Security News

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest...

Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse...

A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their...

Needless to say, it backfired in a big way University of California Santa Cruz (UCSC) students may be relieved to hear that an emailed warning about a staff member infected with the Ebola virus...

The Computer Emergency Response Team of Ukraine has warned of new phishing attacks that aim to infect devices with malware. The ZIP file contains a Microsoft Compiled HTML Help file that embeds JavaScript code responsible for launching an obfuscated PowerShell script.

ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users. The phishing websites targeting iOS instruct victims to add a Progressive Web Application to their home screens, while on Android, the PWA is installed after confirming custom pop-ups in the browser.

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin...

A file-sharing phishing attack is a unique type of phishing threat in which a cybercriminal poses as a known colleague or familiar file-hosting or e-signature solution and sends a target a malicious email containing a link to what appears to be a shared file or document. File-sharing phishing attacks would be a pressing issue regardless of volume, as one single successful attack can have costly consequences.

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send...

Google has joined Microsoft in publishing intel on Iranian cyber influence activity following a recent uptick in attacks that led to data being leaked from the Trump re-election campaign. APT42 is largely relying on what Google's TAG calls "Cluster C" phishing activity - distinguished methods that have been in use since 2022, characterized by attempts to impersonate NGOs and "Mailer Daemon."