Facebook users are increasingly becoming targets of a sophisticated phishing technique that bypasses conventional security measures. With over three billion active users on the platform, Facebook represents an attractive target for attackers seeking to compromise accounts and harvest personal credentials. The primary objective of these attacks remains clear: steal login credentials to hijack accounts, spread […] The post Hackers Leverage Browser-in-the-browser Tactic to Trick Facebook Users and ...
A recent AsyncRAT campaign is using Cloudflare’s free tier services and TryCloudflare tunnels to hide remote access activity inside normal looking cloud traffic. In these attacks, threat actors send phishing emails that link to a Dropbox hosted ZIP archive named to look like an invoice in German, luring users into opening what appears to be […] The post AsyncRAT Leveraging Cloudflare’s Free-Tier Services to Mask Malicious Activities and Detection appeared first on Cyber Security News .
The criminal organization specialized in business email compromise scams and generated billions of dollars in criminal proceeds annually from many small-scale operations, officials said. The post Spanish police disrupt Black Axe, arrest alleged leaders in action spanning four cities appeared first on CyberScoop .
The cybersecurity landscape is experiencing a major shift in how attackers operate. Threat actors have moved away from traditional hunting methods like phishing emails and cold outreach. Instead, they are now creating sophisticated traps designed to make high-value targets walk directly into their schemes. This new approach, called “inbound” social engineering, is currently focusing on […] The post Web3 Developer Environments Targeted by Social Engineering Campaign Leveraging Fake Interview Soft...
Authorities caught 34 members of the notorious Black Axe gang in Spain known for stealing millions of Euros through online romance scams and email fraud.
Open Source Intelligence (OSINT) has become a cornerstone of cybersecurity threat intelligence. In today’s digital landscape, organizations face a constant barrage of cyber threats, ranging from data breaches and phishing attacks to sophisticated nation-state operations. To stay ahead of these threats, cybersecurity teams must leverage every available resource, and OSINT provides a wealth of information […] The post Leveraging OSINT Tools for Enhanced Cybersecurity Threat Intelligence appeared f...
Cybercriminals are leveraging the recent arrest of Venezuelan President Nicolás Maduro to distribute sophisticated backdoor malware. The threat actors exploited news surrounding Maduro’s arrest on January 3, 2025, demonstrating how geopolitical events continue to serve as effective lures for malicious campaigns. The attack likely begins with a spear-phishing email containing a zip archive named “US […] The post Phishing Campaign Uses Maduro Arrest Story to Deliver Backdoor Malware appeared first...
North Korean government hackers are turning QR codes into credential-stealing weapons, the FBI has warned, as Pyongyang's spies find new ways to duck enterprise security and help themselves to cloud logins.…
Click rate misses the real email security risk: what attackers can do after they access a mailbox. Material Security explains why containment and post-compromise impact matter more than phishing metrics. [...]
The North Korean state-sponsored espionage group Kimsuky has targeted government organizations, think tanks, and academic institutions. The post FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes appeared first on SecurityWeek .
A new and sophisticated phishing campaign is targeting remote workers and IT administrators by impersonating the official Fortinet VPN download portal. This attack is particularly dangerous because it leverages search engine optimization (SEO) and, alarmingly, AI-generated search summaries to lure victims into a trap. The campaign utilizes a multi-stage redirect mechanism starting with trusted domains […] The post Fake Fortinet Sites Steal VPN Credentials in Sophisticated Phishing Attack appeare...
The Iran-linked MuddyWater Advanced Persistent Threat group has launched a sophisticated spear-phishing campaign targeting diplomatic, maritime, financial, and telecom sectors across the Middle East. The threat actors are using weaponized Word documents to deliver a new Rust-based malware called RustyWater, which represents a major change from their traditional PowerShell and VBS tooling. This upgraded implant […] The post MuddyWater APT Weaponizing Word Documents to Deliver ‘RustyWater’ Toolkit...
U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online. [...]
K-12 IT teams face intensifying pressure to deliver affordable cybersecurity, as attackers exploit schools as “soft targets” rich in sensitive student data. Beyond students’ skills tests, educators must counter ransomware, phishing, and breaches head-on. Explore the top 10 challenges in Cynet’s free guide, “Top 10 Cybersecurity Challenges Faced by K-12 Institutions.” Drawing from real-world successes […] The post How U.S K-12 Schools Can Solve Their Top 10 Cybersecurity Challenges – Free E-Book ...
A new phishing wave is abusing fake DocuSign notifications to drop stealthy malware on Windows systems. The emails copy real DocuSign branding and urge users to review a pending agreement, pushing them toward a link that claims to host the file. Once clicked, the chain shifts from browser to a multi‑stage loader built to dodge […] The post New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems appeared first on Cyber Security News .