Click any tag below to further narrow down your results
Links
Chinese phishing groups are now sending scam SMS messages about unclaimed tax refunds and rewards points, aiming to steal payment card data. They create fake e-commerce sites that look legitimate, making it difficult for consumers to spot the fraud until it's too late. Experts warn that this increase in scams often coincides with the holiday shopping rush.
This article outlines a security awareness training program that includes interactive deepfake simulations and custom AI-generated content. It emphasizes engaging, bite-sized lessons and updates to keep employees informed about current threats like phishing.
Flickr informed users of a data breach linked to a third-party email service that may have exposed personal information, including names, email addresses, and user activity. The company has shut down the affected system and is reviewing its security practices while advising users to check their account settings. No passwords or financial data were compromised.
1Password has rolled out a new feature that provides pop-up warnings for users when they visit potentially phishing websites. This aims to help users avoid entering their credentials on malicious pages, especially those with typosquatted URLs. The feature will be automatically enabled for individual and family plan users, while admins can activate it for enterprise accounts.
Eric Moret recounts a near miss with a sophisticated phishing attempt that exploited Apple’s support system. He details how scammers manipulated legitimate security protocols to gain access to his account, highlighting the psychological tactics used to deceive him.
Attackers are using a new method called "Browser-in-the-Browser" to create convincing fake login windows that steal usernames and passwords. These pop-ups look legitimate and can trick users, but employing a password manager and being cautious with links can help protect your accounts.
Attackers are exploiting WhatsApp's device-linking feature to hijack accounts using a method called GhostPairing. Victims are tricked into linking their accounts to an attacker's browser through fake messages and deceptive login pages, granting the attackers full access to their conversations and media.
Google is suing over 25 individuals linked to Lighthouse, a phishing service that enables scammers to impersonate trusted brands and steal payment card data via text messages. The suit aims to disrupt a network known for targeting over a million victims worldwide, using sophisticated tactics to enroll stolen card information into mobile wallets.
The article recounts a personal experience with a sophisticated phishing scam targeting a Coinbase user. The author details how scammers used stolen personal information to manipulate them into revealing more data and discusses Coinbase's inadequate response to the breach.
This webinar discusses how ICS phishing targets calendar integrations in Microsoft 365 and Google Workspace. It explains how attackers use malicious invites that bypass traditional email security, and how Sublime's platform detects and removes these threats from both email and calendar applications.
DestroyList is an open-source tool that provides a curated list of phishing and scam domains, allowing users to block malicious sites effectively. It offers real-time risk scoring and various download formats for integration into firewalls and DNS resolvers. The service uses community reports and advanced detection methods to identify threats.
This article discusses phishing campaigns by a Russian threat actor that exploit OAuth and Device Code authentication, using fake websites for international security events to trick users into revealing their credentials. The campaigns target organizations involved in events like the Belgrade Security Conference and the Brussels Indo-Pacific Dialogue, employing tactics such as rapport-building and messaging app support to enhance success.
A report reveals that 18 American universities faced a coordinated phishing campaign from April to November 2025. Attackers used the Evilginx tool to bypass Multi-Factor Authentication and steal login credentials and session cookies, compromising user accounts. The University of San Diego was the first reported victim, and several other institutions were significantly affected.
This article examines how Device Code Phishing exploits the OAuth 2.0 authentication process used by Microsoft and Google. It details the mechanics of the attack, illustrating how attackers can trick users into providing access tokens through a seemingly legitimate flow. The comparison highlights the different security postures of the two identity providers.
Tangled is a tool for red team professionals that automates phishing campaigns using calendar invites in Outlook and Gmail. It runs on Docker, making installation straightforward, and is designed for ethical use in security research.
OpenAI's analytics partner Mixpanel suffered a data breach, exposing customer profile information from OpenAI API accounts. The breach occurred due to a smishing attack, and while OpenAI claims its systems were not compromised, affected customers have been notified and advised to stay vigilant against phishing attempts.
Neon Cyber provides real-time protection against phishing and SaaS risks directly within users' browsers. It monitors user behavior, enforcing security policies as they work to prevent credential misuse and other threats. The service aims to enhance security without disrupting productivity.
This article details a new method for bypassing multi-factor authentication (MFA) protections by manipulating the authentication flow using Cloudflare Workers. The technique involves intercepting and altering server responses to downgrade secure authentication methods to phishable ones, exploiting vulnerabilities in implementation rather than cryptography.
