eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. The phishing messages include links or attachments that direct users to fake Booking.com pages.

Phishing 59

Phishing Malware Social Engineering Authentication 59

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams 123

Scams Malware Phishing Social Engineering 123

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. These workarounds, it should go without saying, present a security risk. So, whats the alternative? Why Use Passkeys?

Phishing 62

Phishing Passwords Password Management Authentication 62

Krebs on Security

MAY 14, 2025

Tracked as CVE-2025-32701 & CVE-2025-32706 , these flaws are present in all supported versions of Windows 10 and 11, as well as their server versions. Microsoft appears to have made some efforts to prevent Recall from scooping up sensitive financial information, but privacy and security concerns still linger.

Artificial Intelligence 212

Artificial Intelligence Internet Internet Phishing 212

IT Security Guru

APRIL 25, 2025

Phishing is a great example of this, with it evolving from simple email scams to more malicious and carefully thought-out attacks. As more people shift to online financial platforms or cryptocurrencies, digital wallets have become a common target for phishing scams.

Scams 44

Scams Phishing Cryptocurrency Cyber threats 44

Malwarebytes

APRIL 30, 2025

Because ScreenConnect provides full remote control capabilities, an unauthorized user with access can operate your computer as if they were physically present. If you suspect an email isnt legitimate, take a name or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods.

Computers and Electronics 143

Computers and Electronics Identity Theft Phishing Banking 143

SecureWorld News

MARCH 20, 2025

March Madness is here, and while fans are busy filling out brackets and making last-minute bets, cybercriminals are running their own full-court presstargeting unsuspecting fans with phishing scams, fake betting apps, and credential-harvesting schemes. This scenario follows the common phishing tactics: strike at personal interest.

Scams 95

Scams Social Engineering Phishing Mobile 95

Graham Cluley

JUNE 5, 2025

ⓘ MailerLite warns of phishing campaign Graham Cluley @ 4:13 pm, June 5, 2025 @grahamcluley.com @ [email protected] The team at MailerLite have contacted their customers warning them about a phishing campaign that is trying to steal login details. Sync across unlimited devices. Integrated 2FA. Found this article interesting?

Phishing 59

Phishing Accountability Passwords Hacking 59

SecureList

JUNE 11, 2025

The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. Phishing lure The infection was launched from a phishing site, located at https[:]//deepseek-platform[.]com. com Main phishing site r1deepseek-ai[.]com The website was promoted in the search results via Google Ads.

Malware 96

Malware Phishing Encryption Engineering 96

SecureWorld News

APRIL 22, 2025

Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages. Once the victim accepts the invitation, the attackers ask for remote control access to the individual's computer under the guise of technical support or presentation assistance.

Cryptocurrency 100

Cryptocurrency Social Engineering Cybercrime Engineering 100

The Last Watchdog

MARCH 19, 2025

Attackers now have access to extensive identity data from multiple sourcesincluding data breaches, infostealer malware infections, phishing campaigns, and combolistsposing a challenge for organizations whose security measures have not yet adapted to address the full scope of interconnected identity exposures holistically.

Cyber Risk 113

Cyber Risk Risk Phishing Cybercrime 113

The Last Watchdog

FEBRUARY 4, 2025

These sprawling identities, exposed through breaches, infostealer infections, and phishing attacks, create shadow data that traditional tools simply cant address. SpyClouds data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings.

Cybercrime 124

Cybercrime Phishing Accountability Malware 124

SecureWorld News

FEBRUARY 17, 2025

From its early days, where security was an afterthought to business operations, to the present, where it has become a board-level discussion, governance has had to adapt to an ever-evolving digital landscape. AI-enabled threats: Attackers are using AI to automate phishing, generate deepfakes, and bypass traditional security measures.

Government 97

Government Cybersecurity CISO Risk 97

SecureWorld News

FEBRUARY 10, 2025

Most of these are long-standing stratagems, but as they evolve in lockstep with technological advancements, it's worth scrutinizing them through the lens of the present-day IT landscape. Security teams need an in-depth understanding of specific threats that are likely to impact the networks they're defending.

DDOS 74

DDOS Ransomware Authentication Phishing 74

Malwarebytes

APRIL 16, 2025

Scammers do this to bypass phishing filters. What to do when you receive an email like this First of all, even if its only to reassure yourself, scan your computer with an anti-malware solution that can detect and remove njRAT (if present). The actual message often arrives as an image or a pdf attachment.

Accountability 119

Accountability Scams Passwords Phishing 119

The Last Watchdog

APRIL 22, 2025

The rise of deepfake phishing, as highlighted by the Ponemon Institute, presents a clear and present danger to executives and their companies, exploiting personal vulnerabilities for financial and reputational gain. Educate and train: Empower executives and their families to make informed decisions about online activities.

Authentication 100

Authentication Social Engineering Technology Media 100

SecureWorld News

APRIL 15, 2025

Empower privileged users (including non-technical ones) with training on secure behaviors, phishing resilience, and data handling. The report's findings present a sobering reminder: access is the new perimeter. Monitoring isn't optional when privileged users can become insider threatsintentionally or accidentally.

Risk 83

Risk CISO Architecture Data breaches 83

Hacker's King

DECEMBER 21, 2024

Phishing Simulations : AI-crafted phishing emails can be used to train employees and improve organizational awareness. Simulating Cyberattacks A proactive cybersecurity strategy often involves stress-testing defenses, and generative AI plays a critical role in this process. Develop sophisticated malware.

Cybersecurity 52

Cybersecurity Threat Detection Cyber threats Artificial Intelligence 52

IT Security Guru

NOVEMBER 1, 2024

Phishing and Social Engineering: These tactics manipulate individuals to disclose sensitive information. Economic Espionage and Intellectual Property Theft As economies become increasingly knowledge-driven, economic espionage and intellectual property (IP) theft present growing threats to national security.

