Malwarebytes

FEBRUARY 4, 2025

Generative AI tools can more convincingly write phishing emails so that the tell-tale signs of a scamlike misspellings and clumsy grammarare all but gone. Cybercrime is a very mature field that relies on a set of well-established tools, such as phishing, information stealers, and ransomware that are already feature complete.

Artificial Intelligence

Security Affairs

MAY 4, 2025

CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations FBI shared a list of phishing domains associated with the LabHost PhaaS platform Canadian electric utility Nova Scotia Power and parent company Emera suffered a cyberattack (..)

Cybercrime

SecureWorld News

JULY 28, 2025

These attacks are especially alarming for industries that depend on high availability, such as airlines, transportation, and retail, where even a short outage can result in millions of dollars in losses. The next attack might not come through a phishing link; it might come from the hypervisor you forgot to monitor.

Social Engineering

Webroot

APRIL 22, 2025

Here are some of the most likely targets for access to consumer data: Healthcare organizations : Healthcare companies are a prime target for cybercrime due to the large amounts of sensitive data they store, which includes personal information and medical records. This makes it accessible to a worldwide network of criminals.

Data breaches

Security Affairs

JUNE 29, 2025

House banned WhatsApp on government devices due to security concerns Russia-linked APT28 use Signal chats to target Ukraine official with malware China-linked APT Salt Typhoon targets Canadian Telecom companies U.S.

Data breaches

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Meanwhile, “RansomHub” is rising rapidly due to its attractive ransomware-as-a-service (RaaS) model.

Cyber Attacks

Security Affairs

MAY 18, 2025

officials Shields up US retailers. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Scattered Spider threat actors can target them U.S.

Data breaches

Security Affairs

OCTOBER 27, 2024

CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812 Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment Internet Archive was breached twice in a month Unknown threat actors exploit Roundcube Webmail flaw (..)

Data breaches

Security Affairs

MAY 13, 2025

M&S is a major British multinational retailer headquartered in London. No action is required, but customers should be cautious of potential phishing attempts, as M&S will never request personal account info. The company did not share technical details about the attack.

Data breaches

Zero Day

JUNE 22, 2025

We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. Information may also be leaked  accidentally  by employees.

Passwords

SecureWorld News

JULY 10, 2025

The World Economic Forum warns that AI-powered cybercrime is among the top concerns shaping the 2025 threat landscape. A stark example came in early 2025: a major global retailer was breached not through its network, but via a little-known third-party SaaS provider handling employee onboarding.

Manufacturing

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. An image from one Chinese phishing group’s Telegram channel shows various toll road phish kits available.

Phishing

Krebs on Security

JULY 10, 2025

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods , and the British food retailer Co-op Group. KrebsOnSecurity has learned the identities of two of the suspects. In November 2024, U.S.

Cybercrime

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages. cloud providers.

Accountability

Zero Day

JUNE 20, 2025

We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. Information may also be leaked  accidentally  by employees.

Passwords

Security Affairs

JULY 14, 2025

Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway.

Data breaches

Security Affairs

APRIL 27, 2025

million patients Crooks exploit the death of Pope Francis WhatsApp introduces Advanced Chat Privacy to protect sensitive communications Android spyware hidden in mapping software targets Russian soldiers Crypto mining campaign targets Docker environments with new evasion technique The popular xrpl.js

Data breaches

Security Affairs

MAY 11, 2025

CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog Google fixed actively exploited Android flaw CVE-2025-27363 New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR Smishing on a Massive Scale: Panda Shop Chinese Carding Syndicate Kelly Benefits December data breach impacted over 400,000 individuals A (..)

Spyware

Dark Reading

NOVEMBER 8, 2022

Retailers and hospitality companies expect to battle credential harvesting, phishing, bots, and various malware variants.

