Click any tag below to further narrow down your results
Links
A data breach has exposed sensitive information from about 17.5 million Instagram accounts, including usernames, email addresses, phone numbers, and physical addresses. This information is being traded on the dark web, raising risks for identity theft and phishing attacks. Users are advised to enable two-factor authentication and change their passwords.
WormGPT 4 offers lifetime access for $220, enabling users to generate malware and phishing tools without needing advanced skills. While it simplifies certain cybercrime tasks, human intervention is still necessary to bypass security measures. Another model, KawaiiGPT, is even more accessible as it's free on GitHub.
North Korean hackers are using spear phishing emails that mimic human rights organizations and financial institutions to distribute malware. This campaign, called "Operation Poseidon," is linked to the Konni hacking group and aims to exploit vulnerabilities in email security through deceptive links. Cybersecurity experts warn that these sophisticated tactics make such attacks difficult to defend against.
Eric Moret recounts a near miss with a sophisticated phishing attempt that exploited Apple’s support system. He details how scammers manipulated legitimate security protocols to gain access to his account, highlighting the psychological tactics used to deceive him.
This article investigates a Russian phishing campaign that uses a fake payment confirmation email to deploy the Phantom stealer malware. It details the multi-stage infection process, including the malicious ISO and executable files involved, and highlights the types of data targeted, such as credentials and cryptocurrency information.
This report highlights the increasing cyber threats targeting small and medium businesses (SMBs), with a focus on credential abuse and ransomware. It details the rise of business email compromise and ransomware-as-a-service, emphasizing the need for stronger security measures like passwordless authentication.
A malware campaign is using fake guides for OpenAI's Atlas browser to lure macOS users into downloading an infostealer named AMOS. Victims are tricked into executing a malicious command that harvests sensitive data and installs a backdoor for remote access. Basic cybersecurity practices can help prevent these attacks.
This article offers free cybersecurity training episodes to help you protect your online accounts during the holiday shopping season. It emphasizes the importance of strong passwords and awareness of phishing scams, providing tools like a Threat Simulator to make learning engaging.
Datadog reports an ongoing campaign using fake GitHub repositories to trick users into installing infostealers via the ClickFix technique. The threat actor targets established software brands and has introduced a new variant called SHub Stealer v2.0, which includes advanced features like persistence and remote access.
The FBI reports that cybercriminals have stolen over $262 million through account takeover scams since January 2025. These attackers impersonate bank support teams to gain access to victims' accounts, quickly transferring funds to hard-to-trace cryptocurrency wallets. Victims are advised to monitor their accounts closely and act swiftly if targeted.
An Iranian activist exposed a phishing campaign targeting high-profile users in the Middle East, aiming to steal Gmail and WhatsApp credentials. The hackers used a fake website to capture sensitive information and potentially conduct surveillance on victims. The campaign's timing suggests possible ties to government-backed espionage efforts.
A phishing campaign is currently targeting LastPass users, using well-crafted emails that often mimic legitimate messages. Attackers aim to trick users into revealing their login credentials, potentially compromising their entire password vault.
Microsoft has identified a multi-stage phishing campaign targeting the energy sector, utilizing compromised SharePoint accounts to deliver malicious links. Attackers leverage trusted identities to send phishing emails and create inbox rules, maintaining persistence while evading detection. Organizations are urged to implement stronger security measures, including phishing-resistant MFA.
Threat actors are using phishing emails with weaponized attachments to deploy malware aimed at Russia and Belarus' defense sector. The malware establishes a backdoor via OpenSSH and a customized Tor service, facilitating remote access while avoiding detection. Environmental checks ensure it only activates on genuine user systems.
The "Stanley" toolkit allows criminals to create malicious Chrome extensions that can overlay phishing pages on legitimate sites while masking the true URL. By masquerading as useful tools, these extensions trick users into granting permissions, making them vulnerable to credential theft. This poses significant risks in remote work environments where browser security is paramount.
A new attack is tricking Mac users into downloading malware through a fake job application process on a bogus website. Victims are lured with false job offers and prompted to install a fake FFmpeg update, which actually installs a backdoor called Flexible Ferret. This malware gives attackers ongoing access to the infected system.
