cryptocurrency and bypassing two-factor authentication.

Fake software activation videos circulating on TikTok are promoting the Vidar stealer malware, which compromises user data and credentials. Users are lured into downloading malicious software disguised as legitimate tools, leading to significant security risks and potential data breaches. The article highlights the importance of cybersecurity awareness in the face of such deceptive tactics on social media platforms.

A phishing kit called CoGUI has sent over 580 million emails aimed at stealing credentials and payment data, primarily targeting Japan, but also affecting other countries like the US and Canada. The campaign peaked in January 2025 with 170 campaigns targeting millions of users, and it has been linked to threat actors from China. Researchers warn that the kit's adoption could expand its reach to other cybercriminals and regions.

ThreatLocker Web Control allows organizations to manage web access and block phishing threats without the need for additional tools, simplifying cybersecurity management. It offers quick setup, prebuilt protections, and the ability to enforce security policies across both managed and unmanaged devices. The platform aims to eliminate third-party risks while enhancing visibility and control over web access.

Adidas has confirmed that hackers stole personal data from a third-party customer service provider, primarily affecting contact information of customers who interacted with their help desk. The company assures that sensitive information like passwords and payment details were not compromised, but warns customers to remain vigilant against potential phishing attempts due to the breach.