Cybercriminals are deploying increasingly sophisticated methods to bypass security systems, with the latest threat emerging from the advanced Tycoon phishing-as-a-service kit. This malicious platform has introduced novel techniques designed to obscure dangerous links, making them nearly invisible to traditional detection systems while maintaining their effectiveness against unsuspecting victims. The Tycoon phishing kit represents a significant […] The post Tycoon Phishing Kit Employs New Techniq...
A sophisticated threat actor known as NoisyBear has emerged as a significant concern for Kazakhstan’s energy sector, employing advanced tactics to infiltrate critical infrastructure through weaponized ZIP files and PowerShell-based attack chains. This newly identified group has been orchestrating targeted campaigns against KazMunaiGas (KMG), the country’s national oil and gas company, using highly crafted phishing […] The post NoisyBear Weaponizing ZIP Files to PowerShell Loaders and Exfiltrate ...
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. [...]
Wilmington, United States, September4th, 2025, CyberNewsWire: Veteran email security leader to expand MSP and VAR partnerships and accelerate DMARC adoption. Sendmarc today announced the appointment of Rob Bowker as North American Region Lead. Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-Added Reseller (VAR) […] The post Sendmarc appoints Rob Bowker as North American Region Lead appeared first on C...
A sophisticated phishing campaign targeting PayPal’s massive user base has emerged, utilizing deceptive “Set up your account profile” emails to compromise user accounts through an ingenious secondary user addition scheme. The attack leverages advanced email spoofing techniques and psychological manipulation tactics to bypass traditional security awareness measures, representing a significant evolution in financial fraud methodologies. […] The post Threat Actors Attack PayPal Users in New Account...
Emerging quietly in mid-2025, the XWorm backdoor has evolved into a deceptively sophisticated threat that preys on both user confidence and system conventions. Initial reports surfaced when organizations noted a sudden uptick in obscure .lnk-based phishing emails masquerading as benign documents. Security teams quickly observed that these shortcuts triggered hidden PowerShell routines rather than opening […] The post XWorm Malware With New Infection Chain Evade Detection Exploiting User and Syst...
A sophisticated phishing operation has been running undetected for over three years across Google Cloud and Cloudflare infrastructure, impersonating major corporations including defense contractor Lockheed Martin. The campaign, which utilized advanced cloaking techniques and compromised expired domains, demonstrates a concerning failure in detection capabilities by two of the internet’s largest service providers. The operation began […] The post Phishing Campaign Went Undetected for Over 3 Years...
Phishing has moved far beyond suspicious links. Today, attackers hide inside the files employees trust most; PDFs. On the surface, they look like invoices, contracts, or reports. But once opened, these documents can trigger hidden scripts, redirect to fake login pages, or quietly steal credentials. The danger lies in how convincing they are. PDFs often […] The post Attackers Are Abusing Malicious PDFs: Here’s How to Spot Them Early appeared first on Cyber Security News .
Source: Schneier on SecurityPublished:
2025-09-03 11:00
Summary enhanced with Google Gemini
Matched on:phishing
Really good research on practical attacks against LLM agents. “ Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous ” Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware—maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of these applications. While prior research warned about a potential shift in the threat landscape for ...
A sophisticated spear-phishing campaign has emerged targeting senior executives and C-suite personnel across multiple industries, leveraging Microsoft OneDrive as the primary attack vector. The campaign utilizes carefully crafted emails masquerading as internal HR communications about salary amendments to trick high-profile targets into surrendering their corporate credentials. This latest threat represents a concerning escalation in social […] The post New Phishing Attack Via OneDrive Attacking...
A sophisticated spear-phishing campaign orchestrated by Iranian-aligned operators has been identified targeting diplomatic missions worldwide through a compromised Ministry of Foreign Affairs of Oman mailbox. The attack, discovered in August 2025, represents a continuation of tactics associated with the Homeland Justice group connected to Iran’s Ministry of Intelligence and Security (MOIS). The campaign leveraged social […] The post Iran-Nexus Hackers Abuses Omani Mailbox to Target Global Govern...
The transaction is valued up to $150 million, including performance-based retention awards, a Varonis spokesperson told SecurityWeek. The post Varonis Acquires Email Security Firm SlashNext appeared first on SecurityWeek .
An independent testing firm found that SlashNext’s product has a 100% detection rate for business email compromise and QR code attacks. The post Varonis buys AI email security firm SlashNext appeared first on CyberScoop .
A novel phishing campaign emerged in late August 2025 that specifically targeted hoteliers and vacation rental managers through malicious search engine advertisements. Rather than relying on mass email blasts or social media lures, attackers purchased sponsored ads on platforms such as Google Search, typosquatting legitimate service providers’ names to redirect unsuspecting users. By mimicking brands […] The post New Large-Scale Phishing Attacks Targets Hotelier Via Ads to Gain Access to Propert...