Krebs on Security

APRIL 30, 2025

Buchanan was arrested in Spain last year on a warrant from the FBI, which wanted him in connection with a series of SMS-based phishing attacks in the summer of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and many other tech firms. A Scattered Spider/0Ktapus SMS phishing lure sent to Twilio employees in 2022.

Identity Theft 195

Identity Theft Phishing Cryptocurrency Cybercrime 195

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing 95

Phishing Accountability Authentication Advertising 95

Krebs on Security

DECEMBER 18, 2024

GRAND THEFT AUTOMATED Just days after Griffin was robbed, a scammer impersonating Google managed to phish 45 bitcoins — approximately $4,725,000 at today’s value — from Tony , a 42-year-old professional from northern California. I put my seed phrase into a phishing site, and that was it.” My brain went haywire.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Malwarebytes

FEBRUARY 13, 2025

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence (AI) in their scams. Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. Use a password manager to autofill credentials only on trusted sites.

Phishing 108

Phishing Artificial Intelligence Identity Theft Accountability 108

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. According to the Verizon 2024 Data Breach Investigations Report , 68% of cybersecurity breaches are caused by human error. Cary, NC, Oct. INE Security emphasizes the importance of regular training forall employees.

Small Business 162

Small Business Data breaches Backups Passwords 162

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 299

Phishing Cybercrime Malware Advertising 299

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 77

Phishing Banking Scams Mobile 77

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing 293

Phishing Cryptocurrency DDOS Internet 293

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

Thales Cloud Protection & Licensing

MAY 7, 2025

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 - 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

Malwarebytes

OCTOBER 25, 2024

UnitedHealth CEO Andrew Witty estimated the attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill on May 1, 2024 in Washington, DC. Change your password. You can make a stolen password useless to thieves by changing it. He wasn’t exaggerating.

Healthcare 123

Healthcare Data breaches Passwords Identity Theft 123

Malwarebytes

NOVEMBER 4, 2024

The City of Columbus was attacked by a ransomware group on July 18, 2024. On September 12, 2024, the city of Columbus issued a notice of breach that was sent to its clients. Change your password. You can make a stolen password useless to thieves by changing it. Better yet, let a password manager choose one for you.

Data breaches 123

Data breaches Passwords Ransomware Phishing 123

Malwarebytes

FEBRUARY 25, 2025

DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. DISA discovered the breach on April 22, 2024, and has since conducted an investigation with the help of third-party forensic experts. Change your password. You can make a stolen password useless to thieves by changing it.

Data breaches 106

Data breaches Passwords Phishing Password Management 106

Security Affairs

NOVEMBER 15, 2024

Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.” CVE-2024-9464 (CVSS 9.3) – An authenticated OS command injection vulnerability allows attackers root access, leading to data exposure similar to CVE-2024-9463.

Firewall 110

Firewall Passwords Authentication Phishing 110

Graham Cluley

JUNE 5, 2025

Skip to content Graham Cluley Cybersecurity and AI keynote speaker BOOK ME Speaking · Writing · Podcasts · Video · Contact · About · Games 🔍 ⁠This weeks sponsor: Proton Pass - Easily create unique, secure passwords. Sync across unlimited devices. Integrated 2FA. Sign up to our free newsletter.

Phishing 62

Phishing Accountability Passwords Hacking 62

Malwarebytes

APRIL 15, 2025

In 2024, CL0P repeated this method using a zero-day exploit against Cleo, a business-to-business (B2B) tech platform provider that specializes in managed file transfer (MFT) solutions, like Cleo Harmony, VLTrader, and LexiCom. Change your password. You can make a stolen password useless to thieves by changing it. Take your time.

Data breaches 111

Data breaches Ransomware B2B Passwords 111

Troy Hunt

NOVEMBER 13, 2024

Additionally, the threat actor with… pic.twitter.com/tqsyb8plPG — HackManac (@H4ckManac) February 28, 2024 When Jason found his email address and other info in this corpus, he had the same question so many others do when their data turns up in a place they've never heard of before - how?

