SecureList

APRIL 21, 2025

With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. However, attackers are exploiting this by embedding scripts with links to phishing pages within the image file. Sample SVG file with embedded HTML code.

Phishing 96

Phishing Software 96

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing 325

Phishing Scams Malware Passwords 325

Krebs on Security

AUGUST 18, 2022

Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer. ” A copy of the phishing message included in the PayPal.com invoice. .” com to download a remote administration tool.

Scams 340

Scams Phishing Accountability Software 340

Schneier on Security

SEPTEMBER 1, 2022

Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and install a remote-access tool. Basically, the scammers use the PayPal invoicing system to send the email.

Scams 298

Scams Phishing 298

Malwarebytes

JANUARY 17, 2025

Once a relationship had been established, the target would receive a phishing link or a document that contained a phishing link. How to stay safe These spear phishing campaigns are highly targeted and youll probably never see an invite to this group. There are a few simple rules that will help you avoid this kind of phishing.

Phishing 141

Phishing Accountability Mobile Risk 141

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. How to avoid AI Gmail phishing Never click on links or download files from unexpected emails or messages. The FBI has also warned users to be cautious when receiving unsolicited emails or text messages.

Phishing 110

Phishing Artificial Intelligence Identity Theft Accountability 110

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

eSecurity Planet

OCTOBER 28, 2024

We’ll also look at increased phishing attacks, a couple of different Cisco flaws, and a Fortinet vulnerability that took some time to get its own CVE. The fix: Download the appropriate fixed version, based on your existing version of vCenter Server, from Broadcom’s list of patched software. Broadcom also released patches for the 8.0

Phishing 102

Phishing Authentication Software VPN 102

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. ” The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website.”

Phishing 116

Phishing Scams Malware Authentication 116

Malwarebytes

APRIL 30, 2025

Your document is now ready for download: Please download the attachment and follow the provided instructions. There are several circumstances that make this campaign hard to detect: The cybercriminals send phishing emails from compromised WordPress sites, so the domains themselves appear legitimate and not malicious.

Computers and Electronics 144

Computers and Electronics Identity Theft Phishing Banking 144

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 295

Phishing Cybercrime Malware Advertising 295

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 241

Phishing Passwords Hacking Internet 241

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. For example, when he downloaded and tried to rename the file, the right arrow key on the keyboard moved his cursor to the left, and vice versa.

Phishing 245

Phishing Scams Computers and Electronics Software 245

Troy Hunt

NOVEMBER 18, 2019

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? banks will never do things that look like a phish? Isn't this what NAB was warning us about - "download of data"?

Banking 273

Banking Phishing Scams Accountability 273

Malwarebytes

NOVEMBER 1, 2024

The threat, dubbed “Phish ‘n Ships” by the researchers, reportedly infected more than 1,000 websites and built 121 fake web stores to trick consumers. Keep threats off your devices by downloading Malwarebytes today. Estimated losses are in the region of tens of millions of dollars over the past five years.

Phishing 126

Phishing Advertising Engineering Risk 126

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Armageddon , Primitive Bear , ACTINIUM , Callisto ) targets Ukraine with a phishing campaign. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing 115

Phishing Antivirus Encryption Hacking 115

The Hacker News

MAY 12, 2025

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.

Artificial Intelligence 122

Artificial Intelligence Malware Advertising Media 122

Krebs on Security

MAY 14, 2025

Kev Breen , senior director of threat research at Immersive Labs , said privilege escalation bugs assume an attacker already has initial access to a compromised host, typically through a phishing attack or by using stolen credentials. “Even if you don’t check for updates, Windows 11 24H2 will automatically download at some point.”

Artificial Intelligence 188

Artificial Intelligence Internet Internet Engineering 188

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. The phishing messages include links or attachments that direct users to fake Booking.com pages.

