Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Please download and read the attached encrypted document carefully. Note: The password for the document is 123456. As phishing kits go, this one is pretty basic and not terribly customized or convincing.

Phishing 280

Phishing Antivirus Scams Malware 280

Krebs on Security

DECEMBER 18, 2024

GRAND THEFT AUTOMATED Just days after Griffin was robbed, a scammer impersonating Google managed to phish 45 bitcoins — approximately $4,725,000 at today’s value — from Tony , a 42-year-old professional from northern California. I put my seed phrase into a phishing site, and that was it.” My brain went haywire.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 242

Phishing Passwords Hacking Internet 242

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 299

Phishing Cybercrime Malware Advertising 299

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com) The malware includes tools for password theft and stealthy access.”

Antivirus 121

Antivirus Malware Banking Passwords 121

Thales Cloud Protection & Licensing

MAY 7, 2025

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 - 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Change all your passwords and do this using a clean, trusted device. Imageconvertors[.]com

Malware 139

Malware Adware Education Phishing 139

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. “Implement basic cyber hygiene to include being suspicious, robust passwords, multifactor authentication, and installation of antivirus tools.” ” concludes the report.

Social Engineering 114

Social Engineering Antivirus Phishing Engineering 114

Malwarebytes

APRIL 3, 2025

Recently weve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. DocuSign , Adobe), which increases the perceived legitimacy of the phish.

Phishing 142

Phishing Banking Mobile Accountability 142

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

Malwarebytes

MAY 27, 2025

While the sheer volume of exposed dataincluding emails, passwords, and authorization URLsis alarming, the real concern is not just about the exposure itself, but in how cybercriminals collect and weaponize these credentials. They often arrive via phishing emails, malicious websites, or bundled with cracked software.

Identity Theft 145

Identity Theft Passwords Accountability Phishing 145

Malwarebytes

APRIL 15, 2025

A screenshot of some of CL0P’s list of victims (other victims’ names obscured) This leak site is also where the stolen data is available for download. Malwarebytes Labs was unable to figure out how many people were affected, but the number of available archives for download is in the tenfolds. Change your password.

Data breaches 111

Data breaches Ransomware B2B Passwords 111

Troy Hunt

NOVEMBER 13, 2024

As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.  I would like to opt-out of here to reduce the SPAM and Phishing emails.

Data breaches 335

Data breaches Passwords B2B Technology 335

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? These pages act as a sort of gateway to external websites specifically designed to steal the usernames and passwords from the coveted advertisers’ Google accounts.

Advertising 133

Advertising Accountability Phishing Scams 133

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. Attackers also employ encrypted or password-protected files to evade security detection.

Banking 90

Banking Phishing Malware Passwords 90

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Gen Digital observed phishing campaigns distributing the Glove Stealer. ” reads the report published by Gen Digital.

Encryption 118

Encryption Password Management Cryptocurrency Social Engineering 118

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business 95

Small Business Cybersecurity Scams Passwords 95

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link.

Phishing 315

Phishing Architecture Passwords Accountability 315

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. It contains a formula editor exploit that downloads and runs an HTML Application (HTA) file hosted on the same C2 server.

Encryption 135

Encryption Penetration Testing Malware Phishing 135

CSO Magazine

JULY 25, 2022

Phishing , in which an attacker sends a deceptive email tricks the recipient into giving up information or downloading a file, is a decades-old practice that still is responsible for innumerable IT headaches. The fight against phishing is a frustrating one, and it falls squarely onto IT's shoulders.

Phishing 136

Phishing Passwords Malware 136

SecureWorld News

DECEMBER 4, 2024

The United States retail sector faced an especially aggressive wave of cyber threats, with phishing attacks mimicking major holiday brands [3] including Walmart, Target, and Best Buy increasing by more than 2,000% during peak shopping periods. Make logins secure Firstly, ensure all staff have strong passwords (12-16 characters).

