Tag: phishing
-
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
by
in SecurityNewsMicrosoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials.”These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection,” Microsoft said in a report shared with…
-
New Phishing Campaign Targets Investors to Steal Login Credentials
by
in SecurityNewsSymantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マãƒãƒƒã‚¯ã‚¹è¨¼åˆ¸), a prominent online securities company in Japan formed through the merger of Monex, Inc. and Nikko Beans, Inc. The company provides individual investors with a range of financial services, making it an attractive target for cybercriminals. The phishing operation involves the…
-
Qilin Operators Imitate ScreenConnect Login Page to Deploy Ransomware and Gain Admin Access
by
in SecurityNews
Tags: access, attack, cyber, cyberattack, exploit, group, login, monitoring, msp, phishing, ransomware, service, sophos, threatIn a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a Managed Service Provider (MSP) by mimicking the login page of ScreenConnect, a popular Remote Monitoring and Management (RMM) tool. The attack, which occurred in January 2025, highlights the growing sophistication of phishing campaigns targeting MSPs to exploit downstream customers. Sophos’…
-
Phishers are increasingly impersonating electronic toll collection companies
by
in SecurityNewsSteam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. >>Historically, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/electronic-toll-collection-phishing/
-
Millionenverlust: Kryptodieb fällt auf Phishing rein und verliert seine Beute
by
in SecurityNewsMehr als 3.000 Ethereum-Token hat er erfolgreich von einer Krypto-Plattform gestohlen. Sein Triumph währte jedoch nicht lange. First seen on golem.de Jump to article: www.golem.de/news/millionenverlust-kryptodieb-faellt-auf-phishing-rein-und-verliert-seine-beute-2504-194979.html
-
Nearly 600 Phishing Domains Emerge Following Bybit Heist
by
in SecurityNews
Tags: phishingBforeAI researchers discover 596 suspicious Bybit-themed domains designed to defraud visitors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/over-500-phishing-domains-bybit/
-
The Rise of Quishing: QR Codes as a Gateway to Phishing Attacks
by
in SecurityNewsA new wave of phishing attacks is leveraging the widespread use of QR codes to deceive victims and First seen on securityonline.info Jump to article: securityonline.info/the-rise-of-quishing-qr-codes-as-a-gateway-to-phishing-attacks/
-
Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers
by
in SecurityNewsRenowned cybersecurity expert Troy Hunt falls victim to a phishing attack, resulting in the exposure of thousands of subscriber details, and don’t lose your life savings in a whisky scam… First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-411/
-
How To Identify URL Phishing Techniques
by
in SecurityNews
Tags: phishingFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/how-to-identify-url-phishing-techniques/
-
Surge in Smishing Fueled by Lucid PhaaS Platform
Chinese-Speaking Operators Have Made Lucid a ‘Primary Source’ of Phishing. Security researchers say they expect a surge this year in text message smishing fueled by a phishing-as-a-service platform operated by Chinese-speaking threat actors. Lucid already is a primary source of phishing campaigns targeting users in Europe, the United Kingdom and the United States. First seen…
-
What is subdomain hijacking?
by
in SecurityNewsSubdomain hijacking is a cybersecurity risk where attackers exploit abandoned DNS records to take control of legitimate subdomains. This can lead to phishing attacks, credential theft, and malware distribution. Organizations must regularly audit DNS records, remove outdated entries, and strengthen cloud security policies to prevent these vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/what-is-subdomain-hijacking/
-
Hackers Exploit Cloudflare for Advanced Phishing Attacks
by
in SecurityNewsA sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the abuse of Cloudflare services and Telegram for malicious purposes. Researchers at Hunt.io have identified this new wave of attacks, which employs Cloudflare-branded phishing pages and advanced tactics to evade detection. The campaign utilizes Cloudflare’s Pages.dev and Workers.dev platforms typically used…
-
Threat-informed defense for operational technology: Moving from information to action
by
in SecurityNews
Tags: access, ai, attack, automation, blueteam, cloud, control, crime, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, finance, fortinet, framework, group, incident response, infrastructure, intelligence, law, malicious, malware, mitre, network, phishing, PurpleTeam, ransomware, RedTeam, resilience, risk, service, soar, strategy, tactics, technology, threat, tool, usaThe rise of cybercrime-as-a-service Today’s macro threat landscape is a flourishing ecosystem of cybercrime facilitated by crime-as-a-service (CaaS) models. Cybercriminal networks now operate like legitimate businesses, with specialized units dedicated to activities such as money laundering, malware development, and spear phishing. This ecosystem lowers the barrier to entry for cybercrime, enabling low-skilled adversaries to launch…
-
QR Code Phishing (Quishing) Attack Your Smartphones To Steal Microsoft Accounts Credentials
by
in SecurityNewsCybersecurity researchers have identified a growing trend in phishing attacks leveraging QR codes, a tactic known as >>quishing.
-
Steam Surges to Top of Most Spoofed Brands List in Q1
by
in SecurityNewsGaming community Steam appeared most often in phishing emails and texts detected by Guardio in Q1 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/steam-surges-top-most-spoofed/
-
Ongoing Gamaredon phishing campaign targets Ukraine with Remcos RAT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/ongoing-gamaredon-phishing-campaign-targets-ukraine-with-remcos-rat
-
Global iOS, Android SMS phishing facilitated by Lucid PhaaS platform
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/global-ios-android-sms-phishing-facilitated-by-lucid-phaas-platform
-
Android, iOS Phishing Attacks Use Lucid PhaaS Platform
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/android-ios-phishing-attacks-use-lucid-phaas-platform
-
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android.Lucid’s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms.”Its scalable, First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/lucid-phaas-hits-169-targets-in-88.html
-
New Phishing Attack Combines Vishing and DLL Sideloading Techniques
A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-attack-combines-vishing/
-
LLMs are now available in snack size but digest with care
by
in SecurityNewsPassed down wisdom can distort reality: Rather than developing their own contextual understanding, student models rely heavily on their teacher models’ pre-learned conclusions. Whether this limitation can lead to model hallucination is highly debated by experts.Brauchler is of the opinion that the efficiency of the student models is tied to that of their teachers, irrespective…
-
Infostealer malware poses potent threat despite recent takedowns
by
in SecurityNewsHow CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
6 hard-earned tips for leading through a cyberattack, from CSOs who’ve been there
by
in SecurityNews
Tags: attack, awareness, breach, business, cisco, ciso, control, cyber, cyberattack, cybersecurity, data, group, incident response, infosec, infrastructure, lessons-learned, military, open-source, phishing, phone, privacy, programming, ransomware, security-incident, service, skills, software, strategy, threat, training, updateDevelop muscle memory, and patience, through simulations: Authority under crisis is meaningless if you can’t establish followership. And this goes beyond the incident response team: CISOs must communicate with the entire organization, a commonly misunderstood imperative, says Pablo Riboldi, CISO of nearshore talent provider BairesDev.”I find that employee involvement tends to be overlooked during cyberattacks.…
-
Morphing Meerkat’s Phishing Tactics: Abusing DNS MX Records
by
in SecurityNewsA recent report has uncovered a sophisticated phishing operation that uses DNS techniques to tailor content to victims. First seen on securityonline.info Jump to article: securityonline.info/morphing-meerkats-phishing-tactics-abusing-dns-mx-records/
-
Privacy Roundup: Week 13 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, application-security, breach, browser, cctv, chrome, cloud, cve, cybersecurity, data, detection, exploit, firmware, google, group, leak, linux, malware, microsoft, mobile, phishing, privacy, regulation, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, zero-dayThis is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…