Threat actors are using a Japanese Unicode character to create deceptive phishing links that mimic legitimate Booking.com URLs, tricking users into visiting malicious sites. This technique exploits visual similarities in characters, making it difficult for users to discern the real domain. Security measures are suggested to help users identify and avoid such phishing attempts.

The article discusses the release of the source code for Ermac v3.0, a sophisticated banking Trojan that has been used to steal sensitive information from users. It highlights the potential risks associated with this malware and urges users to be vigilant against security threats.

An ongoing infostealer campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads. The LastPass TIME team is raising awareness of this threat, which employs SEO tactics to position malicious links prominently in search results, and has already initiated takedown efforts against some of these fraudulent sites.

VirusTotal uncovered a phishing campaign that utilizes SVG files to create deceptive portals mimicking Colombia's judicial system, leading users to download malware. The AI Code Insight feature enabled the detection of these previously undetected SVG files, which cleverly employ JavaScript to simulate a legitimate download process. This highlights the growing use of SVGs in cyberattacks and the importance of AI in identifying such threats.

Kaspersky uncovered a cyber espionage campaign dubbed Operation ForumTroll, where sophisticated phishing emails led to infections via a zero-day exploit in Google Chrome. The malware identified, known as "Dante," was traced back to the Italian company Memento Labs and utilized advanced techniques to bypass browser security measures, highlighting ongoing vulnerabilities in web applications.

Slow Pisces, a North Korean state-sponsored threat group, has stolen over $1 billion from the cryptocurrency sector in 2023 by targeting developers through disguised job offers on LinkedIn. They use malware hidden within coding challenges and have been linked to significant thefts from cryptocurrency companies, prompting action from GitHub and LinkedIn to remove malicious accounts. The malware employs advanced techniques like YAML deserialization to evade detection and execute additional payloads.

Researchers at Mandiant have discovered a new malware strain dubbed "UNC6032," which utilizes AI-generated video content to deceive victims. The malware operates primarily through phishing campaigns, leveraging convincing videos to trick users into downloading malicious software. This highlights a growing trend in cyber threats where AI technology is exploited for malicious purposes.

An artist recounts a phishing experience where a seemingly legitimate journalist's email led to the installation of malware on his Mac. After realizing his mistake, he took immediate action to secure his accounts and reported the incident to authorities, while also analyzing the malware to better understand the threat it posed.

A new cyber espionage campaign named "Blind Eagle" has been linked to the Russian group known as Proton66, targeting organizations in Latin America. The attacks primarily focus on stealing sensitive information using sophisticated malware and phishing techniques to compromise victim systems. Experts warn that this campaign illustrates the increasing threat posed by state-sponsored actors in the region.

A newly discovered WinRAR vulnerability, tracked as CVE-2025-8088, has been exploited in phishing attacks to deploy RomCom malware. The flaw allows attackers to create malicious archives that can extract executables into paths that enable remote code execution when a user logs in. Users are urged to update to WinRAR 7.13 to mitigate this risk.

Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.

A new FileFix social engineering attack mimics Meta account suspension alerts to deceive users into installing the StealC infostealer malware. It utilizes a multi-language phishing page that instructs victims to copy a disguised PowerShell command into the File Explorer address bar, ultimately leading to the execution of malicious code hidden within a JPG image. Acronis highlights the evolution of this attack method and emphasizes the need for heightened awareness against such sophisticated phishing tactics.

The article discusses the exploitation of Microsoft Teams for delivering malware through direct messages, highlighting the tactics employed by cybercriminals to bypass security measures. It emphasizes the need for organizations to enhance their cybersecurity protocols to mitigate such threats.

iClicker's website was compromised in a ClickFix attack that used a fake CAPTCHA to trick users into executing a PowerShell script that potentially installed malware on their devices. The attack, targeting college students and instructors, aimed to steal sensitive data, but the malware's specific nature varied based on the visitor type. Users who interacted with the fake CAPTCHA between April 12 and April 16, 2025, are advised to change their passwords and run security checks on their devices.