Retail 116

Retail Scams Phishing Cyber threats 116

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords 65

Passwords Password Management Accountability Malware 65

Jane Frankland

MAY 16, 2025

MFA Bypass Methods: SIM swaps, malware, or phishing sites that trick you into revealing or approving access. Auto-fill Exploits: A small but critical sign when your password manager doesnt autofill it might be a scam site. Avoid reusing passwords across different services. You might think, Why didnt I stop there?

Scams 130

Scams Password Management Passwords Banking 130

Malwarebytes

MARCH 25, 2025

In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. SCAN NOW If your data was exposed in the 23andMe breach, here is what you can do: Change your password. Select View. Take your time.

Passwords 114

Passwords Accountability Data breaches Phishing 114

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile 342

Mobile Phishing Authentication Accountability 342

Malwarebytes

NOVEMBER 5, 2024

Cybercriminals could use your account to spread spam and phishing emails to your contacts. And perhaps most worrying of all, once an attacker is in your email account they can reset your passwords to your other accounts and login as you there too. Keep threats off your devices by downloading Malwarebytes today.

Accountability 145

Accountability Authentication Malware Banking 145

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 144

Phishing Marketing Scams Accountability 144

Malwarebytes

MARCH 18, 2025

Double zipped malware Both Mac and Windows files are double zipped, with the final zip being password protected. We have heard of victims whose crypto wallets had been emptied, and were subsequently impersonated by the criminals who sent phishing links to their contacts. icu , registered about a week ago by someone in Russia.

Cryptocurrency 126

Cryptocurrency Malware Scams Antivirus 126

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams 123

Scams Malware Phishing Social Engineering 123

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. On these websites, cybercriminals advertise a piece of high-demand software and trick users into a download.

Malware 135

Malware Software Passwords Cryptocurrency 135

Malwarebytes

FEBRUARY 5, 2025

A cybercriminal specializing in breaching Shopify stores is posting huge data sets as free downloads. boAt Lifestyle data free download For example, boAt is reportedly Indian’s most active company that markets audio-focused electronic gadgets. Keep your software up to date.

Small Business 89

Small Business Data breaches Phishing Malware 89

Krebs on Security

SEPTEMBER 27, 2023

According to DomainTools.com , this address also hosts or else recently hosted the usual coterie of Snatch domains, as well as quite a few domains phishing known brands such as Amazon and Cashapp. But it appears multiple crime groups may be using these domains to phish people and disseminate all kinds of information-stealing malware.

Ransomware 326

Ransomware Internet Internet Phishing 326

eSecurity Planet

MAY 11, 2025

Technical support consultant using programming to upgrade artificial intelligence simulation model As AI tools boom in popularity, cyberthieves are exploiting the excitement with fake AI video editing platforms that lure users into downloading malware. It steals browser passwords, cookies, and crypto wallet data.

Malware 103

Malware Scams Media Artificial Intelligence 103

SecureList

SEPTEMBER 27, 2023

Unlike phishing links that are easy to check and block, QR code is a headache for security solutions. Malevolent uses of QR codes in email Fraudsters use QR codes to encode links to phishing and scam pages. Unlike the first one, these were after the logins and passwords of corporate users of Microsoft products.

Phishing 137

Phishing Passwords Accountability Scams 137

Malwarebytes

NOVEMBER 2, 2023

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started. Encryption.

Passwords 143

Passwords Password Management Data breaches Authentication 143

Malwarebytes

SEPTEMBER 13, 2023

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open.

Phishing 144

Phishing Accountability Passwords Password Management 144

Malwarebytes

MARCH 17, 2025

Once users click on the websites, which appear legitimate, theyre tricked into downloading malware or handing over sensitive information to scammers. If enough victims unwittingly send their passwords, cyber thieves could bundle the login credentials for sale on the dark web. Use a password manager and 2FA. Consider a VPN.

VPN 106

VPN Passwords Scams Backups 106