#fraudscam
#fraudscam

Careers

He Was Laid Off, Posted on LinkedIn - Then Scammers Started Impersonating Real Recruiters to Target Him

Privacy professionals

Crook claims to leak 'video surveillance footage' of firms

Information security

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

2026's Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones Vulnerable

2026 has seen significant cyber threats, including a major FBI hack and the discovery of the DarkSword iPhone exploit framework.

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

Careers

fromEntrepreneur

He Was Laid Off, Posted on LinkedIn - Then Scammers Started Impersonating Real Recruiters to Target Him

Cybercriminals are impersonating recruiters on LinkedIn to exploit job seekers, especially those recently laid off.

Crook claims to leak 'video surveillance footage' of firms

Be Prime confirmed a cybersecurity incident involving alleged access to its surveillance footage and client data by a criminal hacker.

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

A new Android malware called NGate abuses the HandyPay app to conduct NFC relay attacks and steal payment card information.

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

2026's Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones Vulnerable

2026 has seen significant cyber threats, including a major FBI hack and the discovery of the DarkSword iPhone exploit framework.

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

Healthcare

fromNextgov.com

4 hours ago

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

A ransomware negotiator pleaded guilty to aiding BlackCat ransomware attacks against U.S. companies in 2023.

Information security

Third US Security Expert Admits Helping Ransomware Gang

4 hours ago

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

Healthcare

fromNextgov.com

4 hours ago

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

A ransomware negotiator pleaded guilty to aiding BlackCat ransomware attacks against U.S. companies in 2023.

Information security

Third US Security Expert Admits Helping Ransomware Gang

more#ransomware

fromCointelegraph

11 hours ago

Fake Police Raid Scam Forces Victim to Send $1M in Bitcoin

The French case illustrates how attackers used a fake police raid and violence to force a Bitcoin transfer worth $1 million, bypassing encryption entirely by compelling the victim to authorize the transaction.

Cryptocurrency

Fundraising

fromIndependent

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.

Venture

59 minutes ago

Bitwise CEOs admitted to stealing millions. Their scheme is still unraveling.

CEOs of Bitwise Industries admitted to stealing over $100 million, with an associate facing 20 years for conspiracy to commit wire fraud.

fromTechzine Global

8 hours ago

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

fromwww.cbc.ca

Anthropic's latest AI model is sparking fears from cybersecurity experts and the banking sector. Here's why. | CBC News

Mythos, Anthropic's advanced AI model, poses cybersecurity risks by uncovering vulnerabilities faster than they can be fixed.

Fraudsters use AI to try and swindle $2,800 from missing dog's family

Fraudsters used AI to create fake emergency surgery images to scam a family out of $2,800 for their missing dog.

Canada news

fromwww.cbc.ca

7 charged in scheme that used AI tools to defraud Toronto-area stores: police | CBC News

Seven people have been charged in a fraud investigation involving AI tools used to steal login information from retail employees in Toronto.

NYC startup

fromwww.amny.com

6 days ago

Man stole thousands from delivery workers to invest in bogus delivery app | amNewYork

Mauricio Sevilla pleaded guilty to defrauding food delivery workers out of $7,500 in a fake investment scheme for a non-existent app.

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect defrauded Americans of $8 million through a fraudulent payment processing scheme over four years.

Pets

fromMail Online

Fraudsters use AI to try and swindle $2,800 from missing dog's family

Fraudsters used AI to create fake emergency surgery images to scam a family out of $2,800 for their missing dog.

Canada news

fromwww.cbc.ca

7 charged in scheme that used AI tools to defraud Toronto-area stores: police | CBC News

Seven people have been charged in a fraud investigation involving AI tools used to steal login information from retail employees in Toronto.

NYC startup

fromwww.amny.com

6 days ago

Man stole thousands from delivery workers to invest in bogus delivery app | amNewYork

Mauricio Sevilla pleaded guilty to defrauding food delivery workers out of $7,500 in a fake investment scheme for a non-existent app.

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect defrauded Americans of $8 million through a fraudulent payment processing scheme over four years.

more#fraud

fromwww.bbc.com

7 hours ago

Ex-parliamentary employee arrested under anti-hacking law

We are aware of the arrest of an individual under the Computer Misuse Act 1990, but as this is a live police investigation we are unable to comment further.

