Phishing and Surveillance - Cyber Security Informer

Synthetic Sabotage: How AI Tools Are Fueling Tailored Phishing Campaigns at Scale

SecureWorld News

APRIL 28, 2025

The phishing game has evolved into synthetic sabotage a hybrid form of social engineering powered by AI that can personalize, localize, and scale attacks with unnerving precision. The quiet revolution of phishing-as-a-service (PhaaS) If you haven't noticed by now, phishing has gone SaaS. For phishing, this is a gold mine.

Phishing

Phishing Social Engineering Engineering Data breaches

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Legacy IAM systems cant keep up as AI-powered phishing and deepfakes grow more sophisticated. The drivers are intensifying.

Cyber threats

Cyber threats CISO IoT Phishing

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source

Security Affairs

JUNE 7, 2025

Over 4 billion user records were found exposed online in a massive breach, possibly linked to the surveillance of Chinese citizens. ” They suggest the scale and variety of the information point to a centralized system, possibly used for surveillance, profiling, or enriching existing data. ” reads the post.

Surveillance

Surveillance Banking Phishing Hacking

Happy 15th Anniversary, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2024

A surveillance photo of Connor Riley Moucka, a.k.a. Look for a story here in early 2025 that will explore the internal operations of these ruthless and ephemeral voice phishing gangs. “Judische” and “Waifu,” dated Oct 21, 2024, 9 days before Moucka’s arrest.

Scams

Scams Cybercrime Cryptocurrency Social Engineering

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Security Affairs

JUNE 27, 2025

Iran-linked APT42 targets Israeli experts with phishing attacks, posing as security professionals to steal email credentials and 2FA codes. Credentials entered on these phishing pages are sent to the attackers, enabling them to intercept both passwords and 2FA codes and gain unauthorized access to the victims’ accounts.”

Phishing

Phishing Education Social Engineering Surveillance

Privacy Roundup: Week 3 of Year 2025

Security Boulevard

JANUARY 20, 2025

Inside the Black Box of Predictive Travel Surveillance Wired Covers the use of powerful surveillance technology in predicting who might be a "threat." Phishing and Scams Covers popular phishing schemes affecting end users - smishing, vishing, and any new scam/phish.

Surveillance

Surveillance Malware Data breaches Scams

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

Russian intelligence agencies could use these exploits for surveillance and espionage purposes. Strategic Cyber Warfare In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants.

Government

Government Surveillance Hacking Mobile

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

SecureWorld News

FEBRUARY 17, 2025

AI-enabled threats: Attackers are using AI to automate phishing, generate deepfakes, and bypass traditional security measures. Privacy and ethics: Balancing employee monitoring with privacy rights in an era of increasing workplace surveillance. Where is cybersecurity governance going? Below are key trends shaping the future.

Government

Government Cybersecurity CISO Risk

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

Organizations should adopt secure password storage, phishing-resistant MFA, session token limits, and Role-Based Access Control (RBAC). The Salt Typhoon group targeted surveillance systems used by the US government to investigate crimes and threats to national security, including activities carried out by nation-state actors.

Telecommunications

Telecommunications Government Mobile Cyber threats

The U.S. House banned WhatsApp on government devices due to security concerns

Security Affairs

JUNE 24, 2025

The CAO approved Microsoft Teams, Wickr, Signal, iMessage, and FaceTime as WhatsApp alternatives and warned staff to avoid phishing and unknown texts. The Meta-owned company linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Government

Government Spyware Encryption Mobile

The Role and Benefits of AI in Cybersecurity

SecureWorld News

APRIL 13, 2025

These platforms can automatically recognize and classify threatening behavior such as suspicious network activity, phishing attacks, and transmission of malware. Here's an example that shows how Google performs phishing detection. In addition to these digital measures, robust physical security policies and measures are also crucial.

Cybersecurity

Cybersecurity Artificial Intelligence Threat Detection Cyber threats

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories.

