Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. [...]
Read OriginalRelying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities. The post Chinese Cybercrime Group in Spotlight for Record Campaign Pace appeared first on SecurityWeek .
Read OriginalFor a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG ("Scalable Vector Graphic") is a web-friendly vector file format used for graphics and icons. No URL in the body, just “an imageâ€, that's the perfect way to deliver some malicious content. This isn't the first time that we see this technique used by threat actors[1].
Read OriginalHacking voting machines is so 2017. Phishing, impersonation pose the real election risks
Read OriginalNoteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attacks. The post In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks appeared first on SecurityWeek .
Read OriginalA browser-based prompt injection technique that transforms any web page into a phishing delivery surface by exploiting ChatGPT’s page summarization feature, rendering attacker-controlled links, fake security alerts, and QR codes directly inside the trusted ChatGPT interface. Researchers at Permiso have disclosed the attack dubbed ChatGPhish, which builds on the same trust-transfer logic previously demonstrated against […] The post New ChatGPT Vulnerability Lets Attackers Turn Web Pages Into Phis...
Read OriginalA sophisticated phishing campaign is actively targeting financial organizations by using fake Adobe Document Cloud pages to silently install ScreenConnect remote access malware on victim machines. The operation is well-structured, deceptive, and difficult to detect because it blends into everyday enterprise software activity. The campaign works by sending phishing emails that look like legitimate Adobe […] The post Hackers Use Fake Adobe Document Cloud Pages to Deliver ScreenConnect Malware appe...
Read OriginalAn Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]
Read OriginalDelivered via phishing lures, the malware combines financial theft with data exfiltration and remote access. The post New BTMOB Android Malware Enables Full Device Takeover appeared first on SecurityWeek .
Read OriginalAs AI accelerates phishing, session hijacking, and credential abuse, security teams are racing to close the gap between attacker speed and defensive response. The post The Credential Crisis: How Stolen Credentials Defeat Modern Security appeared first on SecurityWeek .
Read OriginalThe FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]
Read OriginalKali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled applications. The post FBI warns about fast-growing phishing kit targeting Microsoft 365 users appeared first on CyberScoop .
Read OriginalFBI warns of Kali365, a PaaS scam kit that lets cybercriminals bypass MFA and hijack Microsoft 365 accounts without passwords.
Read OriginalModern crypto drainers don't hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. [...]
Read OriginalThe company has developed a platform that uses specialized AI agents to inspect every incoming message. The post Ocean Emerges From Stealth With $28M for Agentic Email Security Platform appeared first on SecurityWeek .
Read Original