Cybersecurity experts warn that malicious PDFs are increasingly being used as delivery mechanisms for phishing attacks, particularly targeting Gmail users. These PDFs can masquerade as legitimate documents but contain links or scripts designed to steal user credentials and sensitive information. Awareness and caution are crucial for users to avoid falling victim to these deceptive tactics.

Spanish authorities have arrested a 25-year-old Brazilian national known as GoogleXcoder, who is accused of leading the GXC Team crime-as-a-service operation that sold phishing kits and Android malware. The GXC Team targeted banks and other organizations, contributing to significant financial losses through their phishing campaigns.

Threat actors are exploiting the ConnectWise ScreenConnect installer to create signed remote access malware through a method called authenticode stuffing, which alters hidden settings in the software's digital signature. This has led to infections reported via phishing attacks that trick users into downloading malicious executables disguised as legitimate software. ConnectWise has since revoked the certificate used for these binaries, but the campaign highlights the risks of using modified enterprise tools.

A malicious campaign is targeting macOS developers through fake Homebrew, LogMeIn, and TradingView platforms that distribute infostealing malware such as AMOS and Odyssey. The campaign uses deceptive tactics to trick users into executing harmful commands in Terminal, leading to the theft of sensitive information from their systems. Researchers identified over 85 domains involved in this scheme, which are promoted via Google Ads to appear in search results.

A multi-stage reverse proxy card skimming attack has been discovered that exploits fake GIFs to capture sensitive payment information. The attack involves complex techniques to evade detection and highlights the importance of securing payment processes against such sophisticated threats.

A phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, prompting recipients to download a malicious desktop application. The downloaded software installs a remote management tool called Syncro, enabling threat actors to remotely access users' computers and potentially steal sensitive information. LastPass has clarified that these claims are false and users should verify security alerts through official channels.

A new Android banking Trojan named Anatsa has been discovered, targeting users by mimicking legitimate banking applications. It employs advanced techniques to steal sensitive information and bypass security measures, posing a significant threat to users’ financial security. The malware is spread through malicious apps and phishing campaigns, highlighting the need for increased vigilance among mobile users.

A recent phishing campaign targeting Ukraine impersonates government agencies, using malicious SVG files to deliver malware including Amatera Stealer and PureMiner. Upon opening the attachment, victims unwittingly download a CHM file that executes a series of malicious actions, ultimately compromising sensitive information and hijacking system resources.

A sophisticated phishing scheme named BeaverTail masquerades as a job offer for an AI engineering role, tricking developers into executing malicious code from a fake GitHub repository. This malware operates in five stages, stealing sensitive information, establishing remote access, and deploying additional malicious components while exploiting trust through social engineering tactics.

A fake version of ChatGPT, disguised as an InVideo AI tool, is tricking users into downloading ransomware. This malicious software locks users out of their systems and demands a ransom for access. The incident highlights the urgent need for vigilance against such deceptive schemes in the AI landscape.

Microsoft Teams will implement automatic warnings for private messages containing links flagged as malicious, including spam, phishing, and malware. This feature, available for Microsoft Defender for Office 365 and Teams enterprise customers, is set to begin public preview in September 2025 and become generally available by November 2025. Admins can enable or manage these warnings through the Teams Admin Center.

A significant rise in phishing activities using .es domains has been reported, with a 19-fold increase in malicious campaigns since January, making it the third most common TLD for such activities. Most of these campaigns focus on credential phishing, primarily spoofing Microsoft, and are often hosted on Cloudflare services. Researchers warn that this trend may indicate a growing tactic among various threat actors rather than just a few specialized groups.

The article provides a comprehensive guide on enhancing email security to protect against various threats such as phishing, malware, and spam. It discusses essential practices and tools for safeguarding your inbox, including the importance of strong passwords, multi-factor authentication, and the use of security software. Additionally, it highlights workplace strategies for maintaining email security to ensure a safer communication environment.

Authorities in Pakistan have arrested 21 individuals linked to the “Heartsender” malware service, which facilitated spam and cybercrime for over a decade, resulting in extensive financial losses. The operation, which targeted various internet companies, was identified by KrebsOnSecurity in 2021, and included notorious figures like Rameez Shahzad, the alleged ringleader. The arrests follow a series of raids conducted by the National Cyber Crime Investigation Agency amid ongoing investigations into transnational organized crime.

