Click any tag below to further narrow down your results
Links
Flickr informed users of a data breach linked to a third-party email service that may have exposed personal information, including names, email addresses, and user activity. The company has shut down the affected system and is reviewing its security practices while advising users to check their account settings. No passwords or financial data were compromised.
This article outlines a security awareness training program that includes interactive deepfake simulations and custom AI-generated content. It emphasizes engaging, bite-sized lessons and updates to keep employees informed about current threats like phishing.
A data breach has exposed sensitive information from about 17.5 million Instagram accounts, including usernames, email addresses, phone numbers, and physical addresses. This information is being traded on the dark web, raising risks for identity theft and phishing attacks. Users are advised to enable two-factor authentication and change their passwords.
Cybercriminals are increasingly attacking trucking and logistics companies to deploy remote monitoring and management (RMM) software, aiming to steal cargo, especially food and beverages. They exploit compromised email accounts and use spear-phishing tactics to gain access, allowing them to hijack shipments and manipulate logistics operations.
The cyber group Tomiris has changed its strategy, using public services like Telegram and Discord for command-and-control in attacks against government entities in Central Asia. Their recent campaigns involve spear-phishing emails and malware that targets high-value political infrastructure, employing a variety of custom and open-source tools.
Chinese phishing groups are now sending scam SMS messages about unclaimed tax refunds and rewards points, aiming to steal payment card data. They create fake e-commerce sites that look legitimate, making it difficult for consumers to spot the fraud until it's too late. Experts warn that this increase in scams often coincides with the holiday shopping rush.
This report highlights the increasing cyber threats targeting small and medium businesses (SMBs), with a focus on credential abuse and ransomware. It details the rise of business email compromise and ransomware-as-a-service, emphasizing the need for stronger security measures like passwordless authentication.
This article investigates a Russian phishing campaign that uses a fake payment confirmation email to deploy the Phantom stealer malware. It details the multi-stage infection process, including the malicious ISO and executable files involved, and highlights the types of data targeted, such as credentials and cryptocurrency information.
Eric Moret recounts a near miss with a sophisticated phishing attempt that exploited Apple’s support system. He details how scammers manipulated legitimate security protocols to gain access to his account, highlighting the psychological tactics used to deceive him.
Scammers are using Pride Month themes in phishing emails to trick employees into revealing their login details. The campaign, identified by Mimecast, has targeted organizations well ahead of the actual event, primarily in the UK and the US, and employs tactics like impersonation and lookalike pages for credential theft.
1Password has rolled out a new feature that provides pop-up warnings for users when they visit potentially phishing websites. This aims to help users avoid entering their credentials on malicious pages, especially those with typosquatted URLs. The feature will be automatically enabled for individual and family plan users, while admins can activate it for enterprise accounts.
North Korean hackers are using spear phishing emails that mimic human rights organizations and financial institutions to distribute malware. This campaign, called "Operation Poseidon," is linked to the Konni hacking group and aims to exploit vulnerabilities in email security through deceptive links. Cybersecurity experts warn that these sophisticated tactics make such attacks difficult to defend against.
WormGPT 4 offers lifetime access for $220, enabling users to generate malware and phishing tools without needing advanced skills. While it simplifies certain cybercrime tasks, human intervention is still necessary to bypass security measures. Another model, KawaiiGPT, is even more accessible as it's free on GitHub.
The article discusses two new dark large language models (LLMs), WormGPT 4 and KawaiiGPT, which help less-skilled cybercriminals automate attacks like phishing and malware creation. WormGPT 4 is sold on underground forums, while KawaiiGPT is freely available on GitHub, making it easy for aspiring hackers to access powerful tools. Researchers warn these models lower the skill barrier for cybercrime, posing a significant digital risk.
Attackers are exploiting WhatsApp's device-linking feature to hijack accounts using a method called GhostPairing. Victims are tricked into linking their accounts to an attacker's browser through fake messages and deceptive login pages, granting the attackers full access to their conversations and media.
Datadog reports an ongoing campaign using fake GitHub repositories to trick users into installing infostealers via the ClickFix technique. The threat actor targets established software brands and has introduced a new variant called SHub Stealer v2.0, which includes advanced features like persistence and remote access.
This article offers free cybersecurity training episodes to help you protect your online accounts during the holiday shopping season. It emphasizes the importance of strong passwords and awareness of phishing scams, providing tools like a Threat Simulator to make learning engaging.