The hacker group MuddyWater has launched a new spear-phishing campaign using a Rust-based implant called RustyWater, targeting various sectors in the Middle East. This campaign involves malicious Word documents that deploy the malware, which can gather system information and maintain persistence on infected machines. The move marks a shift from traditional tools to more sophisticated, custom malware.
Quantum Route Redirect is an automated phishing platform that uses around 1,000 domains to steal Microsoft 365 credentials. Most attacks are via emails disguised as DocuSign requests or payment notifications, primarily affecting users in the U.S. Security experts recommend robust URL filtering to defend against these threats.
Harvard University reported a data breach affecting alumni, donors, and some students due to a voice phishing attack. Compromised data includes personal details like email addresses and home addresses, but financial information and passwords were not affected. The university warns that this information could be used for further phishing attempts.
A data breach at Coupang exposed the personal information of 33.7 million customers, traced back to a former employee who retained access after leaving. The breach, discovered in November 2025, has prompted police investigations and led to the CEO's resignation. Phishing incidents have surged in South Korea as a result.
Princeton University experienced a data breach on November 10, affecting a database with personal information of alumni, donors, faculty, and students. While no sensitive financial data or passwords were compromised, the breach resulted from a phone phishing attack on an employee. The university is notifying those impacted and investigating the incident.
Attackers are sending convincing phishing emails that appear to come from Facebook, targeting small and medium-sized businesses. Using the official @facebookmail.com domain, they trick victims into clicking links to credential harvesting sites. Companies in various sectors, including finance and education, have been particularly affected.
This article presents Infosec IQ, a platform designed to enhance employee cybersecurity awareness through video-based micro-learnings and role-based training modules. It highlights the importance of employee training in mitigating security risks and offers tools for program management and threat simulation.
This article explores how large language models (LLMs) can be used for both defensive and offensive purposes in cybersecurity, highlighting the rise of malicious models like WormGPT and WormGPT 4. These tools bypass ethical constraints, making cybercrime more accessible for less skilled attackers. The piece details their capabilities, including generating phishing content and malware, and discusses the implications for the threat landscape.
Researchers have identified four new phishing kits—BlackForce, GhostFrame, InboxPrime AI, and Spiderman—that enable large-scale credential theft. These kits utilize advanced techniques, including AI automation and evasion strategies, to deceive users and bypass security measures.
This article discusses a phishing scam where attackers impersonate recruiters to invite job seekers to fake interviews. The communication often includes suspicious links and requests for software installations, which can lead to malware infections. It emphasizes the importance of verifying the sender and maintaining updated security measures.
This article details a phishing scheme by DPRK hackers posing as recruiters. It analyzes the malware used in the scam, including code obfuscation techniques and how the attackers gather sensitive information from victims.
This article discusses Infosec IQ's platform designed to enhance employee cybersecurity awareness through personalized training. It highlights the importance of combating human-related security incidents by using engaging, role-based learning and automated training management. Companies can also partner with client success managers for comprehensive program support.
Google Threat Intelligence Group reported a novel phishing campaign attributed to a suspected Russian espionage actor, UNC5837, targeting European government and military organizations. Attackers used signed .rdp files to establish Remote Desktop Protocol connections, enabling them to access victim systems and potentially exfiltrate sensitive information, highlighting the risks associated with lesser-known RDP functionalities.
The article discusses the release of the source code for Ermac v3.0, a sophisticated banking Trojan that has been used to steal sensitive information from users. It highlights the potential risks associated with this malware and urges users to be vigilant against security threats.
A misconfigured Azure Blob storage container belonging to TalentHook has exposed nearly 26 million resumes, containing sensitive personal information of US job seekers. This breach poses significant risks for identity theft and targeted phishing attacks, leading to potential harassment and fraud against individuals whose data was leaked.
The article provides a comprehensive checklist for businesses to protect against business email compromise (BEC) scams, outlining key steps, best practices, and preventive measures. It emphasizes the importance of employee training and vigilance to recognize and respond to suspicious emails effectively. Additionally, it highlights the necessity of implementing security protocols and technologies to safeguard sensitive information.
An ongoing infostealer campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads. The LastPass TIME team is raising awareness of this threat, which employs SEO tactics to position malicious links prominently in search results, and has already initiated takedown efforts against some of these fraudulent sites.
