Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams users from opening URLs and quarantine some of their emails. [...]
Read OriginalBased on real-world insurance claims, Resilience’s midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI. The post Ransomware Losses Climb as AI Pushes Phishing to New Heights appeared first on SecurityWeek .
Read OriginalA sophisticated new cybercrime toolkit named SpamGPT is enabling hackers to launch massive and highly effective phishing campaigns by combining artificial intelligence with the capabilities of professional email marketing platforms. Marketed on the dark web as a “spam-as-a-service” platform, SpamGPT automates nearly every aspect of fraudulent email operations, significantly lowering the technical barrier for criminals. […] The post SpamGPT – AI-powered Attack Tool Used By Hackers For Massive Phi...
Read OriginalCrims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm account.…
Read OriginalIn what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. [...]
Read OriginalSecurity researchers first observed LunaLock in early September 2025, a sophisticated ransomware strain targeting independent illustrators and digital artists. Leveraging compromised credentials and social engineering, the group behind LunaLock has zeroed in on a niche marketplace—Artists & Clients—where freelance creators exchange custom commissions. Initial intrusion involved spear-phishing campaigns disguised as royalty notifications, enticing victims to […] The post LunaLock Ransomware Attac...
Read OriginalMostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity…
Read OriginalA massive data breach in early September 2025 attributed to a cyber actor known simply as “Kim” laid bare an unprecedented view into the operational playbook of Kimsuky (APT43). The leak, comprising terminal history files, phishing domains, OCR workflows, compiled stagers, and a full Linux rootkit, revealed a credential-centric campaign that targeted South Korean government […] The post Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure appeared first on Cyber...
Read OriginalA sophisticated cybercriminal campaign has emerged, exploiting Amazon’s Simple Email Service (SES) to orchestrate large-scale phishing operations capable of delivering over 50,000 malicious emails daily. The attack represents a significant evolution in cloud service abuse, transforming AWS’s legitimate bulk email platform into a weapon for credential theft and financial fraud. The campaign begins with compromised […] The post Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Maliciou...
Read OriginalU.S. federal authorities have launched an investigation into a sophisticated malware campaign that targeted sensitive trade negotiations between Washington and Beijing. The attack, which surfaced in July 2025, involved fraudulent emails purportedly sent by Representative John Moolenaar, chairman of the House Select Committee on Strategic Competition between the United States and Chinese Communist Party. The […] The post U.S. Authorities Investigating Malicious Email Targeting Trade Talks with Ch...
Read OriginaliCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes. [...]
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing I only just realised, as I prepared this accompanying blog post, that I didn't talk about one of the points in the overview: food. One of my fondest memories as a child living in Singapore and now as an adult visiting there is the food. It's
Read OriginalVirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware. [...]
Read OriginalThe chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed's messages are getting b...
Read OriginalCybercriminals are increasingly exploiting the trust organizations place in artificial intelligence platforms to conduct sophisticated phishing attacks, according to a new report from cybersecurity firm Cato Networks. The company’s Managed Detection and Response (MDR) service recently uncovered a campaign where threat actors leveraged Simplified AI, a popular marketing platform, to steal Microsoft 365 credentials from […] The post Hackers Use AI Platforms to Steal Microsoft 365 Credentials in Ph...
Read Original