Surveillance

Surveillance Telecommunications Spyware Data breaches

The Seabed: A New Digital Frontier to Protect from Threats

SecureWorld News

JULY 22, 2025

This integrates AUVs, USVs, ROVs with aerial drones, aircraft, and satellite data, forming a "seabed to space" surveillance capability. for example, has launched the RFA Proteus, a Multi-Role Ocean Surveillance Ship designed to repair cables and act as a mothership for UUVs. Dedicated Vessels: The U.K.,

Surveillance

Surveillance Artificial Intelligence Technology Digital transformation

How Ransomware Gangs Weaponize Employee Burnout to Breach Corporate Defenses

SecureWorld News

MAY 5, 2025

Phishing emails get through because people stop reading carefully. They're timing their phishing campaigns around stressful company periods: fiscal year ends, product launches, mergers, layoffs. They don't escalate strange logins, unexpected network activity, or gaps in video surveillance monitoring because fatigue clouds judgment.

Ransomware

Ransomware Firewall Encryption Phishing

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 19, 2025

CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog Inexperienced actors developed the FunkSec ransomware using AI tools Credit Card Skimmer campaign targets WordPress via database injection Microsoft took legal action against crooks who developed a tool to abuse its AI-based services Pro-Russia hackers (..)

Spyware

Spyware DNS Data breaches Firewall

Privacy Roundup: Week 13 of Year 2025

Security Boulevard

MARCH 31, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Private search engines generally avoid connecting users to their searches.

VPN

VPN Surveillance Malware Data breaches

APT trends report Q3 2024

SecureList

NOVEMBER 28, 2024

Based on limited telemetry, we believe with medium to low confidence that some of the initial infections were spear-phishing emails. In this most recent campaign, the actor uses spear-phishing emails, embedding a JavaScript loader as the initial infection vector.

Malware

Malware Government Software Spyware

From Stealer to Spy: AMOS Malware Evolves into Full-Fledged Backdoor Threat for macOS

Penetration Testing

JULY 9, 2025

A recent update embeds a persistent backdoor, turning what was once a hit-and-run data thief into a long-term intruder capable of remote command execution, system surveillance, and re-infection. Originally known for its data exfiltration from browser extensions and cold wallets, AMOS now goes beyond theft.

Malware

Malware Surveillance Penetration Testing InfoSec

Privacy Roundup: Week 7 of Year 2025

Security Boulevard

FEBRUARY 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories. Tips for finding old accounts.

Surveillance

Surveillance Data breaches VPN Malware

Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 27, 2024

CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812 Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment Internet Archive was breached twice in a month Unknown threat actors exploit Roundcube Webmail flaw (..)

Data breaches

Data breaches Healthcare Cybercrime Hacking

A week in security (February 24 – March 2)

Malwarebytes

MARCH 3, 2025

Last week on Malwarebytes Labs: Millions of stalkerware users exposed again PayPals “no-code checkout” abused by scammers Countries and companies are fighting at the expense of our data privacy Roblox called “real-life nightmare for children” as Roblox and Discord sued Android happy to check your nudes before you forward them (..)

Surveillance

Surveillance Data privacy Data breaches Ransomware

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

Sources familiar with the investigation told KrebsOnSecurity that Binns was so paranoid about possible surveillance on him by American and Turkish intelligence agencies that his erratic behavior and online communications actually brought about the very government snooping that he feared. banks, ISPs, and mobile phone providers.

Cybercrime

Cybercrime Mobile Telecommunications Hacking

Key Cybersecurity Trends for 2025. My Predictions

Jane Frankland

JANUARY 12, 2025

Sophisticated social engineering tactics, phishing campaigns, or financial incentives make it easier for cybercriminals to use insiders as tools for gaining access and maintaining their foothold in systems rather than hacking in. Cyber threats often exploit human errors, whether through phishing attacks, weak passwords, or lapses in protocol.

Cybersecurity

Cybersecurity CISO Insurance IoT

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 9, 2025

US Justice Department says cybercrime forum allegedly affected 17 million Americans Cybercrime is increasingly complex.

Spyware

Spyware Cybercrime Scams Social Engineering

Privacy Roundup: Week 11 of Year 2025

Security Boulevard

MARCH 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories.

