#phishing
#phishing

2 days ago

Information security

LNER warns customers to remain vigilant after personal data exposed in cyber attack

Information security

Orange Belgium's 850K mega-breach raises fraud fears

2 days ago

Information security

LNER warns customers to remain vigilant after personal data exposed in cyber attack

Information security

Orange Belgium's 850K mega-breach raises fraud fears

Information security

2B Weekly Downloads at Risk: Supply Chain Attack Targets Popular npm Packages, Security Leaders Discuss

Information security

More npm packages poisoned, but would-be thieves get little

Information security

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

Information security

Massive NPM Supply Chain Attack Hits Crypto Wallets - DataBreaches.Net

Information security

Supply chain hack affects billions of npm downloads

Information security

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Information security

2B Weekly Downloads at Risk: Supply Chain Attack Targets Popular npm Packages, Security Leaders Discuss

Information security

More npm packages poisoned, but would-be thieves get little

Information security

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

Information security

Massive NPM Supply Chain Attack Hits Crypto Wallets - DataBreaches.Net

Information security

Supply chain hack affects billions of npm downloads

Information security

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Information security

Google's former security leads raise $13M to fight email threats before they reach you | TechCrunch

fromBuzzFeed

Privacy professionals

A New Email Scam Is Shockingly Realistic, Here's Everything You Need To Know About Protecting Yourself

fromTechCrunch

3 days ago

Information security

Google's former security leads raise $13M to fight email threats before they reach you | TechCrunch

fromBuzzFeed

Privacy professionals

A New Email Scam Is Shockingly Realistic, Here's Everything You Need To Know About Protecting Yourself

Information security

We're Living in an Age of Scams

fromFast Company

Privacy professionals

Online scam uses fake ICE raids at Target and Walmart to steal personal data

Privacy technologies

Amazon issues warning to 200 million customers over Prime scam

fromThe Nation

Information security

We're Living in an Age of Scams

fromFast Company

Privacy professionals

Online scam uses fake ICE raids at Target and Walmart to steal personal data

Privacy technologies

Amazon issues warning to 200 million customers over Prime scam

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Threat actors exploit Axios and Microsoft Direct Send to spoof trusted senders, bypass gateways, and drive highly successful phishing and account takeover campaigns across industries.

From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks

MostereRAT uses EPL-developed staged payloads, mTLS-protected C2, security-tool disabling, and plugin deployment to gain full control and stealthily persist on infected systems.

#icloud-calendar

Apple

Warning to all 1.8b iPhone users over new scam emptying bank accounts

Information security

iCloud invitations used for PayPal phishing

Apple

Warning to all 1.8b iPhone users over new scam emptying bank accounts

Information security

iCloud invitations used for PayPal phishing

Account Profile Scam Targets PayPal Users

Sophisticated phishing campaign spoofs PayPal emails to prompt victims to call scam-linked numbers or click links that grant attackers secondary account access.

#stealerium

fromFuturism

Information security

New Automated Extortion Software Is So Devious You Won't Believe It

Information security

Sextortion with a twist: Spyware takes webcam pics of users watching porn

fromFuturism

Information security

New Automated Extortion Software Is So Devious You Won't Believe It

Information security

Sextortion with a twist: Spyware takes webcam pics of users watching porn

Varonis acquires SlashNext for email security

SlashNext's multi-channel phishing detection combined with Varonis' AI-driven data security enables earlier detection and prevention of AI-powered social-engineering attacks before data breaches occur.

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

Attackers use obfuscated SVG files with embedded JavaScript to deliver Base64-encoded phishing pages impersonating Colombia's judiciary and trigger hidden ZIP malware downloads.

fromChannelPro

Varonis snaps up AI email security specialist SlashNext

Varonis will acquire SlashNext to integrate AI-native multi-channel phishing detection into its platform, enhancing protection against AI-generated threats across email and messaging.