Ledger customers are at risk after a data breach at Global-e, a third-party payment processor. Though no financial information was compromised, personal details like names and contact information were exposed. Ledger advises users to stay vigilant against potential phishing attempts.
The Herodotus malware family targets Android devices by using random delays to imitate human typing, making it harder for security software to detect. Currently distributed through SMS phishing, it can bypass Accessibility permissions and interact with the user interface to steal sensitive information. Experts warn Android users to be cautious about app permissions and avoid downloading apps from untrusted sources.
This article discusses TokenFlare, a serverless framework for simulating phishing attacks on Entra ID and M365. It allows users to configure OAuth flows, deploy either locally or to Cloudflare, and includes built-in operational security features. The setup requires Python and Node.js, and it emphasizes authorized testing only.
This article reveals that 68% of phishing sites are hosted on Cloudflare, exploiting its free services for anonymity. It discusses how attackers are using sophisticated tactics, including Phishing-as-a-Service (PhaaS), to target users and evade detection, making traditional defenses inadequate.
Scammers are using fake comments on LinkedIn posts to impersonate the platform and trick users into clicking malicious links. These comments falsely claim account restrictions and utilize LinkedIn's branding and URL shortener to appear legitimate. LinkedIn is aware of the issue and advises users to report suspicious activity.
This article presents Infosec IQ, a platform designed to enhance employee cybersecurity awareness through video-based micro-learnings and role-based training modules. It highlights the importance of employee training in mitigating security risks and offers tools for program management and threat simulation.
Researchers found a phishing campaign using Phorpiex malware to spread Global Group ransomware. The attack employs deceptive file names to trick users into downloading a Windows shortcut that encrypts files offline, making recovery nearly impossible. It also erases backup files to cover its tracks.
This article offers a free phishing simulation service that tests employees using realistic attack tactics like email and SMS. The service is fully managed, requiring no setup from your team, and provides a clear report on employee interactions.
This article explains the need to monitor and control outbound traffic to protect against internal threats like malware and phishing. It highlights how malicious software can communicate externally and the compliance requirements related to outbound traffic restrictions. It also discusses the challenges businesses face in implementing these restrictions and suggests advanced security solutions.
Threat actors are using a Japanese Unicode character to create deceptive phishing links that mimic legitimate Booking.com URLs, tricking users into visiting malicious sites. This technique exploits visual similarities in characters, making it difficult for users to discern the real domain. Security measures are suggested to help users identify and avoid such phishing attempts.
Google has introduced new AI tools designed to enhance security for Chrome users, specifically targeting phishing and scam threats. These tools aim to proactively identify and block malicious sites, thereby improving the overall safety of browsing experiences for users worldwide.
DPRK hackers have successfully stolen approximately $137 million from users of the Tron blockchain. The attack involved sophisticated phishing techniques and targeted the platform's infrastructure, highlighting ongoing security vulnerabilities in cryptocurrency networks.
Cloudflare has introduced a new email service designed to enhance security and simplify email management for users. The service aims to protect users from spam and phishing attacks while providing a user-friendly experience with features such as custom domain support and email forwarding. This initiative reflects Cloudflare's commitment to improving digital communication safety and efficiency.
Threat actors are exploiting Google Apps Script to create convincing phishing pages that steal login credentials by mimicking legitimate login screens. By hosting these fraudulent pages within Google's trusted environment, the attackers bypass typical security checks, making it easier to deceive victims into providing sensitive information. Security experts recommend enhancing email security measures to scrutinize links to cloud services like Google Apps Script to mitigate these threats.
Facebook has announced support for passkeys, a feature designed to enhance security by reducing the risk of phishing attacks. This move aligns with the broader industry trend towards passwordless authentication methods, aiming to make online experiences safer for users. The integration of passkeys allows users to log in using biometric data or security keys instead of traditional passwords.
PyPI users are being targeted by a phishing attack that attempts to trick them into logging into a fake PyPI site via a fraudulent email. The email, which appears to be from PyPI but uses a similar but incorrect domain, prompts users to verify their email, potentially compromising their credentials. Users are advised to delete the email if received and change their passwords if they have already clicked on the link.
MokN Baits are advanced defensive phishing pages designed to lure attackers into revealing compromised credentials. By filtering out noise and providing tailored threat intelligence, MokN helps organizations effectively monitor and respond to real threats targeting their systems, enhancing security beyond traditional methods like dark web monitoring and MFA.