Technology 109

Technology Cyber Attacks Government Risk 109

SecureList

FEBRUARY 20, 2025

The annual MDR analyst report presents insights based on the analysis of incidents detected by Kaspersky’s SOC team. User Execution and Phishing remain top threats. User Execution and Phishing techniques ranked again in the top three threats, with nearly 5% of high-severity incidents involving successful social engineering.

Phishing 100

Phishing Social Engineering Government Threat Detection 100

eSecurity Planet

MARCH 17, 2025

Attack vectors and techniques Medusa actors leverage common ransomware tactics, including phishing campaigns and exploiting unpatched software vulnerabilities. Recommendations for organizations The Medusa ransomware presents a significant and evolving threat to critical infrastructure sectors.

Ransomware 68

Ransomware Backups Firmware Insurance 68

Malwarebytes

MARCH 20, 2025

With 40% of Fortune 500 companies and 117,000 paying customers relying on Semrush, the platform presents a highly attractive target for online criminals. Google Ads crew pivots Back in January, we documented a large phishing campaign targeting Google accounts via Google Ads using a very specific technique that abused Google Sites.

Scams 68

Scams Accountability Phishing Advertising 68

Security Boulevard

FEBRUARY 17, 2025

Authors/Presenters: Melvin Langvik Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Permalink The post DEF CON 32 – Evading Modern Defenses When Phishing With Pixels appeared first on Security Boulevard.

Phishing 52

Phishing Education Cybersecurity 52

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Phishing and Fraud Bad actors can defraud customers out of their money, financial details, and other sensitive data by using deception and social engineering. By using AI to compose phishing messages, bad actors can avoid many of the telltale signs that indicate a scam, such as spelling and grammar errors and awkward phrasing.

Retail 71

Retail Cyber Risk Risk DDOS 71

Security Boulevard

JANUARY 20, 2025

Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Phishing and Scams Covers popular phishing schemes affecting end users - smishing, vishing, and any new scam/phish.

Surveillance 97

Surveillance Malware Data breaches Scams 97

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 72

Phishing Banking Scams Mobile 72

SecureList

JANUARY 30, 2025

Once the user grants the required permission, they are presented with a custom dialog prompting them to enter their phone number. The attackers employ phishing techniques to spread the APK, allowing them to spy on victims’ personal messages and emails.

Accountability 94

Accountability Malware Banking Phishing 94

The Last Watchdog

JANUARY 30, 2025

Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly and Loom, desensitizing users from granting these permissions.

Social Engineering 130

Social Engineering Authentication Engineering Accountability 130

IT Security Guru

MARCH 13, 2025

Phishing attacks are a known threat, where someone might trick you into giving away personal details or private keys. Because these storage methods arent plugged into the internet all the time, they present a far smaller target for hackers. Another consideration is how these hot solutions store your credentials.

Cryptocurrency 62

Cryptocurrency Internet Internet Risk 62

Security Affairs

JULY 7, 2025

Since March 2025, a targeted phishing campaign against Russian organizations has used fake contract-themed emails to spread the Batavia spyware, a new malware designed to steal internal documents. images, emails, presentations, archives) and exfiltrating them to a C2 server using an updated infection ID ( 2hc1-. ).

Spyware 92

Spyware Malware Phishing Encryption 92

SecureWorld News

JULY 17, 2025

Voice-cloned phone scams: Rather than crude phishing emails, scammers use AI voice synthesis to call bankers or customers while mimicking a trusted person's voice. Augmented phishing and social media impersonation: Even text-based scams have become more convincing with AI.

Banking 110

Banking Scams Social Engineering Financial Services 110

Security Affairs

JULY 7, 2025

Since March 2025, a targeted phishing campaign against Russian organizations has used fake contract-themed emails to spread the Batavia spyware, a new malware designed to steal internal documents. images, emails, presentations, archives) and exfiltrating them to a C2 server using an updated infection ID ( 2hc1-. ).

Spyware 79

Spyware Malware Phishing Encryption 79

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. The steps performed by the script are most likely needed to check if the backdoor is present and installed correctly. See below for the infection pattern.

Encryption 128

Encryption Penetration Testing Malware Phishing 128

Security Affairs

DECEMBER 6, 2024

. “Earlier this year, we revisited this review of online technologies on the Patient Portal, this time examining the use of these technologies during the period from January 2015 to present. Atrium Health recently disclosed another incident , in April attackers accessed employee email accounts via phishing attacks.

Data breaches 114

Data breaches Identity Theft Accountability Healthcare 114

eSecurity Planet

JUNE 30, 2025

Key Features Real-time antivirus and anti-ransomware protection Secure VPN for encrypted internet access Intelligent firewall and phishing protection Password manager and sensitive file encryption PC Matic Remote benefit: Great for security-conscious SMBs or industries with strict compliance needs. 5 Advanced features 3.8/5 5 Cost 3.3/5

Password Management 62

Password Management Encryption VPN Antivirus 62

Security Boulevard

APRIL 24, 2025

Authors/Presenters: Arun Vishwanath, Fred Heiding, Simon Lermen Our sincere appreciation to BSidesLV , and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Permalink The post BSidesLV24 – Ground Truth – Devising And Detecting Spear Phishing appeared first on Security Boulevard.

Phishing 52

Phishing Education Cybersecurity 52

Jane Frankland

JULY 1, 2025

The leadership team was reluctant to engage directly with employees beyond mandatory phishing tests. Practice presenting technical problems and solutions in ways business leaders understand. But after a major third-party incident exposed gaps in supplier security, it became clear the strategy was too narrow.

Cybersecurity 130

Cybersecurity Risk Cloud Migration CISO 130