Tech Republic Security

FEBRUARY 27, 2025

Trends in cybersecurity across 2024 showed less malware and phishing, though more social engineering. CrowdStrike offers tips on securing your business.

Social Engineering 200

Social Engineering Engineering Phishing Malware 200

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. The phishing messages include links or attachments that direct users to fake Booking.com pages.

Phishing 62

Phishing Malware Social Engineering Authentication 62

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged. dot-gov emails get hacked. ”

Hacking 294

Hacking Accountability Government Social Engineering 294

Penetration Testing

MAY 29, 2025

Trellix’s Advanced Research Center has uncovered a highly targeted and stealthy spear-phishing campaign aimed at finance executives across The post Spear-Phishing Alert: NetBird RAT Spreads via Deceptive Job Lures appeared first on Daily CyberSecurity.

Phishing 114

Phishing Cybersecurity Social Engineering Engineering 114

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The development marks a significant escalation in COLDRIVER's cyber espionage activities, which have traditionally focused on credential phishing.

Malware 86

Malware Social Engineering Engineering Government 86

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 82

Phishing Mobile Social Engineering Data breaches 82

Penetration Testing

DECEMBER 10, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a security advisory (CERT-UA#12414) detailing a sophisticated phishing campaign targeting organizations within Ukraine’s defense industrial base.

Social Engineering 108

Social Engineering Engineering Phishing Cybersecurity 108

Penetration Testing

MAY 26, 2025

A deceptively crafted fake Google Meet page has surfaced on compromised WordPress sites, tricking unsuspecting visitors into manually The post Fake Google Meet Page Tricks Users into Running Malware appeared first on Daily CyberSecurity.

Malware 115

Malware Cybersecurity Social Engineering Engineering 115

Security Affairs

OCTOBER 11, 2024

Observed ChatGPT behavior mainly involved reconnaissance, threat actors used the OpenAI’s platform to seek info on companies, services, and vulnerabilities, similar to search engine queries. The group used the chatbot to receive support in Android malware development and to create a scraper for the social media platform Instagram.

Malware 138

Malware Social Engineering Engineering Hacking 138

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Legacy IAM systems cant keep up as AI-powered phishing and deepfakes grow more sophisticated. The drivers are intensifying.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” reads the report published by Google.

Malware 118

Malware Government Encryption Hacking 118

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 80

Malware Cryptocurrency Encryption Phishing 80

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. FBI warns Silent Ransom Group has targeted U.S. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. ” concludes the report.

Social Engineering 114

Social Engineering Antivirus Phishing Engineering 114

Trend Micro

JUNE 8, 2023

We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities.

Engineering 144

Engineering Malware Cyber threats Phishing 144

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 332

Hacking Social Engineering Phishing Scams 332

Security Affairs

DECEMBER 1, 2024

From generating deepfakes to enhancing phishing campaigns, GAI is evolving into a tool for large-scale cyber offenses GAI has captured the attention of researchers and investors for its transformative potential across industries. The automation of malware development is another worrying trend, as it lowers the barrier to entry for cybercrime.

Artificial Intelligence 135

Artificial Intelligence Phishing Media Cybercrime 135

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Figure 12: The actual phishing page that follows Finally, all the data is combined with the username and password and sent to the remote server via a POST request.

Advertising 134

Advertising Accountability Phishing Scams 134

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 118

Encryption Password Management Cryptocurrency Social Engineering 118

Penetration Testing

JUNE 18, 2025

Elastic uncovers a sophisticated ClickFix campaign deploying the GHOSTPULSE loader to deliver ARECHCLIENT2 malware, leveraging social engineering for credential theft and remote access.

Social Engineering 62

Social Engineering Malware Engineering Phishing 62

Malwarebytes

APRIL 30, 2025

There are several circumstances that make this campaign hard to detect: The cybercriminals send phishing emails from compromised WordPress sites, so the domains themselves appear legitimate and not malicious. Use an up-to-date and active anti-malware solution. This makes ScreenConnect a dangerous tool in the hands of cybercriminals.

Computers and Electronics 144

Computers and Electronics Identity Theft Phishing Banking 144

Penetration Testing

MARCH 15, 2025

A sophisticated phishing campaign impersonating Booking.com is targeting organizations in the hospitality industry, using a novel social engineering The post Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware appeared first on Cybersecurity News.

Phishing 44

Phishing Malware Social Engineering Engineering 44

Security Boulevard

JUNE 17, 2025

One of the most effective—and dangerous—threats school districts face today doesn’t start with malware. It’s called social engineering, and it’s now one of the most. The post What Is Social Engineering? The post What Is Social Engineering? It starts with a carefully timed and crafted message.

