Security Affairs

SEPTEMBER 21, 2024

A joint international law enforcement operation led by Europol dismantled a major phishing scheme targeting mobile users. Europol supported European and Latin American law enforcement agencies in dismantling an international criminal network that unlocks stolen or lost mobile phones using a phishing platform.

Phishing 337

Phishing Computer and Electronics Marketing Access 337

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users.

Phishing 360

Phishing File names Archiving Access 360

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The technique allows the installation of a phishing application from a third-party website without requiring the user to enable third-party app installations. ” reads the report published by ESET.

Phishing 337

Phishing IT Security Information Security 337

Security Affairs

JANUARY 22, 2024

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches.

Phishing 343

Phishing Education Cybersecurity Data breaches 343

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 360

Phishing Ransomware IT Access 360

Security Affairs

SEPTEMBER 17, 2024

US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. DoJ charged a Chinese national, Song Wu (39), who used spear-phishing emails to target employees of NASA, the U.S. Air Force, Navy, Army, and the FAA. Air Force, Navy, Army, and the FAA.” “According to U.S.

Phishing 339

Phishing Government Military Security 339

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT.

Phishing 343

Phishing Archiving Information Security IT 343

KnowBe4

MAY 12, 2025

KnowBe4 ThreatLabs has identified and analyzed a sophisticated cross-platform phishing campaign that utilizes Telegram as its primary exfiltration channel. The campaign uses a combination of security-themed phishing emails, branded phishing websites to harvest credentials, and Telegram bots to exfiltrate data.

Phishing 114

Phishing Security IT 114

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing 330

Phishing Passwords Authentication IT 330

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing 272

Phishing Artificial Intelligence Authentication Cloud 272

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Phishing 350

Phishing Government File names Access 350

Security Affairs

JUNE 4, 2024

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. “Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accounts.

Phishing 330

Phishing Authentication IT Information Security 330

Data Breach Today

JULY 25, 2024

Also: Russian DDoS Hacktivists; Verizon Settles With US FTC and Windows 10 This week, ICANN warned of phishing, BreachForums data was leaked, police arrested alleged pro-Russian hackers, the U.K shut down a DDoS booter site, the EU gave Meta a deadline, Russia decried U.S.

Phishing 303

Phishing Security 303

Security Affairs

APRIL 30, 2025

. “The analyses of the TTPs used during APT28 campaigns since 2021 and the recommendations published in October of 2023 remain relevant and may be consulted on the website of the CERT-FR” APT28’s attack chain begins with phishing and brute-force attacks, along with zero-day exploitation (e.g. CVE-2023-23397 ).

Military 292

Military Phishing Government Cybersecurity 292

Security Affairs

SEPTEMBER 24, 2024

The AI-generated malware was discovered in June 2024, the phishing message used an invoice-themed lure and an encrypted HTML attachment, utilizing HTML smuggling to avoid detection. ” Threat actors have been using generative AI to craft phishing lures, but its use in creating malicious code has been rare.

Artificial Intelligence 339

Artificial Intelligence Phishing Encryption IT 339

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. ” The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website.”

Phishing 288

Phishing Mining Authentication Communications 288

Data Breach Today

OCTOBER 3, 2024

Department of Justice and Microsoft seized more than 100 websites allegedly used by a Russian intelligence cyberespionage operation with a fondness for spear phishing. FSB Hackers Stripped of 107 Domains Used to Steal Credentials The U.S.

Phishing 305

Phishing Security 305

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing 324

Phishing Passwords Security IT 324

Collaboration 2.0

APRIL 2, 2025

Phishing scams are becoming brutally effective, and even technically sophisticated people can be fooled. Here's how to limit the damage immediately and what to do next.

Phishing 322

Phishing 322

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Phishing Reporting : Report phishing emails and other malicious cyber activities to relevant authorities like the FBI’s IC3 and the NJCCIC.

Phishing 337

Phishing Ransomware Security awareness Authentication 337

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. Korean and Chinese authorities dismantled a voice phishing syndicate that caused $1.1B in losses to 1,900+ victims. The operation led to 27 arrests and 19 indictments.

