SecureList

FEBRUARY 20, 2025

Security incident statistics for 2024 In 2024, the MDR infrastructure received and processed on average 15,000 telemetry events per host every day, generating security alerts as a result. User Execution and Phishing remain top threats. This report answers key questions, including: Who are the potential attackers? in IT, 18.3%

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded.

Phishing 86

Phishing Mobile Social Engineering Data breaches 86

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 77

Phishing Banking Scams Mobile 77

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Use early detection tools like honeypots or CanaryTokens to counter attackers using tools like Nmap and Angry IP Scanner.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

SecureList

NOVEMBER 28, 2024

This is our latest roundup, covering activity we observed during Q3 2024. Based on limited telemetry, we believe with medium to low confidence that some of the initial infections were spear-phishing emails. After that, we did not observe any new activity related to this actor until mid-July 2024.

Malware 118

Malware Government Software Spyware 118

Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports 199

Threat Reports Social Engineering Engineering Phishing 199

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

Troy Hunt

FEBRUARY 23, 2024

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. And so, when I received the following SMS earlier this week I was expecting a parcel and I was expecting phishing attacks: So. Parcel or phish?

Phishing 363

Phishing Scams Banking Social Engineering 363

Digital Shadows

OCTOBER 25, 2024

In October 2024, ReliaQuest responded to an alert for Impacket activity. During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” What Happened? com qr-s2[.]com com qr-s3[.]com com qr-s4[.]com

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

Thales Cloud Protection & Licensing

MAY 7, 2025

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 - 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. Phishing attacks driven by ChatGPT will be harder than ever to detect.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. First detected in December 2024 and persisting into early 2025, the threat targets hospitality organizations across North America, Oceania, Asia, and Europe.

Phishing 63

Phishing Malware Social Engineering Authentication 63

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications.

Scams 123

Scams Malware Phishing Social Engineering 123

Duo's Security Blog

MAY 28, 2025

Sixty percent of all Cisco Talos IR cases in 2024 saw identity as a key component of reported attacks. The Duo difference: End-to-end phishing resistance For too long, defenders have focused solely on login protection with multi-factor authentication (MFA). Our robust user directory and identity routing engine make this possible.

Social Engineering 126

Social Engineering Engineering Phishing Marketing 126

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Notably, some of them were registered between September and November 2024. billion (equal to USD 326 million) between 2021 and 2023.

Social Engineering 114

Social Engineering Phishing Banking DNS 114

eSecurity Planet

MARCH 3, 2025

The report details how threat actors harness automation, artificial intelligence, and advanced social engineering to scale their operations. Their methods include using generative AI to create convincing phishing emails , fraudulent websites, and fictitious profiles designed to deceive and infiltrate organizational defenses.

Threat Reports 110

Threat Reports Cybercrime Artificial Intelligence Social Engineering 110

BH Consulting

OCTOBER 24, 2024

The malevolent seven: ENISA report identifies prime cybersecurity threats Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. MORE Cofense looks at a recent phishing campaign that used HR-related themes.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. Gen Digital observed phishing campaigns distributing the Glove Stealer. The campaign observed by researchers used a phishing message with an HTML file attachment.

Encryption 119

Encryption Password Management Cryptocurrency Social Engineering 119

SecureWorld News

JUNE 9, 2025

Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing. Aircraft themselves are nodes on data networks, constantly transmitting telemetry, engine performance metrics, and passenger connectivity data.

Cybersecurity 117

Cybersecurity Social Engineering Computers and Electronics Risk 117

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. In January 2024, U.S.

Cybercrime 113

Cybercrime Identity Theft Cryptocurrency Phishing 113

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Organizations face rising risks of AI-driven social engineering and personal device breaches. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Krebs on Security

APRIL 9, 2024

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

DNS 317

DNS Social Engineering Malware Media 317

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Phishing Attacks: Phishing is the top cyber attack, causing 90% of data breaches. RaaS usage is expected to increase by 25% in 2024. Shockingly, 96% of these attacks come through email.

Social Engineering 143

Social Engineering Cyber Attacks Cyber Insurance IoT 143

SecureList

JUNE 10, 2024

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. An OTP bot is a piece of software programmed to intercept OTPs with the help of social engineering. Yet, social engineering can be used to talk the victim into giving away a code provided by any type of organization.

Phishing 145

Phishing Banking Accountability Social Engineering 145

SecureWorld News

MAY 9, 2025

The development marks a significant escalation in COLDRIVER's cyber espionage activities, which have traditionally focused on credential phishing. The method, known as "ClickFix," leverages social engineering to bypass traditional email-based defenses. Cedric Leighton , CNN Military Analyst; U.S.

Malware 86

Malware Social Engineering Government Engineering 86

Tech Republic Security

NOVEMBER 9, 2023

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Cybersecurity 214

Cybersecurity Malware Big data Social Engineering 214

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Victim losses range from $0.10

Scams 87

Scams Media Cryptocurrency Cybercrime 87

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Our latest investigation revealed the same trend.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Krebs on Security

JUNE 15, 2024

In January 2024, U.S. 0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Tech Republic Security

JUNE 4, 2024

Organisations providing services related to the Paris Olympics 2024 have an increased risk of cyber attack, a new study has found.

Cyber Attacks 197

Cyber Attacks Risk Social Engineering Engineering 197

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing Manufacturing 126

Security Boulevard

JANUARY 20, 2025

Successful exploitation requires social engineering users into manipulating a specially crafted file. Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 welivesecurity (ESET) CVE-2024-7344. Approximately 70% of observed malware cases in 2024 derived from browser-based malware.

Surveillance 97

Surveillance Malware Data breaches Phishing 97

SecureWorld News

FEBRUARY 20, 2025

Stolen credentials remain the top breach factor, responsible for 24% of incidents in 2024. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Cybersecurity awareness and incident response Train employees to recognize phishing attempts and social engineering.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing 108

Phishing Authentication Engineering Banking 108