EU data protection

Careers

fromwww.theguardian.com

14 hours ago

AI job scams are booming and I was fooled by one. Here is how to avoid them

A seemingly perfect job opportunity turned out to be a scam, revealing red flags throughout the recruitment process.

CEO of AI $1.5 Billion Startup Accused of Massive Fraud by Justice Department

iLearning Engines allegedly faked customer relationships and revenues, leading to significant fraud charges against its CEO and CFO.

fromFast Company

2 weeks ago

It's way too easy to cheat now

Generative AI enables undetectable scams, including fake X-rays that deceive even experienced radiologists.

NYC startup

fromFuturism

22 hours ago

CEO of AI $1.5 Billion Startup Accused of Massive Fraud by Justice Department

iLearning Engines allegedly faked customer relationships and revenues, leading to significant fraud charges against its CEO and CFO.

fromFast Company

2 weeks ago

It's way too easy to cheat now

Generative AI enables undetectable scams, including fake X-rays that deceive even experienced radiologists.

Fraudsters Staged Fake Bear Attacks on Luxury Cars Wearing a Costume. They Bilked Insurers Out of $141K - Until a Wildlife Expert Watched the Videos.

Three individuals were sentenced for staging a bear damage insurance scam involving luxury cars.

fromInsideHook

Chicago Bears

Auto Insurance Scam Involved Fake Bear Attacks

California

fromFortune

A bizarre insurance scam was exposed as 'clearly a human in a bear suit' damaging luxury cars | Fortune

Three individuals in California staged insurance fraud using a bear costume to claim damages on luxury cars, seeking nearly $142,000 in payouts.

Bear costume used in 'unbelievable' SoCal insurance fraud scam

Multiple individuals in Glendale were sentenced for a bizarre insurance fraud case involving a bear costume and luxury cars.

California

fromEntrepreneur

Fraudsters Staged Fake Bear Attacks on Luxury Cars Wearing a Costume. They Bilked Insurers Out of $141K - Until a Wildlife Expert Watched the Videos.

Three individuals were sentenced for staging a bear damage insurance scam involving luxury cars.

fromInsideHook

Chicago Bears

Auto Insurance Scam Involved Fake Bear Attacks

California

fromFortune

A bizarre insurance scam was exposed as 'clearly a human in a bear suit' damaging luxury cars | Fortune

Three individuals in California staged insurance fraud using a bear costume to claim damages on luxury cars, seeking nearly $142,000 in payouts.

Bear costume used in 'unbelievable' SoCal insurance fraud scam

Multiple individuals in Glendale were sentenced for a bizarre insurance fraud case involving a bear costume and luxury cars.

more#insurance-fraud

DevOps

fromwww.bankingdive.com

How proactive DEX strengthens IT compliance in financial services

Proactive DEX management helps financial services organizations address compliance challenges by continuously monitoring and improving the digital workplace.

fromwww.housingwire.com

Disconnected systems fueling title, wire fraud risks

Disconnected systems, inconsistent definitions of data, and the manual nature of data movement create ongoing challenges in the title industry, according to FundingShield President Adam Chaudhary.

Real estate

Poker

Another DraftKings Hacker Sentenced to Prison

Kamerin Stokes was sentenced to 30 months in prison for a credential stuffing attack on DraftKings, involving 60,000 compromised accounts.

Marketing tech

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

UK news

fromIndependent

fromNews 12 - Long Island

Accountant who stole almost 30,000 from the golf club she worked for jailed

An accountant received a partially suspended three-year prison sentence for stealing nearly €30,000 from a golf club.

#scam

Brooklyn

Scammer impersonating NYPD employee steals thousands from 92-year-old woman

A scammer stole $8,000 from a 92-year-old woman in Brooklyn by posing as a police officer.

Apple

fromMail Online

fromNews 12 - Long Island

Warning to all iPhone users over new scam draining bank accounts

iPhone users are warned about a scam involving fake Apple Pay alerts that drain bank accounts.

Brooklyn

Scammer impersonating NYPD employee steals thousands from 92-year-old woman

A scammer stole $8,000 from a 92-year-old woman in Brooklyn by posing as a police officer.

Apple

fromMail Online

Warning to all iPhone users over new scam draining bank accounts

iPhone users are warned about a scam involving fake Apple Pay alerts that drain bank accounts.

France reports over 40 cryptocurrency kidnappings so far this year

France has experienced over 40 kidnappings linked to cryptocurrencies since January, targeting wealthy individuals and their families.

