Threat actors are using a Japanese Unicode character to create deceptive phishing links that mimic legitimate Booking.com URLs, tricking users into visiting malicious sites. This technique exploits visual similarities in characters, making it difficult for users to discern the real domain. Security measures are suggested to help users identify and avoid such phishing attempts.

A new Android banking Trojan named Anatsa has been discovered, targeting users by mimicking legitimate banking applications. It employs advanced techniques to steal sensitive information and bypass security measures, posing a significant threat to users’ financial security. The malware is spread through malicious apps and phishing campaigns, highlighting the need for increased vigilance among mobile users.

Microsoft Teams will implement automatic warnings for private messages containing links flagged as malicious, including spam, phishing, and malware. This feature, available for Microsoft Defender for Office 365 and Teams enterprise customers, is set to begin public preview in September 2025 and become generally available by November 2025. Admins can enable or manage these warnings through the Teams Admin Center.

The Python Software Foundation has issued a warning about new phishing attacks targeting PyPI users, urging them to reset their credentials after receiving fake emails from a fraudulent site. Victims are being misled into verifying their email for account maintenance, which could lead to credential theft and subsequent malware attacks on published packages. Users are advised to change passwords immediately and implement stronger security measures like two-factor authentication.

Discord users are at risk from a new phishing attack involving invite link hijacking, which leads to the installation of malware on victims' devices. The attack exploits the trust users place in Discord links, making it crucial for users to verify the authenticity of links before clicking. Security experts recommend staying vigilant and using protective measures to avoid falling victim to such scams.

The npm author Qix was targeted in a significant supply chain attack through a phishing email that spoofed npm branding, tricking the author into compromising their account. Malicious code was introduced into several packages, redirecting cryptocurrency transactions to the attacker's addresses, highlighting the persistent threat of phishing in the open-source ecosystem.

Cybercriminals are increasingly exploiting the Lovable AI website builder to create phishing pages and fraudulent sites that impersonate well-known brands. Despite Lovable's efforts to detect and eliminate malicious content, the rising number of AI site generators is lowering the barriers for cybercrime. Recent campaigns have targeted organizations and individuals through sophisticated phishing schemes, resulting in significant data theft and malware distribution.

A new spear-phishing campaign, dubbed "Venom Spider," is targeting hiring managers and recruiters by masquerading as job seekers. The attackers exploit the necessity for HR staff to open email attachments, delivering a backdoor malware known as "More_eggs" to compromise systems and gather sensitive information.

Multiple DuckDB-related npm packages were compromised, including duckdb and its associated modules, which contained malicious code aimed at draining crypto wallets. The attack mirrors previous incidents of phishing in the npm ecosystem, leading to the vendor marking the latest release as deprecated and issuing an advisory on GitHub.

Threat actors have exploited SourceForge to distribute fake Microsoft Office add-ins that install malware, including cryptocurrency miners and clipboard hijackers, on victims' computers. Over 4,600 systems, primarily in Russia, have been affected by this campaign, which involved deceptive project pages mimicking legitimate tools. Users are advised to download software only from trusted sources and verify files before execution.