Data breaches 335

Data breaches Passwords B2B Technology 335

Malwarebytes

MARCH 19, 2025

The data breach notification states that the breach occurred on April 20, 2024 and CCB discovered it on October 4, 2024. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Enable two-factor authentication (2FA).

Banking 102

Banking Data breaches Computers and Electronics Insurance 102

eSecurity Planet

NOVEMBER 6, 2024

In this video, our expert delves into what cookies are and their function in web browsing, explores the techniques hackers use to steal them — such as session hijacking and cross-site scripting (XSS) — and shares effective strategies and tools to protect your cookies and personal data in 2024. How Does Cookie Stealing Work?

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

BH Consulting

OCTOBER 24, 2024

Those are the seven threats ENISA enumerates in its latest Threat Landscape 2024 report. Now in its 12th edition, the 2024 report is based on the analysis of more than 11,000 incidents. It’s been a busy few weeks for the Data Protection Commission, which fined Meta €91 million for storing millions of user passwords in plaintext.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business 95

Small Business Cybersecurity Scams Passwords 95

Malwarebytes

APRIL 24, 2025

” The transmission of data took place between April 2021 and January 2024. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Watch out for fake vendors.

Insurance 122

Insurance Data breaches Passwords Phishing 122

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Security Affairs

NOVEMBER 3, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

OCTOBER 25, 2024

The vulnerability CVE-2024-20481 (CVSS score of 5.8) Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. Now the company confirmed that the flaw CVE-2024-20481 is actively exploited in the wild. continues the advisory.

VPN 114

VPN Firewall Technology Passwords 114

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords 65

Passwords Password Management Accountability Malware 65

The Last Watchdog

MARCH 19, 2025

Attackers now have access to extensive identity data from multiple sourcesincluding data breaches, infostealer malware infections, phishing campaigns, and combolistsposing a challenge for organizations whose security measures have not yet adapted to address the full scope of interconnected identity exposures holistically.

Cyber Risk 113

Cyber Risk Risk Phishing Cybercrime 113

Security Affairs

JANUARY 10, 2025

Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 122

Malware Advertising Antivirus Cybercrime 122

SecureWorld News

DECEMBER 4, 2024

Darktrace today revealed a surge in retail cyberattacks at the opening of the 2024 holiday shopping season. However, brand impersonation in phishing occurs entirely outside retailers' legitimate infrastructure and security controls and happens at too great a volume for brands to catch and stop every instance.

Retail 116

Retail Scams Phishing Cyber threats 116

Malwarebytes

JANUARY 10, 2025

In a breach notification , the company disclosed that on October 11, 2024 it learned about an incident that disrupted the operations of some of its IT systems. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else.

Ransomware 104

Ransomware Data breaches Passwords Phishing 104

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption 118

Encryption Password Management Cryptocurrency Social Engineering 118

Malwarebytes

FEBRUARY 14, 2025

The data contains names, email addresses, usernames, passwords, phone numbers, addresses, company names, and additional personal information. As with other recent claims by criminals on BreachForums we have to be careful to take their word for anything, but Jurak claims they breached Zacks themselves in June 2024. Change your password.

Accountability 92

Accountability Data breaches Passwords Phishing 92

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Security Affairs

JUNE 19, 2025

With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. The data, structured by URL, login, and password, targets services like Apple, Google, Facebook, Telegram, GitHub, and even government portals.

76

76

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications.

Scams 123

Scams Malware Phishing Social Engineering 123

SecureWorld News

MAY 2, 2024

In our digitally connected world, passwords are the gateway to protecting our online lives—from email and social media accounts to banking and private data. Yet, many of us still use alarmingly weak passwords or reuse the same ones across multiple sites, putting our digital identities at severe risk.

Passwords 112

Passwords Password Management Identity Theft Authentication 112

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Our latest investigation revealed the same trend.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59