Scammers are exploiting unsecured cellular routers from Milesight IoT to launch SMS phishing campaigns, known as smishing, that have been active since October 2023. Researchers found over 18,000 routers exposed online, with many allowing unauthorized access and running outdated firmware, making them an effective tool for decentralized phishing efforts targeting users in multiple countries.
The article discusses how Vercel's new AI tool has been exploited by malicious actors to automate and enhance phishing attacks. As a result, organizations are urged to bolster their cybersecurity measures to counteract the increasing sophistication of such threats. The misuse of AI in this context raises concerns about the broader implications for digital security and user safety.
Clicking the "unsubscribe" link in emails may seem like a straightforward way to reduce inbox clutter, but cybersecurity experts warn it could expose users to greater risks. Once you click the link, you leave the safety of your email client and potentially face new online threats. It’s crucial to evaluate the security of the source before taking such actions.
A cybersecurity researcher has introduced FileFix, a new variant of the ClickFix social engineering attack, which exploits the Windows File Explorer address bar to execute malicious PowerShell commands. This method tricks users into pasting commands by disguising them within what appears to be a legitimate file-sharing notification, making it a more user-friendly approach for attackers. FileFix highlights the adaptability of phishing techniques, as it presents a familiar interface to users while executing harmful commands.
The blog post discusses a sophisticated phishing scam that impersonates Google Careers, highlighting its various tactics and the challenges it presents in identifying and preventing such attacks. It emphasizes the need for heightened awareness and security measures among users to protect their credentials from these evolving scams.
Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.
Check Point Research reveals that the cyber threat group Scattered Spider is expanding its attacks to include aviation and enterprise sectors, employing sophisticated phishing techniques to compromise organizations. Recent incidents, including a major breach affecting Qantas, highlight the group's tactics such as MFA fatigue and voice phishing, prompting a call for enhanced security measures across affected industries. The report outlines specific phishing domain patterns and offers defensive strategies to mitigate these emerging threats.
A new phishing kit named SessionShark has been discovered, capable of bypassing multi-factor authentication (MFA) to steal Office 365 login credentials. This kit employs sophisticated techniques that make it easier for attackers to gain unauthorized access to sensitive accounts, raising concerns about the effectiveness of current security measures.
Coinbase experienced a significant data breach in 2025 that compromised the personal information of nearly 70,000 users due to unauthorized access by outsourced call center agents in India. The attackers leveraged social engineering tactics, leading to a rise in phishing attempts, while Coinbase faced estimated remediation costs between $180 million to $400 million and launched a bounty for information on the perpetrators. The incident has sparked discussions on the vulnerabilities associated with outsourcing sensitive customer data management.
An artist recounts a phishing experience where a seemingly legitimate journalist's email led to the installation of malware on his Mac. After realizing his mistake, he took immediate action to secure his accounts and reported the incident to authorities, while also analyzing the malware to better understand the threat it posed.
Researchers at Mandiant have discovered a new malware strain dubbed "UNC6032," which utilizes AI-generated video content to deceive victims. The malware operates primarily through phishing campaigns, leveraging convincing videos to trick users into downloading malicious software. This highlights a growing trend in cyber threats where AI technology is exploited for malicious purposes.
VirusTotal uncovered a phishing campaign that utilizes SVG files to create deceptive portals mimicking Colombia's judicial system, leading users to download malware. The AI Code Insight feature enabled the detection of these previously undetected SVG files, which cleverly employ JavaScript to simulate a legitimate download process. This highlights the growing use of SVGs in cyberattacks and the importance of AI in identifying such threats.
Phishing emails are increasingly targeting both human users and AI-based defenses, exploiting gaps in security measures to bypass traditional filters. The evolving tactics used by cybercriminals highlight the need for improved defenses to protect sensitive information and maintain user trust in digital communications.
French retailer Auchan has reported a data breach affecting several hundred thousand customers, compromising sensitive information linked to loyalty accounts, such as names, addresses, and contact details. The company has notified affected individuals and the French Data Protection Authority, advising them to be cautious of potential phishing attempts. However, bank data and passwords remain secure following the incident.
