Threat actors are using a Japanese Unicode character to create deceptive phishing links that mimic legitimate Booking.com URLs, tricking users into visiting malicious sites. This technique exploits visual similarities in characters, making it difficult for users to discern the real domain. Security measures are suggested to help users identify and avoid such phishing attempts.

Google has introduced new AI tools designed to enhance security for Chrome users, specifically targeting phishing and scam threats. These tools aim to proactively identify and block malicious sites, thereby improving the overall safety of browsing experiences for users worldwide.

DPRK hackers have successfully stolen approximately $137 million from users of the Tron blockchain. The attack involved sophisticated phishing techniques and targeted the platform's infrastructure, highlighting ongoing security vulnerabilities in cryptocurrency networks.

Cloudflare has introduced a new email service designed to enhance security and simplify email management for users. The service aims to protect users from spam and phishing attacks while providing a user-friendly experience with features such as custom domain support and email forwarding. This initiative reflects Cloudflare's commitment to improving digital communication safety and efficiency.

Threat actors are exploiting Google Apps Script to create convincing phishing pages that steal login credentials by mimicking legitimate login screens. By hosting these fraudulent pages within Google's trusted environment, the attackers bypass typical security checks, making it easier to deceive victims into providing sensitive information. Security experts recommend enhancing email security measures to scrutinize links to cloud services like Google Apps Script to mitigate these threats.

Facebook has announced support for passkeys, a feature designed to enhance security by reducing the risk of phishing attacks. This move aligns with the broader industry trend towards passwordless authentication methods, aiming to make online experiences safer for users. The integration of passkeys allows users to log in using biometric data or security keys instead of traditional passwords.

PyPI users are being targeted by a phishing attack that attempts to trick them into logging into a fake PyPI site via a fraudulent email. The email, which appears to be from PyPI but uses a similar but incorrect domain, prompts users to verify their email, potentially compromising their credentials. Users are advised to delete the email if received and change their passwords if they have already clicked on the link.

MokN Baits are advanced defensive phishing pages designed to lure attackers into revealing compromised credentials. By filtering out noise and providing tailored threat intelligence, MokN helps organizations effectively monitor and respond to real threats targeting their systems, enhancing security beyond traditional methods like dark web monitoring and MFA.

Emails originating from IT or HR departments are increasingly being targeted by phishing attacks, leading to a rise in successful breaches. These phishing attempts often leverage the trust associated with internal communications, making it crucial for organizations to educate employees about recognizing and reporting suspicious messages. Strengthening email security measures can help mitigate these risks.

Hackers are employing a sophisticated phishing technique that leverages legitimate Microsoft links and Active Directory Federation Services (ADFS) to redirect users to a counterfeit site designed to steal Microsoft 365 logins. By utilizing a trusted domain for redirection, attackers can bypass standard security measures, including multi-factor authentication. Researchers recommend monitoring for ADFS redirects and scrutinizing Google ads for potential malicious links.

A new phishing method called 'CoPhish' exploits Microsoft Copilot Studio agents to issue fraudulent OAuth consent requests, allowing attackers to steal session tokens through social engineering tactics. Researchers from Datadog Security Labs have highlighted the risks associated with Copilot Studio's flexibility and noted that Microsoft plans to address these vulnerabilities in future updates. Users are advised to limit administrative privileges and enforce stricter governance policies to mitigate the risks.

A credential harvesting campaign targeting ScreenConnect super administrators has been identified, leveraging low-volume spear phishing tactics with the EvilGinx framework. The operation aims to capture super admin credentials for potential ransomware deployment, utilizing sophisticated techniques to bypass traditional security measures. Mimecast has implemented protective measures and recommends user education and technical controls to mitigate the threat.

A critical vulnerability in the Windows NTFS file system, identified as CVE-2025-49689, allows for exploitation through specially crafted virtual disks (VHD). This vulnerability leads to multiple memory corruptions due to insufficient checks on integer overflow, facilitating potential escalation of privileges for attackers using malicious virtual disks in phishing attempts.

A new Android banking Trojan named Anatsa has been discovered, targeting users by mimicking legitimate banking applications. It employs advanced techniques to steal sensitive information and bypass security measures, posing a significant threat to users’ financial security. The malware is spread through malicious apps and phishing campaigns, highlighting the need for increased vigilance among mobile users.

Trezor has issued a warning about a phishing campaign that exploits its automated support system to send deceptive emails that appear legitimate. Attackers use this system to generate urgent messages that trick users into visiting a phishing site to steal their wallet seed phrases. Trezor is working on implementing measures to prevent such abuse in the future and advises users to never share their seed phrases.

Microsoft and Cloudflare have collaborated to take down the Raccoon365 phishing service, which targeted Microsoft 365 users. This operation aimed to protect users from credential theft and enhance overall cybersecurity measures against such phishing threats. The dismantling of Raccoon365 marks a significant step in combating cybercrime related to phishing schemes.

Google is leveraging advancements in AI to combat online scams across its platforms, including Search, Chrome, and Android. By enhancing their detection systems and implementing on-device models like Gemini Nano, they aim to significantly reduce scams such as phishing, tech support fraud, and deceptive notifications while adapting to new threats in real-time.

Microsoft Teams will implement automatic warnings for private messages containing links flagged as malicious, including spam, phishing, and malware. This feature, available for Microsoft Defender for Office 365 and Teams enterprise customers, is set to begin public preview in September 2025 and become generally available by November 2025. Admins can enable or manage these warnings through the Teams Admin Center.