Social Engineering 59

Social Engineering Engineering Firewall Malware 59

SecureWorld News

JANUARY 7, 2025

Their themes touch on phishing, man-in-the middle attacks, cryptography and decryption, incident response, and more. Lured by the Sweet: Avoiding the Phishing Trap Similar to Hansel and Gretel, who were tempted by a candy-coated trap, phishing attacks entice victims with seemingly irresistible offers or legitimate-looking emails and websites.

Cybersecurity 113

Cybersecurity Social Engineering Phishing Engineering 113

Malwarebytes

FEBRUARY 4, 2025

This warning comes from our 2025 State of Malware report, which compiled a years worth of intelligence to identify the most pressing cyberattacks on the horizon. You can find the full 2025 State of Malware report here. And if the model works for individuals, theres little reason it wouldnt work for individual business owners.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

eSecurity Planet

APRIL 21, 2025

A Russian state-linked hacking group is ramping up its cyberattacks against diplomatic targets across Europe, using a new stealthy malware tool known as GrapeLoader to deliver malicious payloads through cleverly disguised phishing emails. The phishing emails come with a tempting subject: wine tasting.

Scams 57

Scams Phishing Social Engineering Malware 57

SecureList

MARCH 25, 2025

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. Generic Trojan.Win64.Agent

Malware 140

Malware Technology Education Media 140

Digital Shadows

NOVEMBER 12, 2024

Top MITRE Technique: Spearphishing The construction sector is no stranger to phishing attacks, which topped the list of initial access techniques between October 1, 2023, and September 30, 2024. Phishing is favored by threat actors for its simplicity and effectiveness.

Ransomware 111

Ransomware Phishing Cyber threats Malware 111

The Last Watchdog

JULY 27, 2023

In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of Business Email Compromise (BEC) attacks along with a 41% surge in phishing attacks from H2 2022 to H1 2023.

Phishing 186

Phishing Social Engineering Engineering Media 186

The Last Watchdog

FEBRUARY 4, 2025

These sprawling identities, exposed through breaches, infostealer infections, and phishing attacks, create shadow data that traditional tools simply cant address. SpyCloud , a leading identity threat protection company, announced key innovations in its portfolio, pioneering the shift to holistic identity threat protection.

Cybercrime 124

Cybercrime Phishing Accountability Malware 124

Penetration Testing

MAY 7, 2025

Hunt.io, a threat hunting platform, has revealed a sophisticated phishing campaign using ClickFix-style tactics and spoofed Indian government The post APT36 Suspected in India Gov Spoofing Phishing with ClickFix Tactics appeared first on Daily CyberSecurity.

Phishing 83

Phishing Government Cybersecurity Social Engineering 83

eSecurity Planet

MARCH 3, 2025

Notably, 79% of detections were malware-free a reminder that modern adversaries often bypass traditional antivirus defenses by leveraging innovative, non-malware techniques. The report details how threat actors harness automation, artificial intelligence, and advanced social engineering to scale their operations.

Threat Reports 106

Threat Reports Cybercrime Artificial Intelligence Social Engineering 106

The Last Watchdog

NOVEMBER 11, 2024

For example, AR-based training programs can simulate a phishing attack, allowing users to learn detection methods and experience the process of neutralizing the threat. It could also help users identify various cybersecurity attacks, whether they are types of spoofing , phishing, social engineering, or malware.

Cybersecurity 130

Cybersecurity Social Engineering Technology Threat Detection 130

SecureWorld News

JUNE 9, 2025

When vendors gain network access for ticketing, baggage handling, or route planning, they can inadvertently introduce malware or provide a foothold for threat actors. Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing.

Cybersecurity 117

Cybersecurity Social Engineering Computers and Electronics Risk 117

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023. million detections compared to 5.84

Phishing 77

Phishing Banking Scams Mobile 77

SecureWorld News

DECEMBER 17, 2024

This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. Simultaneously, a phishing campaign tricked targets into installing a fake kernel update. These trojanized repos looked legitimate, often appearing in trusted threat intelligence feeds.

Phishing 109

Phishing Threat Detection Social Engineering Cybercrime 109

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing 108

Phishing Authentication Engineering Banking 108

SecureWorld News

APRIL 22, 2025

Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages. Once control is granted, the attacker can secretly install malware, including infostealers and remote access trojans (RATs), onto the victim's machine.

Cryptocurrency 90

Cryptocurrency Social Engineering Cybercrime Engineering 90