Surveillance

Surveillance Data breaches Spyware Malware

Dark Web Monitoring And Why Your EASM Strategy Depends On It

NetSpi Executives

JULY 7, 2025

They focus on securing customer data and intellectual property, conducting phishing awareness training, implementing multi-factor authentication, and ensuring proper password rotation policies. Most security professionals dedicate their efforts to protecting what they can see and control within their organization’s perimeter.

Social Engineering

Social Engineering Surveillance Identity Theft Risk

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Zero Day

JUNE 22, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. The attacker may conduct surveillance first, mapping a network to find the most valuable resources or to discover potential pathways to jump into other systems.

Passwords

Passwords Data breaches Password Management Identity Theft

Getting the Most Value Out of the OSCP: The Exam

Security Boulevard

APRIL 22, 2025

Your screen is shared throughout the exam, youre under near-continuous video surveillance, and you must perform a 360-degree scan of your workspace to confirm that no unauthorized devices or individuals are present. On a final note, its important to acknowledge that OffSec exams involve a high degree of monitoring.

Penetration Testing

Penetration Testing Engineering Risk Social Engineering

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Security Affairs

MARCH 11, 2025

Hackers deploy various techniques, such as man-in-the-middle attacks, ransomware, phishing schemes, and supply chain compromises, to intercept, manipulate, or steal sensitive data.

Cybersecurity

Cybersecurity Encryption Artificial Intelligence Technology

12 Critical SOC 2 Controls to Support Compliance

Centraleyes

MARCH 10, 2025

Security Awareness Training Security awareness training educates employees on recognizing and preventing threats like phishing and ransomware. To implement this, organizations can conduct annual training sessions, use gamified platforms like KnowBe4, and simulate phishing attacks to measure employee response.

Backups

Backups Encryption Risk Authentication

Protect Your Privacy: Best Secure Messaging Apps in 2025

eSecurity Planet

JUNE 25, 2025

EXTRA SAFE E2EE, no data retention, blockchain tech, no registration, browser-based ephemeral chats Web (native apps in development) No data available Messenger E2EE, AI assistant, spam/phishing detection Android, iOS, Web, Windows, macOS Over 1.04 Briar Briar is built for when traditional networks fail, or surveillance is everywhere.

Encryption

Encryption Data collection Backups Accountability

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 24, 2024

A cyberattack on gambling giant IGT disrupted portions of its IT systems China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane Microsoft seized 240 sites used by the ONNX phishing service U.S.

Cybercrime

Cybercrime Hacking Artificial Intelligence Ransomware

How Real Is the Threat of Adversarial AI to Cybersecurity?

SecureWorld News

JUNE 18, 2025

Unlike "traditional" cyberattacks—like malware or phishing that target software bugs or network vulnerabilities—adversarial AI exploits the decision-making logic of AI models. Adversarial machine learning (AML) involves attacks on AI/ML systems , aiming to degrade their performance or make them behave incorrectly.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Healthcare

Protect Your Privacy: Best Secure Messaging Apps in 2025

eSecurity Planet

JUNE 25, 2025

EXTRA SAFE E2EE, no data retention, blockchain tech, no registration, browser-based ephemeral chats Web (native apps in development) No data available Messenger E2EE, AI assistant, spam/phishing detection Android, iOS, Web, Windows, macOS Over 1.04 Briar Briar is built for when traditional networks fail, or surveillance is everywhere.

Encryption

Encryption Data collection Backups Accountability

Hacker in Snowflake Extortions May Be a U.S. Soldier

Krebs on Security

NOVEMBER 26, 2024

A surveillance photo of Connor Riley Moucka, a.k.a. In a SIM-swap, fraudsters use credentials that are phished or stolen from mobile phone company employees to divert a target’s phone calls and text messages to a device they control.

DDOS

DDOS Cybercrime Accountability Government

Privacy Roundup: Week 9 of Year 2025

Security Boulevard

MARCH 3, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. The surveillance tech waiting for workers as they return to the office ArsTechnica RTO continues to pick up steam. In pursuit of "more productivity," some employers are leaning heavily into surveillance tech.

