Security Affairs

JANUARY 10, 2025

Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 123

Malware Antivirus Advertising Cybercrime 123

Krebs on Security

DECEMBER 29, 2024

Much of my summer was spent reporting a story about how advertising and marketing firms have created a global free-for-all where anyone can track the daily movements and associations of hundreds of millions of mobile devices , thanks to the ubiquity of mobile location data that is broadly and cheaply available.

Scams 258

Scams Cybercrime Cryptocurrency Social Engineering 258

Security Affairs

FEBRUARY 3, 2025

Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Crazy Evil has earned over $5 million through phishing scams since 2021. Crazy Evil actively recruits affiliates by advertising its cybercriminal network with specific skill requirements.

Scams 86

Scams Media Cryptocurrency Cybercrime 86

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I would like to opt-out of here to reduce the SPAM and Phishing emails. I started Have I Been Pwned (HIBP) in the first place because I was surprised at where my data had turned up in breaches.

Data breaches 336

Data breaches Passwords B2B Technology 336

Malwarebytes

MARCH 20, 2025

This blog post was co-authored with Elie Berreby, Senior SEO Strategist Criminals are highly interested in online marketing and advertising tools that they can leverage as part of their ongoing malware campaigns. We would like to stress that we are not referring to any vulnerability or data breach with Semrush or its platform in this post.

Scams 66

Scams Accountability Phishing Advertising 66

SecureList

DECEMBER 16, 2024

In 2024, our expert observations indicate that commercial advertising for these cryptors have indeed gained momentum. Not every data breach advertisement on the dark web is the result of a genuinely serious incident. The primary purpose of these tools is to render the code undetectable by security software.

Marketing 103

Marketing Cryptocurrency Data breaches Malware 103

Security Affairs

MARCH 13, 2025

The group’s affiliates gain access to victims using phishing campaigns to steal credentials and exploiting unpatched software vulnerabilities. At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends.

Ransomware 72

Ransomware Encryption Cryptocurrency Insurance 72

SecureWorld News

JUNE 23, 2025

At the gym, the flyer advertising a free class also has a QR code. They've realized they don't need to hack complex systems when a curious scan can open the door. These quick scans can become gateways—not to a menu or coupon, but to malicious phishing sites, malware downloads, or credential theft.

Malware 83

Malware Phishing Marketing Mobile 83

Krebs on Security

NOVEMBER 5, 2024

Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday. On May 2, 2024, Judische claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank , one of the first known Snowflake victims. Image: [link] On October 30, Canadian authorities arrested Alexander Moucka, a.k.a.

Cybercrime 306

Cybercrime Mobile Telecommunications Hacking 306

Zero Day

JUNE 22, 2025

Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers. And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. Privacy Policy | | Cookie Settings | Advertise | Terms of Use

Passwords 101

Passwords Data breaches Password Management Accountability 101

SecureList

OCTOBER 23, 2024

Attackers’ attempts to contact crypto-influencers The attackers’ activity was not limited to X — they also used professionally designed websites with additional malware, premium accounts on LinkedIn, and spear phishing through email. On February 20, 2024, the attackers began their campaign, advertising their game on X.

Engineering 145

Engineering Accountability Social Engineering Cryptocurrency 145

Krebs on Security

NOVEMBER 26, 2024

Another suspect in the Snowflake hacks, John Erin Binns , is an American who is currently incarcerated in Turkey. “This was obtained from the ATNT Snowflake hack which is why ATNT paid an extortion,” Kiberphant0m wrote in a thread on BreachForums. A surveillance photo of Connor Riley Moucka, a.k.a. National Security Agency.

DDOS 340

DDOS Cybercrime Accountability Government 340

Zero Day

JUNE 19, 2025

For that reason, the passkey is much more resistant to any type of hacking or other security threat. Privacy Policy | | Cookie Settings | Advertise | Terms of Use All rights reserved.

Passwords 75

Passwords Password Management Small Business Mobile 75

Krebs on Security

JUNE 30, 2025

According to The Journal, Wiles told associates her cellphone contacts were hacked, giving the impersonator access to the private phone numbers of some of the country’s most influential people. Wiles via text messages and in phone calls that may have used AI to spoof her voice.

Mobile 262

Mobile Spyware InfoSec Phishing 262

Zero Day

JUNE 20, 2025

Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers. And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. Privacy Policy | | Cookie Settings | Advertise | Terms of Use

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Krebs on Security

AUGUST 9, 2021

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts.

Phishing 363

Phishing Cybercrime Accountability Advertising 363

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 325

Phishing Cybercrime Malware Advertising 325

Adam Levin

JULY 24, 2020

Barely a day goes by without news of an elite hacking team creating a more stealth exploit– malware , elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. Cyberattacks are constantly getting more sophisticated.

Hacking 237

Hacking Phishing Risk Accountability 237

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device).

Phishing 254

Phishing Authentication Mobile Passwords 254

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability 359

Accountability Advertising Passwords Phishing 359

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 364

Phishing VPN Social Engineering Accountability 364

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. Abusewith[.]us 2, 2014.

Hacking 245

Hacking Accountability Data breaches Marketing 245

Security Affairs

APRIL 15, 2020

The report focuses on phishing kits – the driving force of the phishing industry, which is hard to detect but extremely valuable in terms of fight against phishing. The growing demand for phishing kits is also reflected in its price that skyrocketed last year by 149 percent and exceeded $300 per item.

Phishing 136

Phishing Marketing Advertising Cyber threats 136

Security Affairs

OCTOBER 24, 2020

Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams. Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a phishing campaign that pretends to be automated message from Microsoft Teams. ” concludes the report.

Phishing 145

Phishing Advertising Hacking Passwords 145

Security Affairs

AUGUST 9, 2020

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. Pierluigi Paganini.

Phishing 145

Phishing Advertising Scams Accountability 145

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.

Phishing 143

Phishing Cybercrime Mobile Internet 143

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 142

Phishing Marketing Scams Accountability 142

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 144

Phishing Cybercrime Advertising Hacking 144

Security Affairs

APRIL 17, 2020

Google says that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week. Google announced that its anti-malware solutions implemented to defend its Gmail users have blocked around 18 million phishing and malware emails using COVID-19 lures within the last seven days.

Phishing 145

Phishing Malware Government Small Business 145

Security Affairs

JANUARY 1, 2021

Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims’ login credentials. Threat actors are using Facebook ads to redirect users to Github accounts hosting phishing pages used to steal victims’ login credentials. The landing pages are phishing pages that impersonate legitimate companies.

Phishing 145

Phishing Scams Accountability Malware 145

Krebs on Security

AUGUST 30, 2019

But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals. Stamford, Ct.

Phishing 265

Phishing Marketing Accountability DNS 265

Security Affairs

MARCH 30, 2020

Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. The phishing messages tell the victims that one of their colleagues, friends, or family members has tested positive for the virus, then it urges them to print the attached “EmergencyContact.

Phishing 145

Phishing Advertising Cryptocurrency Malware 145

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Image: FBI.

Antivirus 364

Antivirus Hacking Government Software 364

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing 128

Phishing Cryptocurrency Advertising Encryption 128

Security Affairs

APRIL 11, 2020

Crooks are using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. The Cofense’s phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. ” concludes the experts.

Phishing 145

Phishing Advertising Healthcare Cyber Attacks 145

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency 356

Cryptocurrency Financial Services Banking Cybercrime 356

Security Affairs

NOVEMBER 17, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. SecurityAffairs – hacking, phishing).

Phishing 133

Phishing Adware Retail Malware 133