Cryptocurrency

8 hours ago

$290 Million Kelp DAO Crypto Heist Blamed on North Korea

North Korea-linked Lazarus Group executed a $290 million cryptocurrency heist from Kelp DAO using sophisticated attack methods.

Cryptocurrency

North Korea hackers blamed for $290M crypto theft | TechCrunch

Cryptocurrency

Russia-friendly exchange says "western special service" behind $15 million cyberattack

France news

fromThe Local France

France reports over 40 cryptocurrency kidnappings so far this year

France has experienced over 40 kidnappings linked to cryptocurrencies since January, targeting wealthy individuals and their families.

Cryptocurrency

8 hours ago

$290 Million Kelp DAO Crypto Heist Blamed on North Korea

North Korea-linked Lazarus Group executed a $290 million cryptocurrency heist from Kelp DAO using sophisticated attack methods.

Cryptocurrency

North Korea hackers blamed for $290M crypto theft | TechCrunch

Cryptocurrency

Russia-friendly exchange says "western special service" behind $15 million cyberattack

Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme | TechCrunch

Two U.S. citizens were sentenced for aiding North Korea in placing remote IT workers in American companies, netting $5 million.

fromComputerWeekly.com

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

US news

Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme | TechCrunch

Two U.S. citizens were sentenced for aiding North Korea in placing remote IT workers in American companies, netting $5 million.

fromComputerWeekly.com

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

Lazarus Group Suspected of Moving $175M in ETH After Arbitrum Freezes $71M From KelpDAO Exploit

Lazarus Group drained 116,500 rsETH from KelpDAO, with significant funds frozen and laundered through various protocols.

fromWIRED

Meta Is Sued Over Scam Ads on Facebook and Instagram

Consumer Federation of America sues Meta for allowing fraudulent ads on its platforms, violating DC consumer protection laws.

#data-breach

7 hours ago

Healthcare

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

19 hours ago

Privacy professionals

Lovable denies data leak, cites 'intentional behavior'

Privacy professionals

Clothing Retailer Patches Website Flaw Exposing Customer Data

18 hours ago

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

PayPal Data Breach Led to Fraudulent Transactions

A PPWC loan application code error exposed a small number of customers' personal data for months, enabling fraudulent transactions that were later refunded.

Healthcare

7 hours ago

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Three US healthcare organizations reported data breaches affecting nearly 600,000 individuals, with significant incidents in Texas and Illinois.

19 hours ago

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

18 hours ago

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

Information security

PayPal Data Breach Led to Fraudulent Transactions

more#data-breach

#ai-security

23 hours ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

23 hours ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

fromwww.housingwire.com

Fidelity National Financial appeals ruling upholding FinCEN AML rule

The rule requires title firms to report specific details on all-cash home purchase transactions, including names, addresses, dates of birth, citizenship status, and ID numbers of all people involved, including minors.

Law

#hacking

British Scattered Spider Hacker Pleads Guilty in the US

Tyler Robert Buchanan pleaded guilty to conspiracy for hacking and stealing over $8 million in cryptocurrency from multiple companies.

Man who hacked US Supreme Court filing system sentenced to probation | TechCrunch

Nicholas Moore was sentenced to a year of probation for hacking the U.S. Supreme Court and other government systems.

British Scattered Spider Hacker Pleads Guilty in the US

Tyler Robert Buchanan pleaded guilty to conspiracy for hacking and stealing over $8 million in cryptocurrency from multiple companies.

Man who hacked US Supreme Court filing system sentenced to probation | TechCrunch

Nicholas Moore was sentenced to a year of probation for hacking the U.S. Supreme Court and other government systems.

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

Operation PowerOFF disrupted DDoS-for-hire services, taking down 53 domains and arresting four individuals linked to over 75,000 cybercriminals.

EU data protection

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

fromStreetsblog Empire State

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

Operation PowerOFF disrupted DDoS-for-hire services, taking down 53 domains and arresting four individuals linked to over 75,000 cybercriminals.

more#ddos

Talk About Insurance Fraud! Big Tech Floods Pols' In-Boxes With Fake Emails In Support Of Hochul's Car Premium Ploy - Streetsblog Empire State

Several state lawmakers have reported receiving hundreds of form emails generated by Citizens For Affordable Rates, an organization funded by Uber, supporting Gov. Hochul's auto insurance proposal. One email was sent from Leslie Jenkins, who died in 2015, raising questions about the legitimacy of these communications.