The cybercriminal group ShinyHunters is targeting around 100 organizations in a campaign aimed at stealing Okta single sign-on credentials. Companies like Atlassian and Canva are included among the targets, with reports of successful breaches at Crunchbase and Betterment. Experts recommend stronger multi-factor authentication measures to combat these threats.
The article discusses a study on how AI models can be manipulated to create phishing emails that target elderly individuals. Conducted in partnership with Reuters, the research found that 11% of participants fell for at least one phishing attempt, highlighting the growing threat of AI in scams. The authors also address the broader implications of AI misuse in fraud.
Attackers are using a new method called "Browser-in-the-Browser" to create convincing fake login windows that steal usernames and passwords. These pop-ups look legitimate and can trick users, but employing a password manager and being cautious with links can help protect your accounts.
A malware campaign is using fake guides for OpenAI's Atlas browser to lure macOS users into downloading an infostealer named AMOS. Victims are tricked into executing a malicious command that harvests sensitive data and installs a backdoor for remote access. Basic cybersecurity practices can help prevent these attacks.
This webinar discusses how ICS phishing targets calendar integrations in Microsoft 365 and Google Workspace. It explains how attackers use malicious invites that bypass traditional email security, and how Sublime's platform detects and removes these threats from both email and calendar applications.
The article recounts a personal experience with a sophisticated phishing scam targeting a Coinbase user. The author details how scammers used stolen personal information to manipulate them into revealing more data and discusses Coinbase's inadequate response to the breach.
The FBI reports that cybercriminals have stolen over $262 million through account takeover scams since January 2025. These attackers impersonate bank support teams to gain access to victims' accounts, quickly transferring funds to hard-to-trace cryptocurrency wallets. Victims are advised to monitor their accounts closely and act swiftly if targeted.
Google is suing over 25 individuals linked to Lighthouse, a phishing service that enables scammers to impersonate trusted brands and steal payment card data via text messages. The suit aims to disrupt a network known for targeting over a million victims worldwide, using sophisticated tactics to enroll stolen card information into mobile wallets.
An Iranian activist exposed a phishing campaign targeting high-profile users in the Middle East, aiming to steal Gmail and WhatsApp credentials. The hackers used a fake website to capture sensitive information and potentially conduct surveillance on victims. The campaign's timing suggests possible ties to government-backed espionage efforts.
This report analyzes the evolution of email threats in 2025, focusing on trends like thread hijacking, QR code scams, and various phishing tactics. It provides insights into how attacks are becoming more customized and recommends strategies for 2026.
The article details a security flaw in AI agent skills, demonstrated through a logic-based attack that uses an invisible instruction hidden in a PDF. This attack bypasses human review and platform safety measures, leading to potential phishing schemes. It highlights the need for improved governance over agent behavior rather than relying solely on static defenses.
A new ClickFix campaign targets the hospitality sector in Europe, using fake Windows BSOD screens to trick users into executing malware. Attackers send phishing emails impersonating Booking.com, leading victims to a convincing fake website that prompts them to run malicious commands. Once executed, the malware grants remote access and can spread within the network.
Quantum Route Redirect is an automated phishing platform that uses around 1,000 domains to steal Microsoft 365 credentials. Most attacks are via emails disguised as DocuSign requests or payment notifications, primarily affecting users in the U.S. Security experts recommend robust URL filtering to defend against these threats.
This article discusses phishing campaigns by a Russian threat actor that exploit OAuth and Device Code authentication, using fake websites for international security events to trick users into revealing their credentials. The campaigns target organizations involved in events like the Belgrade Security Conference and the Brussels Indo-Pacific Dialogue, employing tactics such as rapport-building and messaging app support to enhance success.
DestroyList is an open-source tool that provides a curated list of phishing and scam domains, allowing users to block malicious sites effectively. It offers real-time risk scoring and various download formats for integration into firewalls and DNS resolvers. The service uses community reports and advanced detection methods to identify threats.
A phishing campaign is impersonating well-known brands like Disney and Mastercard to steal Google Workspace and Facebook business account credentials. The attackers use fake Calendly invitations to lure victims, leading them to phishing pages designed to capture sensitive login information. The campaign employs advanced techniques to bypass security measures, making it a significant threat.
A report reveals that 18 American universities faced a coordinated phishing campaign from April to November 2025. Attackers used the Evilginx tool to bypass Multi-Factor Authentication and steal login credentials and session cookies, compromising user accounts. The University of San Diego was the first reported victim, and several other institutions were significantly affected.