#gmail

Information security

Google says Gmail security is "strong and effective" as it denies major breach

Information security

Google refutes reports of major Gmail breach

Information security

Google says Gmail security is "strong and effective" as it denies major breach

Information security

Google refutes reports of major Gmail breach

Information security

Windows Users: Global UpCrypter Phishing Attack is Expanding

Information security

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

fromTechRepublic

Information security

Windows Users: Global UpCrypter Phishing Attack is Expanding

Information security

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

more#upcrypter

The good news is, you're owed a tax refund. The bad news? It's a scam

Tax calculations can be, well, taxing, so a message from HMRC saying that there's been a mistake may not ring too many alarm bells. Some bring good news: you have overpaid and are owed a refund, but others claim you owe money. In both cases there's an imminent deadline to act sometimes with the threat of legal action, or penalties if you don't. Scammers are taking advantage of people's fears over bills to steal personal and banking information.

Information security

fromWIRED

Scammers Will Try to Trick You Into Filling Out Google Forms. Don't Fall for It

These forms can be created in minutes, with clean and clear formatting, official-looking images and video, and-most importantly of all-a genuine Google Docs URL that your web browser will see no problem with. Scammers can then use these authentic-looking forms to ask for payment details or login information. It's a type of scam that continues to spread, with Google itself issuing a warning about the issue in February.

Information security

Artificial intelligence

Anthropic blocks misuse of Claude for cybercrime

Anthropic blocked attempts to misuse Claude for phishing, malware development, filter circumvention, and influence campaigns, banning accounts and tightening filters to mitigate risks.

#identity-security

Information security

Report declares 'identity crisis' amid rising login attacks

Security leaders increasingly distrust identity providers due to complexity, poor visibility, inadequate MFA coverage, and rising credential-focused attacks.

Privacy professionals

Survey Reveals Top Challenges of Implementing Identity Security

A significant gap exists between the need for identity security and its implementation across organizations.

Information security

Report declares 'identity crisis' amid rising login attacks

Privacy professionals

Survey Reveals Top Challenges of Implementing Identity Security

more#identity-security

fromEntrepreneur

AI-Driven Scams Are Draining Retirement Funds | Entrepreneur

The Phantom Hacker Scam uses AI-driven, three-pronged phishing to steal seniors' retirement funds through tech support, bank, and government impersonation.

Phishing campaign targets Teams and Zoom with RMM tool

Attackers hijack ConnectWise ScreenConnect via AI-driven phishing that impersonates Zoom/Teams, using cloud obfuscation to gain administrator access and enable lateral movement and credential theft.

Science

Agentic AI Browsers Exploited by "PromptFix" Trick Technique

A new prompt injection technique uses fake CAPTCHA pages to trick generative AI agents into executing malicious actions and visiting lookalike storefronts.

Employee distraction is now your biggest cybersecurity risk

Distracted and undertrained staff, not sophisticated threats, cause the majority of cyber incidents, with phishing as the primary attack vector.

fromAbc

How a request for a video of a dress led to the seller losing $950

"Usually, I am pretty onto it and I have helped other friends avoid scams," she said. "For it to happen to me ... this situation got me off guard."

E-Commerce

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Phishing emails deliver RAR archives whose filenames contain Base64-encoded Bash commands that execute VShell via shell command injection when file names are parsed.

#tax-scams

fromwww.thereporter.com

US news

Franchise Tax Board warns Californians about recent tax scams

fromThe Mercury News

California

Franchise Tax Board warns Californians about recent tax scams

fromwww.thereporter.com

US news

Franchise Tax Board warns Californians about recent tax scams

fromThe Mercury News

California

Franchise Tax Board warns Californians about recent tax scams

This Creative Phishing Scam Uses Netflix Job Offers to Steal Facebook Credentials

Scammers impersonate Netflix recruiters to phish jobseekers, steal Facebook credentials, and compromise business accounts to run malicious ads or demand ransoms.

fromABC7 Los Angeles

Don't click on that text claiming to be from Amazon. Here's what to know about the scam

Scammers send fake Amazon texts claiming refunds or recalls to phish for personal information and money; verify via the Amazon app/website and report spam to 7726.

#cybersecurity

Privacy professionals

Malicious URLs overtake email attachments as the biggest malware threat

Privacy professionals

NYDFS Secures $2 Million Cybersecurity Settlement with Healthplex, Inc. - DataBreaches.Net

Canada news

Everything we know so far about the Canadian House of Commons data breach

fromGREY Journal

Privacy professionals

Simple Cybersecurity Habits Every Remote Worker Needs to Know

Privacy technologies

Microsoft Entra ID attack weakens authentication

FIDO authentication can be bypassed by modifying browser identification during phishing attacks.