A recent phishing attempt exploited a legitimate Zoom email notification to deceive users into entering their Gmail credentials on a fake login page. The attackers used a "bot protection" gate to enhance the page's legitimacy, allowing for real-time credential exfiltration via WebSocket connections, showcasing how trusted platforms can be manipulated for cybercrime.
Toys “R” Us Canada has notified customers of a data breach in which threat actors leaked personal customer information, including names, addresses, emails, and phone numbers, but not passwords or credit card details. The breach was discovered on July 30, 2025, when the data was posted on the dark web, prompting the company to enhance its cybersecurity measures and notify regulatory authorities. Customers are advised to be vigilant against phishing attempts following the breach.
A sophisticated phishing campaign is leveraging weaknesses in Google Sites to spoof Google no-reply email addresses, allowing attackers to bypass email authentication checks. By redirecting users to deceptive Google Sites pages, the campaign exploits the platform's trusted domain and SSL certificates to appear legitimate.
VoidProxy is a new phishing service that effectively bypasses multi-factor authentication (MFA) from major platforms such as Microsoft and Google. It allows cybercriminals to exploit vulnerabilities in the MFA process, increasing the risk of account breaches for users who rely on these security measures. The service is designed to steal user credentials and session tokens, making it a significant threat to online security.
The article discusses the exploitation of Microsoft Teams for delivering malware through direct messages, highlighting the tactics employed by cybercriminals to bypass security measures. It emphasizes the need for organizations to enhance their cybersecurity protocols to mitigate such threats.
Scammers are targeting LastPass users by sending deceptive messages claiming that the users are deceased in an attempt to extract their login credentials. These phishing attempts exploit users' emotions and trust to gain unauthorized access to their accounts. Users are advised to remain vigilant and report any suspicious communications.
iClicker's website was compromised in a ClickFix attack that used a fake CAPTCHA to trick users into executing a PowerShell script that potentially installed malware on their devices. The attack, targeting college students and instructors, aimed to steal sensitive data, but the malware's specific nature varied based on the visitor type. Users who interacted with the fake CAPTCHA between April 12 and April 16, 2025, are advised to change their passwords and run security checks on their devices.
Cybersecurity experts warn that malicious PDFs are increasingly being used as delivery mechanisms for phishing attacks, particularly targeting Gmail users. These PDFs can masquerade as legitimate documents but contain links or scripts designed to steal user credentials and sensitive information. Awareness and caution are crucial for users to avoid falling victim to these deceptive tactics.
ParkMobile has settled a class action lawsuit regarding a 2021 data breach that affected 22 million users, offering a meager $1 in-app credit to victims. Users must manually claim the credit, which comes with an expiration date, and the company denies any wrongdoing despite the settlement. Caution is advised as phishing attempts targeting ParkMobile customers have increased following the breach announcement.
A series of data breaches affecting companies such as Qantas, Allianz Life, LVMH, and Adidas has been attributed to the ShinyHunters extortion group, which uses voice phishing to compromise Salesforce CRM accounts. The attackers impersonate IT support to manipulate employees into entering connection codes that link malicious applications to Salesforce environments, leading to data theft and potential extortion attempts without public leaks so far. Salesforce has confirmed that their platform is not compromised, emphasizing the importance of customer vigilance against social engineering attacks.
Spanish authorities have arrested a 25-year-old Brazilian national known as GoogleXcoder, who is accused of leading the GXC Team crime-as-a-service operation that sold phishing kits and Android malware. The GXC Team targeted banks and other organizations, contributing to significant financial losses through their phishing campaigns.
A recent phishing scam has been exploiting Google's email system by using "no-reply" addresses to trick users into revealing sensitive information. The scam takes advantage of legitimate-looking emails to bypass security measures, highlighting the need for better user awareness and email authentication practices. Google has taken steps to improve its security protocols to combat such fraudulent activities.
A phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, prompting recipients to download a malicious desktop application. The downloaded software installs a remote management tool called Syncro, enabling threat actors to remotely access users' computers and potentially steal sensitive information. LastPass has clarified that these claims are false and users should verify security alerts through official channels.