California

9 hours ago

Adaptavist Group breach: Ransomware crew claims mega-haul

Adaptavist Group is investigating a security breach involving stolen credentials, while a ransomware group claims to have accessed extensive data.

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

#cybercrime

US gets second Scattered Spider-linked guilty plea

A Scottish man pleaded guilty to a phishing and SIM-swap scheme, stealing over $8 million in cryptocurrency.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing

Cybercriminals are using QR codes in traffic-violation scams to deceive victims into providing sensitive information.

US gets second Scattered Spider-linked guilty plea

A Scottish man pleaded guilty to a phishing and SIM-swap scheme, stealing over $8 million in cryptocurrency.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing

Cybercriminals are using QR codes in traffic-violation scams to deceive victims into providing sensitive information.

Urgent warning to all 1.8b Gmail users over new account takeover scam

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit, preventing over $20 million in fraud.

3 weeks ago

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit, preventing over $20 million in fraud.

3 weeks ago

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

How a 'Wrong Number' Message Turned Into a $3.4M Crypto Scam

This $3.4 million scam illustrates the rise of social engineering in crypto fraud, focusing on emotional manipulation over technical exploits.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

more#malware

#phishing-as-a-service

Privacy technologies

Tycoon 2FA Phishing Platform Dismantled in Global Takedown

Europol and Microsoft led a coordinated takedown of Tycoon 2FA, a phishing-as-a-service platform responsible for 62% of phishing attempts blocked by Microsoft and affecting 96,000 victims worldwide.

fromTechzine Global

Information security

How phishing service Tycoon 2FA went under

Privacy technologies

Tycoon 2FA Phishing Platform Dismantled in Global Takedown

Europol and Microsoft led a coordinated takedown of Tycoon 2FA, a phishing-as-a-service platform responsible for 62% of phishing attempts blocked by Microsoft and affecting 96,000 victims worldwide.

fromTechzine Global

more#phishing-as-a-service

Information security

How phishing service Tycoon 2FA went under

#social-engineering

fromSilicon Canals

Psychology

I'm a retired Boomer and I just watched my smartest friend lose everything to a scam-here are 9 ways they got to him that could get to anyone - Silicon Canals

Sophisticated scammers exploit intelligence, ego, and personalization to deceive even highly experienced professionals.

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

fromSilicon Canals

Psychology

I'm a retired Boomer and I just watched my smartest friend lose everything to a scam-here are 9 ways they got to him that could get to anyone - Silicon Canals

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

more#social-engineering

E-Commerce

fromPractical Ecommerce

The Fraud Hiding in Email Signups

Fake but valid email accounts enable card testing and coupon abuse, causing chargebacks, revenue and inventory loss, and jeopardizing merchant payment relationships.

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

The FBI dismantled a global phishing operation, W3LL, targeting over 17,000 victims and facilitating over $20 million in fraud.

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."

Information security

2 weeks ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

3 weeks ago

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Turns out most cybercriminals are old enough to know better

Middle-aged adults aged 35-44 comprise 37% of cybercrime arrests, with 25-44 year-olds accounting for nearly 60% of cases, contradicting the teenage hacker stereotype.

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

Targeted Phishing Attack Breaches Biotech Company Data

Intuitive Surgical suffered a phishing attack compromising employee credentials, exposing customer and corporate data, though operational systems and customer networks remained unaffected due to network segmentation.

Security Firm Executive Targeted in Sophisticated Phishing Attack

Targeted Phishing Attack Breaches Biotech Company Data

more#phishing-attack

fromPCWorld

Phishing scammers weaponize ICE ragebait

The email seen by at least some customers of the Emma email platform was a phishing scam. Hackers hoped to inspire instant panic with the words, 'As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a Support ICE donation button to the footer of every email sent through our platform.'

Information security

Payroll pirates conned the help desk, stole employee's pay

Attackers used compromised shared-mailbox credentials and a help-desk MFA reset via social engineering to divert a physician's salary into the attacker's account.

fromComputerWeekly.com

Tycoon2FA phishing platform dismantled in major operation | Computer Weekly

Europol-led operation dismantled Tycoon2FA, a phishing service with 2,000 subscribers that bypassed multifactor authentication by intercepting credentials and session cookies across 24,000 domains.

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign

Over 150 coordinated cloned law-firm websites impersonate firms to re-victimize fraud victims by offering free asset recovery and evading takedowns.