While the aviation industry has borne the brunt of Scattered Spider's latest round of social engineering attacks, the criminals aim to catch manufacturing and medical tech companies — and even Chipotle Mexican Grill — in tjeor web, as evidenced by hundreds of domains that security researchers say look a lot like phishing websites used by the criminal crews.…
Read OriginalA previously undocumented spyware called 'Batavia' has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. [...]
Read OriginalA rise in advanced phishing kits and info-stealing malware are to blame for a 156 percent jump in cyberattacks targeting user logins, say researchers.…
Read OriginalCybersecurity experts are reporting a 19x increase in malicious campaigns being launched from .es domains, making it the third most common, behind only .com and .ru.…
Read OriginalA sophisticated phishing campaign targeting UK citizens has emerged, masquerading as official communications from the Department for Work and Pensions (DWP) to steal sensitive financial information. The campaign, which has been active since late May 2025, represents a significant escalation in social engineering attacks against British residents, exploiting concerns about government benefits and seasonal allowances. […] The post New Phishing Attack Impersonates as DWP Attacking Users to Steal Cr...
Read OriginalSilent Push exposes thousands of fake e-commerce websites spoofing major brands like Apple and Michael Kors. Learn how this Chinese phishing scam targets shoppers and steals financial data, impacting global consumers.
Read OriginalThe .COM top-level domain continues to dominate the cybercriminal landscape as the primary vehicle for hosting credential phishing websites, maintaining its position as the most extensively abused TLD by threat actors worldwide. Recent intelligence indicates that malicious actors leverage the trusted reputation and widespread recognition of .COM domains to deceive victims into surrendering sensitive login […] The post Threat Actors Widely Abuse .COM TLD to Host Credential Phishing Website appear...
Read OriginalThe popular artificial intelligence tools, including GPT models and Perplexity AI, are inadvertently directing users to phishing websites instead of legitimate login pages. The study found that when users ask these AI systems for official website URLs, over one-third of the responses point to domains not controlled by the intended brands, creating unprecedented security vulnerabilities […] The post AI Tools Like GPT Direct Users to Phishing Sites Instead of Legitimate Ones appeared first on Cybe...
Read OriginalCybercriminals have significantly escalated their use of PDF attachments as attack vectors, leveraging the trusted document format to impersonate major brands including Microsoft, DocuSign, Dropbox, PayPal, and Adobe in sophisticated phishing campaigns. These attacks exploit the widespread trust users place in PDF documents, transforming what should be secure file sharing into a gateway for credential […] The post Threat Actors Weaponize PDFs to Impersonate Microsoft, DocuSign, Dropbox and More ...
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing I always used to joke that when people used Have I Been Pwned (HIBP), we effectively said "Oh no - you've been pwned! Uh, good luck!" and left it at that. That was fine when it was a pet project used by people who live in
Read OriginalBlind Eagle hackers linked to Russian host Proton66 to target banks in Latin America using phishing and RATs. Trustwave urges stronger security.
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my "to-do" list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time
Read OriginalA sophisticated phishing campaign leveraging the Snake Keylogger malware has emerged, exploiting legitimate Java debugging utilities to bypass security mechanisms and target organizations worldwide. The Russian-originated .NET malware, distributed through a Malware as a Service (MaaS) model, represents a significant evolution in cybercriminal tactics by abusing trusted system components that typically evade detection. The campaign […] The post Snake Keyloggers Abuse Java Utilities to Evade Secur...
Read OriginalMicrosoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. [...]
Read OriginalCybercriminals use malicious AI models to write malware and phishing scams Cisco Talos warns of rising threats from uncensored and custom AI tools.
Read Original