Retail

Krebs on Security

JULY 29, 2021

TARGETED PHISHING. But the more insidious threat with hacked databases comes not from password re-use but from targeted phishing activity in the early days of a breach, when relatively few ne’er-do-wells have got their hands on a hot new hacked database. The targeted phishing message that went out to classicfootballshirts.co.uk

Passwords

Security Affairs

MAY 5, 2021

A new cybercrime gang, tracked as UNC2529 , has targeted many organizations in the US and other countries using new sophisticated malware. The group targeted the organization with phishing attacks aimed at spreading at least three new sophisticated malware strains. The post UNC2529, a new sophisticated cybercrime gang that targets U.S.

Cybercrime

SecureWorld News

OCTOBER 12, 2022

It is sadly the case that ecommerce cybercrime is on the rise. As cybercriminals do seem to be taking a keener interest in the industry, it is up to owners of ecommerce businesses to be extra vigilant about cybercrime and put appropriate defenses in place to keep the company secure. Major risks for online retailers.

eCommerce

Security Affairs

NOVEMBER 17, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. SecurityAffairs – hacking, phishing).

Phishing

SecureWorld News

NOVEMBER 7, 2022

The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) released its 2022 Holiday Season Cyber Threat Trends report, detailing the threat landscape the retail and hospitality industries face during the holiday season. Phishing activity sharing is down slightly from 18% in 2020 to 16% in 2021.

Cyber threats

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. But our visibility showed otherwise.

Cybercrime

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime

Malwarebytes

SEPTEMBER 5, 2024

My Lowe’s Life ads Combining ads with a phishing page is a proven recipe for success. Phishing site built with AI The threat actor registered several similarly looking domain names in order to trick their victims: myloveslife[.]net net mylifelowes[.]org org mylifelowes[.]net net myliveloves[.]net

Phishing

Joseph Steinberg

JUNE 1, 2021

While some meal-kit-service-scam messages contain spelling and grammatical errors, the smishing message (smishing is phishing via text message) that I received did not suffer from such deficiencies; it appeared as well written as typical businesses correspondence. rate of growth experienced the year prior.

Artificial Intelligence

Krebs on Security

AUGUST 12, 2018

” Organized cybercrime gangs that coordinate unlimited attacks typically do so by hacking or phishing their way into a bank or payment card processor. In both cases, the attackers managed to phish someone working at the Blacksburg, Virginia-based small bank.

Banking

Krebs on Security

DECEMBER 29, 2022

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. 24, Russia invades Ukraine, and fault lines quickly begin to appear in the cybercrime underground. I will also continue to post on LinkedIn about new stories in 2023.

Cryptocurrency

Security Affairs

JUNE 10, 2021

Group-IB, a global threat hunting and adversarial cyber intelligence company specializing in the investigation and prevention of high-tech cybercrime, has published a comprehensive analysis of fraud cases on a global scale. . Insurance companies around the world are now suffering from phishing.

Scams

Security Affairs

SEPTEMBER 4, 2021

FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7. ” reads the analysis published by Anomali.

Cybercrime

Thales Cloud Protection & Licensing

MAY 10, 2023

The Retail Data Threat Environment and Why CIAM is a Key Cornerstone to Better Cybersecurity. madhav Thu, 05/11/2023 - 06:06 The retail landscape has changed significantly. Customers should be aware of the existing threats, while retailers must understand the risks associated with poor management of customer identities.

Retail

Identity IQ

AUGUST 31, 2023

How to Identify and Avoid Holiday Phishing Scams IdentityIQ The holiday season brings joy, celebrations, and… a surge in online scams. Holiday phishing scams are an ongoing issue that ramps up when folks are feeling the most festive. What Is a Phishing Scam? How Does Phishing Work? What Are the Types of Phishing Attacks?

Scams

SecureWorld News

DECEMBER 15, 2022

Security researchers at Checkmarx and Illustria recently discovered a campaign in which a threat actor(s) managed to post over 144,000 phishing packages to popular open source platforms, including NPM, PyPi, and NuGet. The threat actors also used referral IDs to retail websites to benefit from referral rewards.

Phishing

SecureList

NOVEMBER 20, 2023

In 2022, global e-commerce retail revenue was estimated to reach $5.7 Methodology In this research, we examine various types of threats, such as financial malware and phishing pages that imitate the world’s largest retail platforms, banks and payment systems. In the screenshot below, a phishing site mimics Chanel.

Phishing