The Python Software Foundation has issued a warning about new phishing attacks targeting PyPI users, urging them to reset their credentials after receiving fake emails from a fraudulent site. Victims are being misled into verifying their email for account maintenance, which could lead to credential theft and subsequent malware attacks on published packages. Users are advised to change passwords immediately and implement stronger security measures like two-factor authentication.

Discord users are at risk from a new phishing attack involving invite link hijacking, which leads to the installation of malware on victims' devices. The attack exploits the trust users place in Discord links, making it crucial for users to verify the authenticity of links before clicking. Security experts recommend staying vigilant and using protective measures to avoid falling victim to such scams.

Phishing sites are masquerading as legitimate downloads from DeepSeek, distributing a proxy backdoor that compromises users' systems. These malicious sites exploit trust to lure victims into downloading harmful software. Users are advised to be cautious and verify sources before downloading applications.

Security researchers have linked various malware campaigns to the Proton66 network, which provides bulletproof hosting services for cybercriminals. These campaigns exploit compromised WordPress websites and have targeted users with phishing schemes and information stealers, particularly in specific regions such as Korea and Europe.

Multiple DuckDB-related npm packages were compromised, including duckdb and its associated modules, which contained malicious code aimed at draining crypto wallets. The attack mirrors previous incidents of phishing in the npm ecosystem, leading to the vendor marking the latest release as deprecated and issuing an advisory on GitHub.

A new spear-phishing campaign, dubbed "Venom Spider," is targeting hiring managers and recruiters by masquerading as job seekers. The attackers exploit the necessity for HR staff to open email attachments, delivering a backdoor malware known as "More_eggs" to compromise systems and gather sensitive information.

Cybercriminals are increasingly exploiting the Lovable AI website builder to create phishing pages and fraudulent sites that impersonate well-known brands. Despite Lovable's efforts to detect and eliminate malicious content, the rising number of AI site generators is lowering the barriers for cybercrime. Recent campaigns have targeted organizations and individuals through sophisticated phishing schemes, resulting in significant data theft and malware distribution.

The npm author Qix was targeted in a significant supply chain attack through a phishing email that spoofed npm branding, tricking the author into compromising their account. Malicious code was introduced into several packages, redirecting cryptocurrency transactions to the attacker's addresses, highlighting the persistent threat of phishing in the open-source ecosystem.

Noodlophile Stealer has evolved to conduct targeted copyright phishing attacks, specifically focusing on enterprises with social media footprints. This sophisticated malware exploits social media information to craft convincing phishing campaigns aimed at extracting sensitive data from organizations.

Threat actors have exploited SourceForge to distribute fake Microsoft Office add-ins that install malware, including cryptocurrency miners and clipboard hijackers, on victims' computers. Over 4,600 systems, primarily in Russia, have been affected by this campaign, which involved deceptive project pages mimicking legitimate tools. Users are advised to download software only from trusted sources and verify files before execution.

Cybercriminals are exploiting Meta's advertising platforms to promote a fake TradingView Premium app that distributes the Brokewell malware for Android devices. This malware is capable of stealing sensitive information, monitoring users, and taking control of compromised devices, specifically targeting mobile users with localized ads since July 22nd. Researchers from Bitdefender have detailed the malware's advanced functionalities, including stealing cryptocurrency and bypassing two-factor authentication.

Fake software activation videos circulating on TikTok are promoting the Vidar stealer malware, which compromises user data and credentials. Users are lured into downloading malicious software disguised as legitimate tools, leading to significant security risks and potential data breaches. The article highlights the importance of cybersecurity awareness in the face of such deceptive tactics on social media platforms.

A group has adapted its tactics to exploit the ongoing protests in Nepal by deploying mobile and Windows malware alongside phishing schemes to steal sensitive data. Utilizing the guise of Nepalese Emergency Services and military figures, they trick users into downloading malicious applications that exfiltrate personal information. The article highlights specific malware samples and their indicators of compromise (IOCs).