Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. The group campaigns leave minimal traces and often evade antivirus detection by using legitimate remote access tools. FBI warns Silent Ransom Group has targeted U.S.

Social Engineering

Security Affairs

APRIL 22, 2025

from fake websites (phishing sites) disguised as websites of real securities companies.” FSA warns that cases of unauthorized trading via stolen login data from phishing sites mimicking real securities firms are sharply increasing on online trading platforms. ” reads the FSA’s alert.

Financial Services

Security Through Education

JULY 22, 2025

One of the most common tactics threat actors use to trick individuals into giving up sensitive information, like login credentials, is phishing emails. According to Proofpoint’s 2024 report 91% of all cyber-attacks start with phishing. Spear phishing emails on the other hand are carefully crafted to target a specific individual.

Phishing

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Webroot

FEBRUARY 21, 2025

Phishing scams, ransomware attacks, data breaches, and identity theft are part of a growing list of online dangers that are a daily reality. What began as antivirus product has expanded into a comprehensive portfolio to secure your entire digital life. Anti-phishing protection Shields you from phishing attempts.

Antivirus

eSecurity Planet

APRIL 21, 2025

A Russian state-linked hacking group is ramping up its cyberattacks against diplomatic targets across Europe, using a new stealthy malware tool known as GrapeLoader to deliver malicious payloads through cleverly disguised phishing emails. The phishing emails come with a tempting subject: wine tasting.

Scams

Security Affairs

JANUARY 10, 2025

Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms.

Malware

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Armageddon , Primitive Bear , ACTINIUM , Callisto ) targets Ukraine with a phishing campaign. The PowerShell code avoids antivirus detection by using Get-Command to execute the payload.

Phishing

Security Affairs

APRIL 2, 2025

Delivered via phishing and hosted on compromised SharePoint sites, it remains undetected by most antivirus solutions, posing a serious security risk. Despite its mild obfuscation, it remains fully undetected (FUD) by most antivirus solutions. ” concludes the report.

Antivirus

Webroot

MAY 5, 2025

Phishing attacks are a significant threat to consumers, with cybercriminals constantly evolving their tactics to deceive unsuspecting individuals. The integration of artificial intelligence (AI) into phishing schemes has made these attacks even more sophisticated and challenging to detect. How AI enhances phishing attacks 1.

Phishing

Krebs on Security

MAY 28, 2025

A report from the Pakistani media outlet Dawn states that authorities there arrested 21 people alleged to have operated Heartsender, a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me.

Malware

Hacker's King

DECEMBER 16, 2024

Phishing and Social Engineering : Phishing remains a popular attack method, leveraging emails, fake websites, and social media to deceive users into providing sensitive information. In 2023, there was a significant increase in phishing attacks, especially targeting remote workers and users in industries such as finance and healthcare.

Cyber Attacks

eSecurity Planet

MARCH 3, 2025

Notably, 79% of detections were malware-free a reminder that modern adversaries often bypass traditional antivirus defenses by leveraging innovative, non-malware techniques. The business of cybercrime Cybercriminals are no longer disorganized hackers. They are now running highly efficient operations that mirror legitimate business models.

Threat Reports

eSecurity Planet

MAY 27, 2025

The FBI has issued a new warning to US law firms about an ongoing and increasingly aggressive phishing campaign orchestrated by the cybercriminal group Luna Moth. Traditional antivirus systems usually fail to detect suspicious activity due to this. Connections from WinSCP or Rclone to outside networks.

Phishing

Security Affairs

FEBRUARY 4, 2025

The Coyote Banking Trojan supports multiple malicious functions, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials. It gathers system details, including antivirus information, encodes the data, and sends it to a remote server.

Banking

SecureWorld News

JANUARY 16, 2025

Regularly updating and patching systems, including antivirus software, firewalls, and SCADA networks, can mitigate this risk. Conducting regular training sessions on recognizing phishing emails, avoiding suspicious downloads, and following cybersecurity protocols can build a resilient workforce.

Energy and Utilities

Security Affairs

JULY 9, 2025

Starting in May, threat actors used Shellter-protected malware in phishing campaigns targeting YouTubers with fake sponsorship offers from brands like Udemy and Duolingo. Both stealers used Shellter to evade detection with low antivirus flagging.

Malware

Malwarebytes

MARCH 18, 2025

We have heard of victims whose crypto wallets had been emptied, and were subsequently impersonated by the criminals who sent phishing links to their contacts. Here are some things to look out for and stay safe: instructions to disable security software so the program can run (do not disable the antivirus that’s trying to protect you!)

Cryptocurrency

Webroot

MARCH 3, 2025

Antivirus protection Software that protects against viruses and malware. Beware before you share Phishing scams Avoid clicking on malicious links in emails and social media. How to protect yourself and your data Smart ways to secure your devices Strong passwords – Make them long, random, and unique.

Consumer Protection

Security Affairs

JULY 18, 2025

NoMoreRansom warns users to remove the malware first with a reliable antivirus before using the decryptor, or files may be re-encrypted repeatedly. Threat actors behind Phobos attacks were observed gaining initial access to vulnerable networks by leveraging phishing campaigns.