Material Security offers a platform to protect Google Workspace and Microsoft 365 from threats like phishing and account takeovers. It provides visibility into sensitive data and automates threat remediation, simplifying security operations for teams.
The hacker group MuddyWater has launched a new spear-phishing campaign using a Rust-based implant called RustyWater, targeting various sectors in the Middle East. This campaign involves malicious Word documents that deploy the malware, which can gather system information and maintain persistence on infected machines. The move marks a shift from traditional tools to more sophisticated, custom malware.
A new attack is tricking Mac users into downloading malware through a fake job application process on a bogus website. Victims are lured with false job offers and prompted to install a fake FFmpeg update, which actually installs a backdoor called Flexible Ferret. This malware gives attackers ongoing access to the infected system.
OpenAI's analytics partner Mixpanel suffered a data breach, exposing customer profile information from OpenAI API accounts. The breach occurred due to a smishing attack, and while OpenAI claims its systems were not compromised, affected customers have been notified and advised to stay vigilant against phishing attempts.
This article examines how Device Code Phishing exploits the OAuth 2.0 authentication process used by Microsoft and Google. It details the mechanics of the attack, illustrating how attackers can trick users into providing access tokens through a seemingly legitimate flow. The comparison highlights the different security postures of the two identity providers.
The "Stanley" toolkit allows criminals to create malicious Chrome extensions that can overlay phishing pages on legitimate sites while masking the true URL. By masquerading as useful tools, these extensions trick users into granting permissions, making them vulnerable to credential theft. This poses significant risks in remote work environments where browser security is paramount.
Threat actors are using phishing emails with weaponized attachments to deploy malware aimed at Russia and Belarus' defense sector. The malware establishes a backdoor via OpenSSH and a customized Tor service, facilitating remote access while avoiding detection. Environmental checks ensure it only activates on genuine user systems.
Tangled is a tool for red team professionals that automates phishing campaigns using calendar invites in Outlook and Gmail. It runs on Docker, making installation straightforward, and is designed for ethical use in security research.
Microsoft has identified a multi-stage phishing campaign targeting the energy sector, utilizing compromised SharePoint accounts to deliver malicious links. Attackers leverage trusted identities to send phishing emails and create inbox rules, maintaining persistence while evading detection. Organizations are urged to implement stronger security measures, including phishing-resistant MFA.
A phishing campaign is currently targeting LastPass users, using well-crafted emails that often mimic legitimate messages. Attackers aim to trick users into revealing their login credentials, potentially compromising their entire password vault.
Microsoft is suing RedVDS, a service providing virtual desktops used for phishing and fraud. The company aims to shut down the operation, which has contributed to over $40 million in fraud losses in the US, and has partnered with law enforcement to seize its infrastructure. Victims of RedVDS include various organizations across multiple sectors globally.
This article details a new method for bypassing multi-factor authentication (MFA) protections by manipulating the authentication flow using Cloudflare Workers. The technique involves intercepting and altering server responses to downgrade secure authentication methods to phishable ones, exploiting vulnerabilities in implementation rather than cryptography.
Princeton University experienced a data breach on November 10, affecting a database with personal information of alumni, donors, faculty, and students. While no sensitive financial data or passwords were compromised, the breach resulted from a phone phishing attack on an employee. The university is notifying those impacted and investigating the incident.
This article discusses how zero trust principles can enhance browser security against modern cyber threats. It outlines key strategies like identity-first access, least-privileged access, and continuous verification, emphasizing the importance of robust authentication and device health checks. The framework aims to protect sensitive operations while adapting to evolving risks.
Neon Cyber provides real-time protection against phishing and SaaS risks directly within users' browsers. It monitors user behavior, enforcing security policies as they work to prevent credential misuse and other threats. The service aims to enhance security without disrupting productivity.
A data breach at Coupang exposed the personal information of 33.7 million customers, traced back to a former employee who retained access after leaving. The breach, discovered in November 2025, has prompted police investigations and led to the CEO's resignation. Phishing incidents have surged in South Korea as a result.
Harvard University reported a data breach affecting alumni, donors, and some students due to a voice phishing attack. Compromised data includes personal details like email addresses and home addresses, but financial information and passwords were not affected. The university warns that this information could be used for further phishing attempts.
The Herodotus malware family targets Android devices by using random delays to imitate human typing, making it harder for security software to detect. Currently distributed through SMS phishing, it can bypass Accessibility permissions and interact with the user interface to steal sensitive information. Experts warn Android users to be cautious about app permissions and avoid downloading apps from untrusted sources.
