phishing

Fake Booking.com emails and BSODs used to infect hospitality staff

Don't miss, Europe, hospitality industry, Hot stuff, Malware, News, phishing, Remote Access Trojan, Securonix, social engineering /

Fake Booking.com emails and BSODs used to infect hospitality staff 2026-01-07 at 13:06 By Zeljka Zorz Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The malware delivery campaign starts with phishing emails that feature room charge details in euros, […]

Fake Booking.com emails and BSODs used to infect hospitality staff Read More »

RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure

phishing, scam, social engineering, Tech Scam /

RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure 2025-12-23 at 17:22 By rohansinhacyblecom Following our earlier reporting on RTO-themed threats, CRIL observed a renewed phishing wave abusing the e-Challan ecosystem to conduct financial fraud. Unlike earlier Android malware-driven campaigns, this activity relies entirely on browser-based phishing, significantly lowering the

RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure Read More »

Feds Seize Password Database Used in Massive Bank Account Takeover Scheme

cybercrime, law enforcement, password, phishing, seized, Tracking & Law Enforcement /

Feds Seize Password Database Used in Massive Bank Account Takeover Scheme 2025-12-23 at 14:46 By Eduard Kovacs The cybercriminals attempted to steal $28 million from compromised bank accounts through phishing. The post Feds Seize Password Database Used in Massive Bank Account Takeover Scheme appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Feds Seize Password Database Used in Massive Bank Account Takeover Scheme Read More »

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns

cyberattack, exploit, Malware, phishing, Remote Access Trojan, social engineering, trojan, vulnerability /

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns 2025-12-19 at 14:43 By rohansinhacyblecom Executive Summary CRIL (Cyble Research and Intelligence Labs) has been tracking a sophisticated commodity loader utilized by multiple high-capability threat actors. The campaign demonstrates a high degree of regional and sectoral specificity, primarily targeting Manufacturing and Government organizations across

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns Read More »

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring

BEC scams, cybersecurity, Don't miss, Email, Expert analysis, Expert corner, Fortra, News, opinion, phishing /

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring 2025-12-18 at 16:12 By Help Net Security Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring Read More »

Microsoft 365 users targeted in device code phishing attacks

Don't miss, enterprise, Microsoft 365, News, phishing, Proofpoint, tips /

Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when

Microsoft 365 users targeted in device code phishing attacks Read More »

AI might be the answer for better phishing resilience

Artificial Intelligence, cybersecurity, LLMs, News, phishing, research /

AI might be the answer for better phishing resilience 2025-12-16 at 08:44 By Sinisa Markovic Phishing is still a go-to tactic for attackers, which is why even small gains in user training are worth noticing. A recent research project from the University of Bari looked at whether LLMs can produce training that helps people spot

AI might be the answer for better phishing resilience Read More »

New “HashJack” attack can hijack AI browsers and assistants

AI, browser, Chrome, Comet, data theft, Don't miss, Edge, Google, Hot stuff, Microsoft, News, Perplexity, phishing /

New “HashJack” attack can hijack AI browsers and assistants 2025-11-26 at 14:18 By Zeljka Zorz Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the

New “HashJack” attack can hijack AI browsers and assistants Read More »

Small language models step into the fight against phishing sites

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, phishing, research /

Small language models step into the fight against phishing sites 2025-11-26 at 08:31 By Sinisa Markovic Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range

Small language models step into the fight against phishing sites Read More »

AI Is Supercharging Phishing: Here’s How to Fight Back

AI, Identity & Access, phishing /

AI Is Supercharging Phishing: Here’s How to Fight Back 2025-11-19 at 14:19 By Torsten George AI has given cybercriminals the ability to operate like Fortune‑500‑scale marketing departments—except their product is account takeover, data theft, and identity fraud. The post AI Is Supercharging Phishing: Here’s How to Fight Back appeared first on SecurityWeek. This article is

AI Is Supercharging Phishing: Here’s How to Fight Back Read More »

Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit  

China, disrupted, Featured, Google, phishing, smishing, Smishing Triad, takedown /

Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit   2025-11-14 at 10:30 By Eduard Kovacs The cybercriminals informed customers that their cloud server was shut down due to complaints. The post Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit   appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit   Read More »

Fake spam filter alerts are hitting inboxes

Don't miss, Hot stuff, Malwarebytes, News, Palo Alto Networks, phishing /

Fake spam filter alerts are hitting inboxes 2025-11-13 at 19:02 By Zeljka Zorz A new phishing campaign is attempting to trick users into believing they’ve missed important emails, security researchers are warning. The emails The bogus email alerts look like they are coming from the recipient’s email domain, and falsely claim that due to a

Fake spam filter alerts are hitting inboxes Read More »

Google Sues Chinese Cybercriminals Behind ‘Lighthouse’ Phishing Kit

China, Featured, Google, lawsuit, Lighthouse, phishing, smishing, Smishing Triad /

Google Sues Chinese Cybercriminals Behind ‘Lighthouse’ Phishing Kit 2025-11-12 at 15:02 By Eduard Kovacs Google is targeting the threat group known as Smishing Triad, which used over 194,000 malicious domains in a campaign.  The post Google Sues Chinese Cybercriminals Behind ‘Lighthouse’ Phishing Kit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Google Sues Chinese Cybercriminals Behind ‘Lighthouse’ Phishing Kit Read More »

What keeps phishing training from fading over time

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, phishing, research, security awareness, strategy, tips, training /

What keeps phishing training from fading over time 2025-11-07 at 13:28 By Mirko Zorz When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half as likely to

What keeps phishing training from fading over time Read More »

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains

China, phishing, smishing, Smishing Triad /

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains 2025-10-27 at 16:57 By Ionut Arghire The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers. The post Massive China-Linked Smishing Campaign Leveraged 194,000 Domains appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains Read More »

Researchers expose large-scale YouTube malware distribution network

Check Point, Don't miss, Hot stuff, Malware, News, phishing, Youtube /

Researchers expose large-scale YouTube malware distribution network 2025-10-23 at 17:37 By Zeljka Zorz Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the “YouTube Ghost Network.” The network published more than 3,000 videos across compromised or fake channels, luring viewers with game cheats, cracked

Researchers expose large-scale YouTube malware distribution network Read More »

Malicious Code on Unity Website Skims Information From Hundreds of Customers

data breach, phishing, skimming, Unity /

Malicious Code on Unity Website Skims Information From Hundreds of Customers 2025-10-13 at 18:46 By Eduard Kovacs The video game software development company says the incident impacted users of its SpeedTree website. The post Malicious Code on Unity Website Skims Information From Hundreds of Customers appeared first on SecurityWeek. This article is an excerpt from

Malicious Code on Unity Website Skims Information From Hundreds of Customers Read More »

NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms

Beamglea, NPM, phishing /

NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms 2025-10-13 at 16:03 By Ionut Arghire Threat actors used automation to create over 175 malicious NPM packages targeting more than 135 organizations. The post NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms appeared first on SecurityWeek. This article is

NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms Read More »

Researchers uncover ClickFix-themed phishing kit

Don't miss, Hot stuff, News, Palo Alto Networks, phishing, social engineering /

Researchers uncover ClickFix-themed phishing kit 2025-10-08 at 16:26 By Zeljka Zorz Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique. “This tool allows threat actors to create highly customizable phishing

Researchers uncover ClickFix-themed phishing kit Read More »

Scroll to Top