Cybercriminals are increasingly targeting brokerage accounts using sophisticated phishing schemes to execute "ramp and dump" scams, manipulating stock prices without traditional social media promotions. By utilizing compromised accounts, they purchase shares to inflate prices and then sell at a profit, leaving victims with worthless stocks. The scheme highlights vulnerabilities in multi-factor authentication processes that many financial institutions still rely on.
A multi-stage reverse proxy card skimming attack has been discovered that exploits fake GIFs to capture sensitive payment information. The attack involves complex techniques to evade detection and highlights the importance of securing payment processes against such sophisticated threats.
A recent phishing campaign targeting Ukraine impersonates government agencies, using malicious SVG files to deliver malware including Amatera Stealer and PureMiner. Upon opening the attachment, victims unwittingly download a CHM file that executes a series of malicious actions, ultimately compromising sensitive information and hijacking system resources.
BitMEX successfully thwarted a social engineering attack by the Lazarus Group, a North Korean hacking collective, uncovering potential IP addresses and significant security lapses in the process. The attack involved an employee being targeted for malicious code execution, which led to an investigation revealing critical insights into the group's methods and operational weaknesses.
A sophisticated phishing scheme named BeaverTail masquerades as a job offer for an AI engineering role, tricking developers into executing malicious code from a fake GitHub repository. This malware operates in five stages, stealing sensitive information, establishing remote access, and deploying additional malicious components while exploiting trust through social engineering tactics.
A fake version of ChatGPT, disguised as an InVideo AI tool, is tricking users into downloading ransomware. This malicious software locks users out of their systems and demands a ransom for access. The incident highlights the urgent need for vigilance against such deceptive schemes in the AI landscape.
Payroll fraud has emerged as a significant threat, with attackers leveraging SEO poisoning to steal paychecks from unsuspecting employees. By manipulating search engine results, these fraudsters lead victims to phishing sites designed to harvest sensitive payroll information. Organizations need to enhance their cybersecurity measures to protect against these evolving tactics.
Takuya shares a frightening experience of receiving a phishing email disguised as a user support inquiry. The email led him to a malicious link that prompted him to execute a dangerous command in his terminal, highlighting the increasing sophistication of phishing attempts and the importance of staying vigilant against such threats.
A significant rise in identity-based cyberattacks, driven by advanced phishing kits and infostealers, has led to a 156% increase in login-targeting attacks, making them 59% of all investigations by eSentire. Organizations are urged to adopt stronger security measures, such as passkeys, to combat the growing threat of business email compromise (BEC) and ransomware, which are often facilitated by phishing-as-a-service platforms.
A significant rise in phishing activities using .es domains has been reported, with a 19-fold increase in malicious campaigns since January, making it the third most common TLD for such activities. Most of these campaigns focus on credential phishing, primarily spoofing Microsoft, and are often hosted on Cloudflare services. Researchers warn that this trend may indicate a growing tactic among various threat actors rather than just a few specialized groups.
A hacker successfully executed a voice phishing attack targeting Cisco customers, managing to steal their personal information. This incident highlights the ongoing risks associated with social engineering tactics in cybersecurity. Cisco has urged its clients to remain vigilant against such fraudulent schemes.
APT36 is a sophisticated phishing campaign targeting Indian government entities, primarily using deceptive emails to harvest sensitive information. The campaign employs various tactics to circumvent security measures, posing significant risks to national cybersecurity. Continuous monitoring and awareness are crucial for mitigating these threats.
Microsoft has issued a warning about a phishing scam known as "Payroll Pirate" that compromises employee accounts on Workday and other HR platforms. Attackers gain access through deceptive emails and adversary-in-the-middle tactics, allowing them to redirect payroll deposits to their own accounts. The scam has targeted multiple universities, resulting in compromised accounts and widespread phishing attempts.
A phishing scam targeting Booking.com users is spreading, utilizing a fake CAPTCHA to deceive victims into revealing their personal information. The scam is designed to look legitimate, making it crucial for users to remain vigilant and verify any unexpected requests for sensitive data. Cybersecurity experts are urging users to report suspicious activities promptly.
Stormshield's CTI team discovered servers linked to APT35, an Iranian APT group known for phishing campaigns. The team provided insights on how to identify these servers, highlighting ongoing phishing tactics targeting various sectors, particularly in Israel. They shared specific indicators of compromise and methods for tracking related domains.