Attackers are sending convincing phishing emails that appear to come from Facebook, targeting small and medium-sized businesses. Using the official @facebookmail.com domain, they trick victims into clicking links to credential harvesting sites. Companies in various sectors, including finance and education, have been particularly affected.
Ledger customers are at risk after a data breach at Global-e, a third-party payment processor. Though no financial information was compromised, personal details like names and contact information were exposed. Ledger advises users to stay vigilant against potential phishing attempts.
This article discusses TokenFlare, a serverless framework for simulating phishing attacks on Entra ID and M365. It allows users to configure OAuth flows, deploy either locally or to Cloudflare, and includes built-in operational security features. The setup requires Python and Node.js, and it emphasizes authorized testing only.
This article reveals that 68% of phishing sites are hosted on Cloudflare, exploiting its free services for anonymity. It discusses how attackers are using sophisticated tactics, including Phishing-as-a-Service (PhaaS), to target users and evade detection, making traditional defenses inadequate.
Scammers are using fake comments on LinkedIn posts to impersonate the platform and trick users into clicking malicious links. These comments falsely claim account restrictions and utilize LinkedIn's branding and URL shortener to appear legitimate. LinkedIn is aware of the issue and advises users to report suspicious activity.
Match Group confirmed a data breach affecting users of its dating services, including Hinge and OkCupid. Hackers accessed a limited amount of user data after compromising an Okta account, but there's no evidence of stolen login credentials or financial information. The company is investigating the incident and notifying affected individuals.
Transparent Tribe, a hacking group linked to Pakistan, has targeted Indian government and academic sectors with a new remote access trojan (RAT). The attacks utilize weaponized files disguised as PDFs and adapt their methods based on the antivirus software present on infected systems. Recent activity also includes a campaign using malicious shortcuts to deliver additional payloads for long-term access.
This article discusses Infosec IQ's platform designed to enhance employee cybersecurity awareness through personalized training. It highlights the importance of combating human-related security incidents by using engaging, role-based learning and automated training management. Companies can also partner with client success managers for comprehensive program support.
This article explains the need to monitor and control outbound traffic to protect against internal threats like malware and phishing. It highlights how malicious software can communicate externally and the compliance requirements related to outbound traffic restrictions. It also discusses the challenges businesses face in implementing these restrictions and suggests advanced security solutions.
This article details a phishing scheme by DPRK hackers posing as recruiters. It analyzes the malware used in the scam, including code obfuscation techniques and how the attackers gather sensitive information from victims.
This article offers a free phishing simulation service that tests employees using realistic attack tactics like email and SMS. The service is fully managed, requiring no setup from your team, and provides a clear report on employee interactions.
Researchers found a phishing campaign using Phorpiex malware to spread Global Group ransomware. The attack employs deceptive file names to trick users into downloading a Windows shortcut that encrypts files offline, making recovery nearly impossible. It also erases backup files to cover its tracks.
This article discusses a phishing scam where attackers impersonate recruiters to invite job seekers to fake interviews. The communication often includes suspicious links and requests for software installations, which can lead to malware infections. It emphasizes the importance of verifying the sender and maintaining updated security measures.
Researchers have identified four new phishing kits—BlackForce, GhostFrame, InboxPrime AI, and Spiderman—that enable large-scale credential theft. These kits utilize advanced techniques, including AI automation and evasion strategies, to deceive users and bypass security measures.
This article explores how large language models (LLMs) can be used for both defensive and offensive purposes in cybersecurity, highlighting the rise of malicious models like WormGPT and WormGPT 4. These tools bypass ethical constraints, making cybercrime more accessible for less skilled attackers. The piece details their capabilities, including generating phishing content and malware, and discusses the implications for the threat landscape.
This article presents Infosec IQ, a platform designed to enhance employee cybersecurity awareness through video-based micro-learnings and role-based training modules. It highlights the importance of employee training in mitigating security risks and offers tools for program management and threat simulation.
DNSFilter offers a protective DNS service that blocks online threats before they reach users. It features one-click application blocking, AI-driven content filtering, and easy setup for remote workers. The service is designed for organizations looking to enhance security without complex setups.
A misconfigured Azure Blob storage container belonging to TalentHook has exposed nearly 26 million resumes, containing sensitive personal information of US job seekers. This breach poses significant risks for identity theft and targeted phishing attacks, leading to potential harassment and fraud against individuals whose data was leaked.
