Other noteworthy stories that might have slipped under the radar: Apple updates platform security guide, LastPass detects new phishing wave, CISA withdraws from RSA Conference. The post In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak appeared first on SecurityWeek .
Read OriginalSecurity researchers have uncovered a sophisticated traffic distribution network leveraging deceptive education-themed domains to deliver malware and phishing attacks. The operation, tracked under infrastructure indicators pointing to TOXICSNAKE, uses legitimate-looking university and educational institution branding to deceive users into visiting malicious websites. This tactic exploits the trust users place in educational platforms, making it an […] The post Education-Themed Malicious Domains ...
Read OriginalA new security feature is being added to Teams to help organizations detect and stop voice-based scams and phishing attacks. The new “Report a Call” button will allow users to flag suspicious one-to-one calls directly from their Teams call history. As use of Microsoft Teams calling continues to grow, attackers are increasingly using voice calls […] The post Microsoft Teams New Feature to Flag Suspicious One-to-One Calls appeared first on Cyber Security News .
Read OriginalMicrosoft plans to introduce a call reporting feature in Teams by mid-March, allowing users to flag suspicious or unwanted calls as potential scams or phishing attempts. [...]
Read OriginalCome one, come all. Everyone from Russian and Chinese government goons to financially motivated miscreants is exploiting a long-since-patched WinRAR vuln to bring you infostealers and Remote Access Trojans (RATs).…
Read OriginalDomains set up by the threat actor suggest attacks aimed at Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, and WeWork. The post Over 100 Organizations Targeted in ShinyHunters Phishing Campaign appeared first on SecurityWeek .
Read OriginalA new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. [...]
Read OriginalScammers are abusing Microsoft Teams invitations to send fake billing notices, with 12,866 emails reaching around 6,135 users in a phone-based phishing campaign.
Read OriginalPriced $2,000 - $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store. The post ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek .
Read OriginalIn December 2025, threat researchers uncovered an alarming espionage operation targeting residents of India through sophisticated phishing campaigns. The attack, dubbed SyncFuture, demonstrates how cybercriminals can abuse legitimate business software as a vehicle for launching advanced malware attacks. Attackers sent fraudulent emails impersonating India’s Income Tax Department, tricking victims into downloading malicious files containing multiple […] The post ‘SyncFuture’ Campaign Weaponizing ...
Read OriginalA sophisticated phishing campaign active between November 2025 and January 2026 has been exploiting Vercel’s legitimate hosting platform to distribute remote access tools to unsuspecting victims. The attack chain combines social engineering with trusted domain exploitation, making it particularly effective at bypassing traditional security layers. Attackers craft phishing emails using financially themed lures such as […] The post New Phishing Attack Leverages Vercel Hosting Platform to Deliver a...
Read OriginalThe 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. [...]
Read OriginalA sophisticated “homoglyph” phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter “m” with the combination “rn” (r + n), creating fake websites that look nearly identical to the real ones. This technique, known as typosquatting or a homoglyph attack, exploits the way modern fonts display text. […] The post Hackers Use ‘rn’ Typo Trick to Impersonate Marriott in New Phishing Attack appeared first on Cyber Security N...
Read OriginalMicrosoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised multiple user accounts and evolved into widespread business email compromise (BEC) operations across several organisations. Initial Compromise Through Trusted Vendor The attack began with phishing emails sent from a compromised trusted vendor’s […] The post Threat Actors Leverag...
Read OriginalThe ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. [...]
Read Original