Cybercriminals are impersonating job seekers to deliver ransomware through malicious resumes. By establishing trust on platforms like LinkedIn and using phishing tactics, they manipulate recruiters into opening harmful files. Security experts advise organizations to implement stricter measures to protect against these sophisticated social engineering attacks.
Phishing sites are masquerading as legitimate downloads from DeepSeek, distributing a proxy backdoor that compromises users' systems. These malicious sites exploit trust to lure victims into downloading harmful software. Users are advised to be cautious and verify sources before downloading applications.
Security researchers have linked various malware campaigns to the Proton66 network, which provides bulletproof hosting services for cybercriminals. These campaigns exploit compromised WordPress websites and have targeted users with phishing schemes and information stealers, particularly in specific regions such as Korea and Europe.
Ransomware is evolving with the integration of GenAI and LLMs, leading to more sophisticated attacks such as AI-driven phishing and quadruple extortion. Experts discuss how groups like CL0P and FunkSec utilize AI to enhance their operations and pressure victims, while emphasizing the need for defenders to implement AI-aware security measures across various platforms. Strategies for securing identities and leveraging API visibility against emerging threats are also highlighted.
The article discusses how Microsoft Edge implements website typo protection to combat typosquatting, a form of cybercrime where attackers register domains that are similar to popular sites to deceive users. It emphasizes the importance of this feature in enhancing user security and preventing phishing attacks through misspelled URLs.
Silent smishing exploits vulnerable cellular router APIs to conduct phishing attacks via SMS, allowing attackers to access sensitive information without authentication. The article discusses various attack methods, including the impersonation of legitimate organizations, and emphasizes the need for vigilance against such threats.
A significant smishing campaign attributed to a Chinese-speaking threat actor, known as the Smishing Triad, has exploited over 194,000 domains to gather sensitive information, including Social Security numbers. The campaign impersonates various services, targeting users worldwide, and employs a decentralized approach to evade detection.
Air France and KLM have reported a data breach resulting from unauthorized access to a third-party platform, compromising customer information such as names, contact details, and loyalty program numbers. The airlines have advised customers to be cautious of phishing attempts but confirmed that sensitive information like passwords and credit card details were not accessed.
A massive leak of 16 billion login credentials from various online services has been confirmed, marking one of the largest data breaches in history. Cybersecurity experts warn that these compromised credentials pose a significant risk for account takeovers and phishing attacks, emphasizing the importance of switching to secure passkeys and maintaining strong password hygiene. Users are urged to change passwords, utilize password managers, and adopt multi-factor authentication to protect their accounts.
Cybercriminals are exploiting Meta's advertising platforms to promote a fake TradingView Premium app that distributes the Brokewell malware for Android devices. This malware is capable of stealing sensitive information, monitoring users, and taking control of compromised devices, specifically targeting mobile users with localized ads since July 22nd. Researchers from Bitdefender have detailed the malware's advanced functionalities, including stealing cryptocurrency and bypassing two-factor authentication.
Fake software activation videos circulating on TikTok are promoting the Vidar stealer malware, which compromises user data and credentials. Users are lured into downloading malicious software disguised as legitimate tools, leading to significant security risks and potential data breaches. The article highlights the importance of cybersecurity awareness in the face of such deceptive tactics on social media platforms.
A phishing kit called CoGUI has sent over 580 million emails aimed at stealing credentials and payment data, primarily targeting Japan, but also affecting other countries like the US and Canada. The campaign peaked in January 2025 with 170 campaigns targeting millions of users, and it has been linked to threat actors from China. Researchers warn that the kit's adoption could expand its reach to other cybercriminals and regions.
ThreatLocker Web Control allows organizations to manage web access and block phishing threats without the need for additional tools, simplifying cybersecurity management. It offers quick setup, prebuilt protections, and the ability to enforce security policies across both managed and unmanaged devices. The platform aims to eliminate third-party risks while enhancing visibility and control over web access.
Adidas has confirmed that hackers stole personal data from a third-party customer service provider, primarily affecting contact information of customers who interacted with their help desk. The company assures that sensitive information like passwords and payment details were not compromised, but warns customers to remain vigilant against potential phishing attempts due to the breach.