The article discusses the release of the source code for Ermac v3.0, a sophisticated banking Trojan that has been used to steal sensitive information from users. It highlights the potential risks associated with this malware and urges users to be vigilant against security threats.
Threat actors are using a Japanese Unicode character to create deceptive phishing links that mimic legitimate Booking.com URLs, tricking users into visiting malicious sites. This technique exploits visual similarities in characters, making it difficult for users to discern the real domain. Security measures are suggested to help users identify and avoid such phishing attempts.
Scammers are increasingly posing as legitimate customer support representatives by using fake support numbers for popular services like Apple, Netflix, and PayPal. These fraudulent operations exploit unsuspecting users, often leading to financial loss and compromised personal information. Awareness and vigilance are crucial in protecting oneself from these scams.
Google Threat Intelligence Group reported a novel phishing campaign attributed to a suspected Russian espionage actor, UNC5837, targeting European government and military organizations. Attackers used signed .rdp files to establish Remote Desktop Protocol connections, enabling them to access victim systems and potentially exfiltrate sensitive information, highlighting the risks associated with lesser-known RDP functionalities.
HMRC has reported a loss of £47 million due to a phishing scam that compromised 100,000 taxpayer accounts, although affected individuals will not incur any financial loss. The breach involved organized crime using stolen personal information, but HMRC clarified that it was not a cyber-attack and has since secured the accounts and removed any incorrect information. Affected taxpayers will receive notifications from HMRC in the coming weeks.
AMEOS Group, a major healthcare network in Central Europe, has disclosed a security breach that may have compromised sensitive information of customers, employees, and partners. In response, the organization has shut down its IT systems and engaged external experts to investigate the incident, which remains under investigation with no evidence of data dissemination so far.
A recent blackout in Spain and Portugal has been exploited by scammers, leading to a phishing scheme targeting passengers of TAP Air Portugal. Victims are being lured into providing personal information under the pretense of claiming refunds for canceled flights, highlighting the need for increased vigilance against such scams.
China-based SMS phishing groups, known as the "Smishing Triad," are increasingly targeting customers of international financial institutions by converting stolen payment card data into mobile wallets. Utilizing innovative phishing techniques and a vast cybercrime infrastructure, these groups are bypassing traditional SMS methods by sending messages through iMessage and RCS, achieving high delivery rates and expanding their operations globally. Experts emphasize the need for financial institutions to adopt more secure methods for verifying card enrollments to combat this rising threat.
Google has introduced new AI tools designed to enhance security for Chrome users, specifically targeting phishing and scam threats. These tools aim to proactively identify and block malicious sites, thereby improving the overall safety of browsing experiences for users worldwide.
An ongoing infostealer campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads. The LastPass TIME team is raising awareness of this threat, which employs SEO tactics to position malicious links prominently in search results, and has already initiated takedown efforts against some of these fraudulent sites.
The article provides a comprehensive checklist for businesses to protect against business email compromise (BEC) scams, outlining key steps, best practices, and preventive measures. It emphasizes the importance of employee training and vigilance to recognize and respond to suspicious emails effectively. Additionally, it highlights the necessity of implementing security protocols and technologies to safeguard sensitive information.
Scammers are exploiting unsecured cellular routers from Milesight IoT to launch SMS phishing campaigns, known as smishing, that have been active since October 2023. Researchers found over 18,000 routers exposed online, with many allowing unauthorized access and running outdated firmware, making them an effective tool for decentralized phishing efforts targeting users in multiple countries.
A novel Device Code phishing technique automates the authentication process, allowing attackers to bypass FIDO's phishing resistance by redirecting victims to a legitimate authentication page without needing them to manually enter codes. Despite Microsoft's fixes for normal Entra tenants, vulnerabilities remain for federated tenants. The article emphasizes the dangers of this attack model, which can exploit users’ trust in established authentication methods.
A cybersecurity researcher has introduced FileFix, a new variant of the ClickFix social engineering attack, which exploits the Windows File Explorer address bar to execute malicious PowerShell commands. This method tricks users into pasting commands by disguising them within what appears to be a legitimate file-sharing notification, making it a more user-friendly approach for attackers. FileFix highlights the adaptability of phishing techniques, as it presents a familiar interface to users while executing harmful commands.
Clicking the "unsubscribe" link in emails may seem like a straightforward way to reduce inbox clutter, but cybersecurity experts warn it could expose users to greater risks. Once you click the link, you leave the safety of your email client and potentially face new online threats. It’s crucial to evaluate the security of the source before taking such actions.