Ransomware

eSecurity Planet

JUNE 30, 2025

5 Ease of use 5/5 Malwarebytes provides comprehensive tools to secure your devices, including antivirus, anti-malware, privacy protection, and scam protection. 5 Norton 360 offers comprehensive protection, including device security features such as antivirus and a password manager, all in one single solution. 5 Cost 4.3/5 5 Cost 4.3/5

Password Management

Security Affairs

JANUARY 10, 2025

” In both campaigns A and C, attackers used spear-phishing attacks, however, the two campaigns show notable differences in their malware and infection techniques. Since June 2023, MirrorFace has used the Windows Sandbox feature to execute LOADEINFO malware within an isolated environment, evading antivirus detection.

Antivirus

SecureWorld News

JULY 23, 2025

Newer Android variants omit SMS permissions from the manifest while retaining the exfiltration code, allowing them to evade dynamic analysis and antivirus tools. Some phishing domains were even indexed by Google, appearing in legitimate search results, giving the scheme a veneer of credibility.

Malware

Malwarebytes

JANUARY 16, 2025

How to protect yourself from card skimmers Run a security solution and keep it up to date.Most antivirus productsincluding Malwarebytes Premium offer some kind of web protection that detects malicious domains and IP addresses. Enable in-browser protection.

Data breaches

SecureList

MARCH 10, 2025

Infection flow The attacker sends spear-phishing emails with a DOCX file attached. The new version uses a different WMI, which collects the name of the antivirus and the related “productState” Furthermore, the malware compares all running process names against an embedded dictionary.

Energy and Utilities

Hacker's King

MAY 24, 2025

In simpler terms, phishing scams, brute force attacks, and MFA bypass techniques. Phishing attacks Phishing so far makes for the most dangerous aspect of cybersecurity. Unlike the traditional methods of sending more information about a certain service, a phishing email acts the complete opposite.

Cyber Attacks

SecureWorld News

JULY 17, 2025

Voice-cloned phone scams: Rather than crude phishing emails, scammers use AI voice synthesis to call bankers or customers while mimicking a trusted person's voice. Augmented phishing and social media impersonation: Even text-based scams have become more convincing with AI. It's essentially social engineering supercharged by AI.

Banking

Webroot

APRIL 11, 2025

Phishing emails and text messages: Phishing schemes can happen through emails, texts or social media. You can learn how to report suspected phishing here. Its easy to avoid these scams by remembering this important tip – the first time the IRS contacts you, it will be by U.S. mail only , never by phone, text or email!

Scams

SecureList

JANUARY 30, 2025

Technical details Background We detected several APK samples tagged as Trojan-Spy.AndroidOS.Agent and originating from Malaysia and Brunei in our Kaspersky Security Network (KSN) telemetry and on third-party multi-antivirus platforms. Conclusion The Tria Stealer campaign remains active, targeting more victims in Malaysia and Brunei.

Accountability

Hacker's King

DECEMBER 17, 2024

Stealth Capabilities : The malware is designed to avoid detection by traditional antivirus solutions, employing techniques such as process masquerading and rootkit-like functionality. Train Employees Educating employees about phishing and social engineering tactics can reduce the likelihood of attackers gaining initial access to networks.

Banking

SecureWorld News

DECEMBER 30, 2024

Antivirus solutions, monitoring systems, and endpoint detection and response (EDR) tools play a critical role in combating these threats. However, experts point out that attackers heavily rely on phishing email campaigns. Social engineering techniques enable them to bypass technical security measures effectively.

Data breaches

eSecurity Planet

FEBRUARY 17, 2025

Simply put, they are antivirus solutions. In fact, it is one of the most popular antivirus solutions. Per 6sense, McAfee Cloud Security makes up 12.47% of the worldwide antivirus market share. It warns you about phishing attempts. Microsoft Defender Overview Better for its free plan and ease of use Overall Rating: 3.8/5

Antivirus

Hacker's King

JANUARY 8, 2025

These Android hacking techniques can be described as: Phishing Attacks: This is a technique in which hackers gain the trust of individuals by mimicking someone authentic. Every Android user should install an antivirus program, as it detects and blocks malicious activities on your Android device.

Hacking

Webroot

APRIL 22, 2025

Phishing and social engineering : Using your personal information, scammers can craft more convincing phishing emails or messages to trick you into giving up even more sensitive details, like passwords and PIN numbers. Selling it on the dark web : Stolen data is frequently sold to the highest bidder on dark web marketplaces.

Data breaches

Webroot

FEBRUARY 21, 2025

Its a top-end, true all-in-one offering based on a new platform that combines antivirus, password manager, identity protection, VPN, backup, and parental controls. Comprehensive antivirus software is most effective when used in conjunction with security best practices.

Identity Theft

Malwarebytes

MARCH 17, 2025

Protect your devices with antivirus and cybersecurity tools. But in the same way that cybercriminals have begun abusing Google search results to send victims to dangerous websites, theyve also done the same to trick users into downloading fake versions of popular apps. ” The threat here endures long after the app is installed.

Scams