Privacy technologies

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

Legitimate AI tools are being misused to create replica phishing sites mimicking Brazilian government agencies.

Privacy professionals

Malicious URLs overtake email attachments as the biggest malware threat

Privacy professionals

NYDFS Secures $2 Million Cybersecurity Settlement with Healthplex, Inc. - DataBreaches.Net

Canada news

Everything we know so far about the Canadian House of Commons data breach

fromGREY Journal

Privacy professionals

Simple Cybersecurity Habits Every Remote Worker Needs to Know

Privacy technologies

Microsoft Entra ID attack weakens authentication

Privacy technologies

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

5 common Amazon scams and how to avoid them

Amazon is a common target for scammers using phishing tactics to deceive users.

Privacy professionals

fromTechCrunch

After researchers unmasked a prolific SMS scammer, a new operation has emerged in its wake | TechCrunch

A prolific SMS scam operation has targeted victims by impersonating delivery and toll notifications to steal credit card information.

#malware

Privacy technologies

Adult sites are stashing exploit code inside racy .svg files

Privacy technologies

Supply-chain attacks on open source software are getting out of hand

Privacy professionals

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

Privacy technologies

Adult sites are stashing exploit code inside racy .svg files

Privacy technologies

Supply-chain attacks on open source software are getting out of hand

Privacy professionals

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

Here's how deepfake vishing attacks work, and why they can be hard to detect

AI voice cloning poses significant risks through fraudulent calls mimicking known individuals, increasing the efficiency of phishing schemes.

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

"Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year."

Privacy professionals

Mozilla warns of phishing targeting add-on developers

A phishing campaign is targeting add-on developers with fake messages requesting account updates.

Marketing tech

fromOCCRP

Behind the Scam: How Fraudsters Use Social Media, Software, and Shell Companies to Steal Millions

Affiliate marketers use phishing ads to collect victim data for call centers offering fake investment opportunities.

fromCSO Online

Supply chain attack compromises npm packages to spread backdoor malware

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.

JavaScript

US politics

UK student jailed for selling phishing kits linked to 100m of fraud

Ollie Holman was jailed for seven years for creating phishing kits that defrauded individuals and organizations globally.

fromwww.bbc.com

University student who sold fraud kits jailed

Holman created and sold 1,052 kits which provided fraudulent webpages with built-in scripts to enable the harvesting of information entered, including account log-in details and bank details.

Privacy technologies

Mobile UX

5M Public, Unsecured Wi-Fi Networks Found Exposed

Mobile threats are increasing, with phishing, app vulnerabilities, and unsecured Wi-Fi posing significant risks to corporate data.

Digital life

6 ways to protect your passport and other travel docs from cybercriminals - before it's too late

Travel documents, if scanned or stored digitally, are vulnerable to theft and exploitation.

Arrests made after huge HMRC scam campaign hit 100,000 accounts

These arrests show we work across borders with our international partners to combat tax crime in all its forms. We have a number of live criminal investigations, and we are grateful to our Romanian partners for their support.

Privacy professionals

E-Commerce

Scamazon' how fake emails are targeting Prime subscribers

Beware of phishing emails claiming to be from Amazon about subscription renewals.

Privacy technologies

Phishers built fake Okta and Microsoft 365 login sites with AI - here's how to protect yourself

Hackers are utilizing AI to create sophisticated phishing sites that replicate legitimate webpages, posing significant security threats.

Got a suspicious UPS text? Don't reply - it might be a scam. Here's how to tell

This particular UPS scam is a savvy one, at least in some ways. I received the message on my iPhone, with the sender labeled as unknown. By default, links in a text message from an unknown sender are disabled, so you can't click on them to open them. But the scammer used a sneaky trick to get around this obstacle.

Privacy professionals

E-Commerce

Your reservation is at risk': beware the Booking.com scam

Travel scams through Booking.com are rising, particularly targeting customers during holiday planning.

Privacy professionals