Emails originating from IT or HR departments are increasingly being targeted by phishing attacks, leading to a rise in successful breaches. These phishing attempts often leverage the trust associated with internal communications, making it crucial for organizations to educate employees about recognizing and reporting suspicious messages. Strengthening email security measures can help mitigate these risks.
A credential harvesting campaign targeting ScreenConnect super administrators has been identified, leveraging low-volume spear phishing tactics with the EvilGinx framework. The operation aims to capture super admin credentials for potential ransomware deployment, utilizing sophisticated techniques to bypass traditional security measures. Mimecast has implemented protective measures and recommends user education and technical controls to mitigate the threat.
A new phishing method called 'CoPhish' exploits Microsoft Copilot Studio agents to issue fraudulent OAuth consent requests, allowing attackers to steal session tokens through social engineering tactics. Researchers from Datadog Security Labs have highlighted the risks associated with Copilot Studio's flexibility and noted that Microsoft plans to address these vulnerabilities in future updates. Users are advised to limit administrative privileges and enforce stricter governance policies to mitigate the risks.
Hackers are employing a sophisticated phishing technique that leverages legitimate Microsoft links and Active Directory Federation Services (ADFS) to redirect users to a counterfeit site designed to steal Microsoft 365 logins. By utilizing a trusted domain for redirection, attackers can bypass standard security measures, including multi-factor authentication. Researchers recommend monitoring for ADFS redirects and scrutinizing Google ads for potential malicious links.
A critical vulnerability in the Windows NTFS file system, identified as CVE-2025-49689, allows for exploitation through specially crafted virtual disks (VHD). This vulnerability leads to multiple memory corruptions due to insufficient checks on integer overflow, facilitating potential escalation of privileges for attackers using malicious virtual disks in phishing attempts.
A new Android banking Trojan named Anatsa has been discovered, targeting users by mimicking legitimate banking applications. It employs advanced techniques to steal sensitive information and bypass security measures, posing a significant threat to users’ financial security. The malware is spread through malicious apps and phishing campaigns, highlighting the need for increased vigilance among mobile users.
Trezor has issued a warning about a phishing campaign that exploits its automated support system to send deceptive emails that appear legitimate. Attackers use this system to generate urgent messages that trick users into visiting a phishing site to steal their wallet seed phrases. Trezor is working on implementing measures to prevent such abuse in the future and advises users to never share their seed phrases.
Microsoft and Cloudflare have collaborated to take down the Raccoon365 phishing service, which targeted Microsoft 365 users. This operation aimed to protect users from credential theft and enhance overall cybersecurity measures against such phishing threats. The dismantling of Raccoon365 marks a significant step in combating cybercrime related to phishing schemes.
Google is leveraging advancements in AI to combat online scams across its platforms, including Search, Chrome, and Android. By enhancing their detection systems and implementing on-device models like Gemini Nano, they aim to significantly reduce scams such as phishing, tech support fraud, and deceptive notifications while adapting to new threats in real-time.
Microsoft Teams will implement automatic warnings for private messages containing links flagged as malicious, including spam, phishing, and malware. This feature, available for Microsoft Defender for Office 365 and Teams enterprise customers, is set to begin public preview in September 2025 and become generally available by November 2025. Admins can enable or manage these warnings through the Teams Admin Center.
The article highlights an innovative security awareness training program that includes interactive deepfake experiences, custom AI-generated content, and various phishing tests to prepare employees for real-world cybersecurity threats. It emphasizes the importance of engaging training methods to ensure users are adequately prepared for potential security risks.
Google Gemini for Workspace can be exploited through prompt-injection attacks that generate misleading email summaries, potentially leading users to phishing sites without attachments or direct links. Researcher Marco Figueroa revealed this vulnerability, highlighting how hidden instructions in emails can manipulate Gemini's output, prompting users to trust false security alerts. Google is aware of the issue and is implementing defenses against such attacks.
A vulnerability in Apple's Safari browser allows attackers to exploit the fullscreen browser-in-the-middle (BitM) technique, enabling them to steal user credentials by obscuring the address bar and tricking victims into entering sensitive information. Unlike other browsers, Safari does not provide a clear alert when entering fullscreen mode, making these attacks particularly deceptive. SquareX researchers have noted a rise in this malicious activity and reported Apple's dismissal of the issue as a "wontfix."
Discord users are at risk from a new phishing attack involving invite link hijacking, which leads to the installation of malware on victims' devices. The attack exploits the trust users place in Discord links, making it crucial for users to verify the authenticity of links before clicking. Security experts recommend staying vigilant and using protective measures to avoid falling victim to such scams.