The article highlights an innovative security awareness training program that includes interactive deepfake experiences, custom AI-generated content, and various phishing tests to prepare employees for real-world cybersecurity threats. It emphasizes the importance of engaging training methods to ensure users are adequately prepared for potential security risks.

Google Gemini for Workspace can be exploited through prompt-injection attacks that generate misleading email summaries, potentially leading users to phishing sites without attachments or direct links. Researcher Marco Figueroa revealed this vulnerability, highlighting how hidden instructions in emails can manipulate Gemini's output, prompting users to trust false security alerts. Google is aware of the issue and is implementing defenses against such attacks.

A vulnerability in Apple's Safari browser allows attackers to exploit the fullscreen browser-in-the-middle (BitM) technique, enabling them to steal user credentials by obscuring the address bar and tricking victims into entering sensitive information. Unlike other browsers, Safari does not provide a clear alert when entering fullscreen mode, making these attacks particularly deceptive. SquareX researchers have noted a rise in this malicious activity and reported Apple's dismissal of the issue as a "wontfix."

Discord users are at risk from a new phishing attack involving invite link hijacking, which leads to the installation of malware on victims' devices. The attack exploits the trust users place in Discord links, making it crucial for users to verify the authenticity of links before clicking. Security experts recommend staying vigilant and using protective measures to avoid falling victim to such scams.

The Python Software Foundation has issued a warning about new phishing attacks targeting PyPI users, urging them to reset their credentials after receiving fake emails from a fraudulent site. Victims are being misled into verifying their email for account maintenance, which could lead to credential theft and subsequent malware attacks on published packages. Users are advised to change passwords immediately and implement stronger security measures like two-factor authentication.

Cybercriminals are increasingly exploiting the Lovable AI website builder to create phishing pages and fraudulent sites that impersonate well-known brands. Despite Lovable's efforts to detect and eliminate malicious content, the rising number of AI site generators is lowering the barriers for cybercrime. Recent campaigns have targeted organizations and individuals through sophisticated phishing schemes, resulting in significant data theft and malware distribution.

The npm author Qix was targeted in a significant supply chain attack through a phishing email that spoofed npm branding, tricking the author into compromising their account. Malicious code was introduced into several packages, redirecting cryptocurrency transactions to the attacker's addresses, highlighting the persistent threat of phishing in the open-source ecosystem.

A new downgrade attack against Microsoft Entra ID has been developed, which tricks users into using weaker authentication methods, making them vulnerable to phishing and session hijacking. By spoofing a browser that lacks FIDO support, attackers can bypass FIDO authentication and intercept user credentials and session cookies. Although no real-world attacks using this method have been reported yet, the risk remains significant, particularly in targeted scenarios.

A new spear-phishing campaign, dubbed "Venom Spider," is targeting hiring managers and recruiters by masquerading as job seekers. The attackers exploit the necessity for HR staff to open email attachments, delivering a backdoor malware known as "More_eggs" to compromise systems and gather sensitive information.

Multiple DuckDB-related npm packages were compromised, including duckdb and its associated modules, which contained malicious code aimed at draining crypto wallets. The attack mirrors previous incidents of phishing in the npm ecosystem, leading to the vendor marking the latest release as deprecated and issuing an advisory on GitHub.

Phishing attacks that bypass multifactor authentication (MFA) are becoming increasingly accessible, with tools available that allow even non-technical users to create convincing phishing sites. These attacks utilize a method called "adversary in the middle," where attackers set up proxy servers to intercept login credentials and MFA codes from victims. The rise of phishing-as-a-service toolkits makes it easier for criminals to launch these attacks, posing a significant threat to online security.

AI Browsers are rapidly being integrated into everyday tasks, but their lack of security measures exposes users to new scams, termed "Scamlexity." Tests revealed that these AI systems can easily fall victim to phishing attacks and fraudulent websites, with serious implications for user safety as they become the primary decision-makers in online interactions. Without robust guardrails, the convenience of Agentic AI could lead to significant financial and personal data losses for users.

Threat actors have exploited SourceForge to distribute fake Microsoft Office add-ins that install malware, including cryptocurrency miners and clipboard hijackers, on victims' computers. Over 4,600 systems, primarily in Russia, have been affected by this campaign, which involved deceptive project pages mimicking legitimate tools. Users are advised to download software only from trusted sources and verify files before execution.

SSL.com faced a significant security flaw in its domain validation process, allowing unauthorized issuance of TLS certificates for legitimate websites, including Alibaba Cloud's domain. A bug hunter demonstrated the exploit by obtaining certificates for domains not owned by them, prompting SSL.com to revoke 11 mis-issued certificates as a precaution. The company has temporarily disabled the flawed validation method while they work on a fix and will provide a full incident report soon.

Microsoft is expanding the list of blocked attachments in Outlook Web and the new Outlook for Windows by adding .library-ms and .search-ms file types starting in July 2025. This decision aims to enhance security by preventing the exploitation of these file types in phishing attacks, although most organizations are unlikely to be affected. Users who need to send or receive these attachments can adjust their settings accordingly.

Discover how Persona's Know Your Employee (KYE) solution bolsters organizational security by enhancing identity verification and authentication throughout the employee life cycle. The webinar discusses strategies to combat phishing and social engineering through automation and integration with existing IAM tools.

Pleo is currently facing a phishing attempt where fraudulent SMS messages are impersonating the company, warning recipients about declined transactions or login issues. Users are advised not to share their passcodes or call any numbers provided in these messages, and to report any suspicious activity to Pleo's support team. The company has implemented measures to enhance security, including changing the sender name for SMS messages in Denmark.