Security News

Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish
2025-03-25 12:28

16,000 stolen records pertain to former and active mail subscribers Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.…

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
2025-02-15 00:02

Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams...

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish
2024-12-19 05:30

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive,...

Black Basta operators phish employees via Microsoft Teams
2024-10-28 16:36

Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS...

Iran named as source of Trump campaign phish, leaks
2024-08-20 06:29

US authorities have named Iran as the likely source of a recent attack on the campaign of the US Republican Party's presidential nominee, Donald Trump. One of those efforts, the statement asserts, resulted in compromise of the Trump campaign and subsequent leaking of documents.

Trump campaign cites Iran election phish claim as evidence leaked docs were stolen
2024-08-12 05:34

Former US president Donald Trump's re-election campaign has claimed it's been the victim of a cyber attack. The claim was made after US outlet Politico reported an anonymous email account sent it a dossier of information sourced from within the campaign operation, but the entity who sent the docs declined to explain how they came by the info.

Free Piano phish targets American university students, staff
2024-05-29 18:14

A large-scale phishing campaign is using an unusual lure to earn at least $900,000 by tricking email recipients into believing they're about to receive a baby grand piano for free. The campaign, discovered by email security firm Proofpoint, was launched in January 2024 and has distributed over 125,000 emails, mainly targeting North American university students and faculty.

Hackers phish finance orgs using trojanized Minesweeper clone
2024-05-26 14:16

Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. Ukraine's CSIRT-NBU and CERT-UA attribute the attacks to a threat actor tracked as 'UAC-0188,' who is using the legitimate code to hide Python scripts that download and install the SuperOps RMM. Superops RMM is a legitimate remote management software that gives remote actors direct access to the compromised systems.

Fraudsters abused Apple Stores' third-party pickup policy to phish for profits
2024-04-18 16:00

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack
2024-04-17 00:06

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.