DPRK hackers have successfully stolen approximately $137 million from users of the Tron blockchain. The attack involved sophisticated phishing techniques and targeted the platform's infrastructure, highlighting ongoing security vulnerabilities in cryptocurrency networks.
The article discusses how Vercel's new AI tool has been exploited by malicious actors to automate and enhance phishing attacks. As a result, organizations are urged to bolster their cybersecurity measures to counteract the increasing sophistication of such threats. The misuse of AI in this context raises concerns about the broader implications for digital security and user safety.
French retailer Auchan has reported a data breach affecting several hundred thousand customers, compromising sensitive information linked to loyalty accounts, such as names, addresses, and contact details. The company has notified affected individuals and the French Data Protection Authority, advising them to be cautious of potential phishing attempts. However, bank data and passwords remain secure following the incident.
Threat actors are exploiting Google Apps Script to create convincing phishing pages that steal login credentials by mimicking legitimate login screens. By hosting these fraudulent pages within Google's trusted environment, the attackers bypass typical security checks, making it easier to deceive victims into providing sensitive information. Security experts recommend enhancing email security measures to scrutinize links to cloud services like Google Apps Script to mitigate these threats.
Phishing emails are increasingly targeting both human users and AI-based defenses, exploiting gaps in security measures to bypass traditional filters. The evolving tactics used by cybercriminals highlight the need for improved defenses to protect sensitive information and maintain user trust in digital communications.
Kaspersky uncovered a cyber espionage campaign dubbed Operation ForumTroll, where sophisticated phishing emails led to infections via a zero-day exploit in Google Chrome. The malware identified, known as "Dante," was traced back to the Italian company Memento Labs and utilized advanced techniques to bypass browser security measures, highlighting ongoing vulnerabilities in web applications.
The blog post discusses a sophisticated phishing scam that impersonates Google Careers, highlighting its various tactics and the challenges it presents in identifying and preventing such attacks. It emphasizes the need for heightened awareness and security measures among users to protect their credentials from these evolving scams.
VirusTotal uncovered a phishing campaign that utilizes SVG files to create deceptive portals mimicking Colombia's judicial system, leading users to download malware. The AI Code Insight feature enabled the detection of these previously undetected SVG files, which cleverly employ JavaScript to simulate a legitimate download process. This highlights the growing use of SVGs in cyberattacks and the importance of AI in identifying such threats.
OktaGinx is a phishlet designed for Evilginx that enables the bypassing of Okta authentication when used in conjunction with Azure. It incorporates techniques to evade framebusters, enhancing its phishing capabilities.
Slow Pisces, a North Korean state-sponsored threat group, has stolen over $1 billion from the cryptocurrency sector in 2023 by targeting developers through disguised job offers on LinkedIn. They use malware hidden within coding challenges and have been linked to significant thefts from cryptocurrency companies, prompting action from GitHub and LinkedIn to remove malicious accounts. The malware employs advanced techniques like YAML deserialization to evade detection and execute additional payloads.
iCloud Calendar invites are being exploited to send phishing emails that appear to be legitimate purchase notifications from Apple's email servers, thereby evading spam filters. These emails aim to trick recipients into believing their PayPal accounts have been charged fraudulently, leading them to call a scammer's support number for assistance. The phishing scheme leverages authentic email authentication methods, making the scams appear trustworthy.
Researchers at Mandiant have discovered a new malware strain dubbed "UNC6032," which utilizes AI-generated video content to deceive victims. The malware operates primarily through phishing campaigns, leveraging convincing videos to trick users into downloading malicious software. This highlights a growing trend in cyber threats where AI technology is exploited for malicious purposes.
Cloudflare has introduced a new email service designed to enhance security and simplify email management for users. The service aims to protect users from spam and phishing attacks while providing a user-friendly experience with features such as custom domain support and email forwarding. This initiative reflects Cloudflare's commitment to improving digital communication safety and efficiency.
An artist recounts a phishing experience where a seemingly legitimate journalist's email led to the installation of malware on his Mac. After realizing his mistake, he took immediate action to secure his accounts and reported the incident to authorities, while also analyzing the malware to better understand the threat it posed.
A new cyber espionage campaign named "Blind Eagle" has been linked to the Russian group known as Proton66, targeting organizations in Latin America. The attacks primarily focus on stealing sensitive information using sophisticated malware and phishing techniques to compromise victim systems. Experts warn that this campaign illustrates the increasing threat posed by state-sponsored actors in the region.