Phishing 65

Phishing Malware Social Engineering Authentication 65

Malwarebytes

APRIL 3, 2025

Recently weve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. DocuSign , Adobe), which increases the perceived legitimacy of the phish.

Phishing 142

Phishing Banking Mobile Accountability 142

Thales Cloud Protection & Licensing

MAY 7, 2025

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 - 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error.

Phishing 62

Phishing Authentication Passwords Social Engineering 62

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Figure 12: The actual phishing page that follows Finally, all the data is combined with the username and password and sent to the remote server via a POST request.

Advertising 135

Advertising Accountability Phishing Scams 135

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). com (phishing) convertitoremp3[.]it com (Phishing) convertix-api[.]xyz

Malware 140

Malware Adware Education Phishing 140

Security Affairs

MAY 5, 2025

The attack chain commences via phishing messages, fake browser updates, and invoice lures through Italys PEC email system. In early 2025, Recorded Future researchers observed a phishing campaign targeting the U.S. MintsLoader is used by several threat groups, notably TAG-124. ” reads the report published by Recorded Future.

Malware 129

Malware Phishing Threat Reports Encryption 129

Security Affairs

APRIL 21, 2025

Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER.

Malware 108

Malware Phishing Encryption Hacking 108

Malwarebytes

OCTOBER 31, 2024

Last time FakeCall reared its head, BleepingComputer reported that the malware was being distributed as fake banking apps that impersonate large financial institutions, as well as being distributed in phishing emails. The cybercriminals may, for example, offer a loan with a low interest rate and ask the target to call if they’re interested.

Banking 145

Banking Malware Phishing Risk 145

eSecurity Planet

MARCH 28, 2025

A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apples iMessage and Androids Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success. Automated mobile farms that deploy phishing messages at scale.

Phishing 57

Phishing Scams Cybercrime Retail 57

SecureList

JULY 11, 2024

Introduction Bulk phishing email campaigns tend to target large audiences. Yet, certain elements of spear phishing recently started to be used in regular mass phishing campaigns. Spear phishing vs. mass phishing Spear phishing is a type of attack that targets a specific individual or small group.

Phishing 131

Phishing Technology DNS Education 131

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server. sys driver.

Malware 133

Malware Encryption Phishing Hacking 133

Security Affairs

OCTOBER 22, 2024

The malware is distributed through phishing messages using a malicious attachment or a link to the malicious archive containing Bumblebee. The Bumblebee infection detected by Netskope likely begins with a phishing email containing a ZIP file with an LNK file named “Report-41952.lnk” lnk” that, once executed, starts the attack chain.

Malware 127

Malware Phishing Ransomware Hacking 127

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. Clicking the “Download PDF” button leads to a zip payload from MediaFire.

Banking 92

Banking Phishing Malware Passwords 92

Security Affairs

FEBRUARY 12, 2025

The threat actor impersonates a South Korean government official to build trust with the target before sending a spear-phishing email with a bait PDF attachment. Upon running the code as an administrator, it downloads and installs a browser-based remote desktop tool and downloads a certificate file with a hardcoded PIN from a remote server.

Phishing 92

Phishing Malware Security Intelligence Hacking 92

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. exe”), and executes script.a3x using AutoIt3.exe.

Phishing 144

Phishing DNS Social Engineering Engineering 144

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government 140

Government Phishing Malware Banking 140

The Hacker News

APRIL 8, 2024

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said.

Phishing 141

Phishing 141

The Hacker News

OCTOBER 22, 2024

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Tracked under the names BlackWidow, IceNova, Lotus,

Phishing 133

Phishing Malware 133

SecureWorld News

DECEMBER 17, 2024

Simultaneously, a phishing campaign tricked targets into installing a fake kernel update. By downloading and running this code, victims essentially infected themselves." Phishing Campaigns : Victims received emails urging them to install a fake kernel upgrade disguised as a CPU microcode update.

Phishing 109

Phishing Threat Detection Social Engineering Cybercrime 109