The Python Software Foundation has issued a warning about new phishing attacks targeting PyPI users, urging them to reset their credentials after receiving fake emails from a fraudulent site. Victims are being misled into verifying their email for account maintenance, which could lead to credential theft and subsequent malware attacks on published packages. Users are advised to change passwords immediately and implement stronger security measures like two-factor authentication.
Multiple DuckDB-related npm packages were compromised, including duckdb and its associated modules, which contained malicious code aimed at draining crypto wallets. The attack mirrors previous incidents of phishing in the npm ecosystem, leading to the vendor marking the latest release as deprecated and issuing an advisory on GitHub.
A new spear-phishing campaign, dubbed "Venom Spider," is targeting hiring managers and recruiters by masquerading as job seekers. The attackers exploit the necessity for HR staff to open email attachments, delivering a backdoor malware known as "More_eggs" to compromise systems and gather sensitive information.
Cybercriminals are increasingly exploiting the Lovable AI website builder to create phishing pages and fraudulent sites that impersonate well-known brands. Despite Lovable's efforts to detect and eliminate malicious content, the rising number of AI site generators is lowering the barriers for cybercrime. Recent campaigns have targeted organizations and individuals through sophisticated phishing schemes, resulting in significant data theft and malware distribution.
A new downgrade attack against Microsoft Entra ID has been developed, which tricks users into using weaker authentication methods, making them vulnerable to phishing and session hijacking. By spoofing a browser that lacks FIDO support, attackers can bypass FIDO authentication and intercept user credentials and session cookies. Although no real-world attacks using this method have been reported yet, the risk remains significant, particularly in targeted scenarios.
The npm author Qix was targeted in a significant supply chain attack through a phishing email that spoofed npm branding, tricking the author into compromising their account. Malicious code was introduced into several packages, redirecting cryptocurrency transactions to the attacker's addresses, highlighting the persistent threat of phishing in the open-source ecosystem.
Phishing attacks that bypass multifactor authentication (MFA) are becoming increasingly accessible, with tools available that allow even non-technical users to create convincing phishing sites. These attacks utilize a method called "adversary in the middle," where attackers set up proxy servers to intercept login credentials and MFA codes from victims. The rise of phishing-as-a-service toolkits makes it easier for criminals to launch these attacks, posing a significant threat to online security.
AI Browsers are rapidly being integrated into everyday tasks, but their lack of security measures exposes users to new scams, termed "Scamlexity." Tests revealed that these AI systems can easily fall victim to phishing attacks and fraudulent websites, with serious implications for user safety as they become the primary decision-makers in online interactions. Without robust guardrails, the convenience of Agentic AI could lead to significant financial and personal data losses for users.
Threat actors have exploited SourceForge to distribute fake Microsoft Office add-ins that install malware, including cryptocurrency miners and clipboard hijackers, on victims' computers. Over 4,600 systems, primarily in Russia, have been affected by this campaign, which involved deceptive project pages mimicking legitimate tools. Users are advised to download software only from trusted sources and verify files before execution.
SSL.com faced a significant security flaw in its domain validation process, allowing unauthorized issuance of TLS certificates for legitimate websites, including Alibaba Cloud's domain. A bug hunter demonstrated the exploit by obtaining certificates for domains not owned by them, prompting SSL.com to revoke 11 mis-issued certificates as a precaution. The company has temporarily disabled the flawed validation method while they work on a fix and will provide a full incident report soon.
Microsoft is expanding the list of blocked attachments in Outlook Web and the new Outlook for Windows by adding .library-ms and .search-ms file types starting in July 2025. This decision aims to enhance security by preventing the exploitation of these file types in phishing attacks, although most organizations are unlikely to be affected. Users who need to send or receive these attachments can adjust their settings accordingly.
Discover how Persona's Know Your Employee (KYE) solution bolsters organizational security by enhancing identity verification and authentication throughout the employee life cycle. The webinar discusses strategies to combat phishing and social engineering through automation and integration with existing IAM tools.
Pleo is currently facing a phishing attempt where fraudulent SMS messages are impersonating the company, warning recipients about declined transactions or login issues. Users are advised not to share their passcodes or call any numbers provided in these messages, and to report any suspicious activity to Pleo's support team. The company has implemented measures to enhance security, including changing the sender name for SMS messages in Denmark.