Phishing 324

Phishing Ransomware Access IT 324

Data Breach Today

JULY 22, 2024

Authorities Warn About Domains Targeting Victims Seeking to Restore Windows Devices Cybercriminals are exploiting the chaos created by the CrowdStrike outage by launching fake websites and phishing campaigns to trick victims into downloading malware or divulging sensitive information, according to the U.S.

Phishing 297

Phishing Cybersecurity Security 297

Data Breach Today

OCTOBER 9, 2024

Attackers Use ASCII Characters to Create Tough-to-Spot QR Codes, Barracuda Warns Attackers are moving beyond using QR code images added to phishing emails to trick victims into visiting malicious sites, and using ASCII "full block" characters to build working QR codes designed to evade optical character recognition defenses, warns cybersecurity firm (..)

Phishing 285

Phishing Cybersecurity 285

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. CERT-UA discovered multiple phishing attacks aimed at government organizations between December 15 and December 25.

Phishing 356

Phishing Computer and Electronics Communications Encryption 356

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S.

Phishing 335

Phishing Manufacturing Libraries IT 335

Collaboration 2.0

MARCH 4, 2025

Phishing isn't limited to your inbox anymore.

Phishing 322

Phishing IT 322

Security Affairs

JULY 30, 2024

The phishing emails include a malicious document which contains a plain text URL linking to a site controlled by the attacker. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, phishing)

Phishing 311

Phishing Military Access IT 311

The Last Watchdog

MARCH 24, 2025

24, 2025, CyberNewswire — Arsen , a leading cybersecurity company specializing in social engineering defense, today announced the full release of Conversational Phishing, a groundbreaking feature embedded in its phishing simulation platform. To learn more about Conversational Phishing, users can visit [link].

Phishing 130

Phishing Security awareness Cybersecurity Marketing 130

Security Affairs

AUGUST 3, 2024

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. The campaign began around March 2024, the attackers leveraged phishing tactics that have been effective against diplomats for years, exploiting themes that prompt targets to engage with malicious content.

Sales 342

Sales Phishing Military Archiving 342

Collaboration 2.0

APRIL 1, 2025

Phishing scams are getting brutally effective, and even technically sophisticated people can get fooled. Here's how to limit the damage right away, and what to do next.

Phishing 264

Phishing 264

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 87

Phishing Data breaches Education Risk 87

Data Breach Today

DECEMBER 23, 2024

Infrastructure Problems Blamed; Users Appear to Move to Similar FlowerStorm Service As the end of the year approaches, it's out with the old and in with the new as researchers report that Rockstar 2FA, which once facilitated prolific phishing-as-a-service hits, has crashed and burned, apparently leading many one-time users to move to rival FlowerStorm. (..)

Phishing 263

Phishing IT 263

The Last Watchdog

AUGUST 21, 2024

I recently learned all about the state-of-the art of phishing attacks – the hard way. We discussed just how targeted and contextualized advanced phishing attacks, like the one I experienced, can be. Foolishly, I did so all too quickly. For a full drill down, please give the accompanying podcast a listen.

Phishing 289

Phishing Security IT 289

Security Affairs

NOVEMBER 21, 2024

Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals. Hackers in their teens and 20s allegedly carried out phishing attacks via fake text messages to steal login credentials from employees of 12 companies and individuals.

Phishing 281

Phishing Access Passwords Ransomware 281

Krebs on Security

AUGUST 28, 2024

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. Image: WDIV Detroit on Youtube.

Phishing 313

Phishing IT 313

eSecurity Planet

OCTOBER 28, 2024

We’ll also look at increased phishing attacks, a couple of different Cisco flaws, and a Fortinet vulnerability that took some time to get its own CVE. Netskope Reports Increase in Webflow Phishing Pages Type of attack: Phishing and subsequent credential theft. webflow.io, which indicates a phishing site.

Phishing 102

Phishing Authentication Security IT 102

Collaboration 2.0

JANUARY 8, 2025

Phishing is a form of social engineering where attackers try to get you to reveal your sensitive information through malicious links, SMS, QR codes, and more. Here's how to protect yourself in Chrome and Firefox.

Phishing 260

Phishing 260