Surveillance

Surveillance Data breaches Firmware Encryption

A week in security (November 4 – November 10)

Malwarebytes

NOVEMBER 11, 2024

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected.

Small Business

Small Business Surveillance Scams VPN

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Zero Day

JUNE 20, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. The attacker may conduct surveillance first, mapping a network to find the most valuable resources or to discover potential pathways to jump into other systems.

Passwords

Passwords Data breaches Password Management Identity Theft

How New U.S. Legislation Changes Global Digital Sovereignty as We Know It

Thales Cloud Protection & Licensing

MAY 28, 2025

Foreign Intelligence Surveillance Act (FISA) 702 and Clarifying Lawful Overseas Use of Data (CLOUD) Act in detail FISA 702 FISA Section 702 now authorizes U.S. From the moment a user signs up, we verify their identity, then ensure secure and continuous access through phishing-resistant MFA and single sign-on (SSO). Why, you ask?

Authentication

Authentication Digital transformation Surveillance Software

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 2, 2025

from Bybit, it is the largest cryptocurrency heist ever International Press Newsletter Cybercrime Mining Company NioCorp Loses $500,000 in BEC Hack Inside Black Bastas Exposed Internal Chat Logs: A Firsthand Look The Bleeding Edge of Phishing: darcula-suite 3.0

Cybercrime

Cybercrime Hacking Cryptocurrency Ransomware

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 22, 2024

CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog ConnectOnCall data breach impacted over 900,000 individuals Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise (..)

Data breaches

Data breaches Cybercrime Spyware Firmware

RSAC Fireside Chat: Cyber risk mitigation turns personal–defending the CEO as an attack vector

The Last Watchdog

MAY 29, 2025

Were not just talking about phishing or credential theft. These include breached travel logs, exposed home records, and more.The goal is to surveil, profile, and target high-value individuals. For a full drill down, please give the accompanying podcast a listen. Todays adversaries are exploiting digital breadcrumbs.

Cyber Risk

Cyber Risk Risk Surveillance Cybercrime

LLMs and Phishing

Schneier on Security

APRIL 10, 2023

Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. There will also be a change in the sophistication of these attacks.

Phishing

Phishing Scams Surveillance Data collection

Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks

The Hacker News

MARCH 25, 2024

The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management (RMM) solution called Atera.

Phishing

Phishing Surveillance Manufacturing Technology

Synthetic Sabotage: How AI Tools Are Fueling Tailored Phishing Campaigns at Scale

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Trending Sources

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source

Happy 15th Anniversary, KrebsOnSecurity!

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Privacy Roundup: Week 3 of Year 2025

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

The U.S. House banned WhatsApp on government devices due to security concerns

The Role and Benefits of AI in Cybersecurity

Privacy Roundup: Week 12 of Year 2025

The Seabed: A New Digital Frontier to Protect from Threats

How Ransomware Gangs Weaponize Employee Burnout to Breach Corporate Defenses

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Privacy Roundup: Week 13 of Year 2025

APT trends report Q3 2024

From Stealer to Spy: AMOS Malware Evolves into Full-Fledged Backdoor Threat for macOS

Privacy Roundup: Week 7 of Year 2025

Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

A week in security (February 24 – March 2)

Canadian Man Arrested in Snowflake Data Extortions

Key Cybersecurity Trends for 2025. My Predictions

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

Privacy Roundup: Week 11 of Year 2025

Dark Web Monitoring And Why Your EASM Strategy Depends On It

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Getting the Most Value Out of the OSCP: The Exam

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

12 Critical SOC 2 Controls to Support Compliance

Protect Your Privacy: Best Secure Messaging Apps in 2025

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

How Real Is the Threat of Adversarial AI to Cybersecurity?

Protect Your Privacy: Best Secure Messaging Apps in 2025

Hacker in Snowflake Extortions May Be a U.S. Soldier

Privacy Roundup: Week 9 of Year 2025

A week in security (November 4 – November 10)

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

How New U.S. Legislation Changes Global Digital Sovereignty as We Know It

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

RSAC Fireside Chat: Cyber risk mitigation turns personal–defending the CEO as an attack vector

LLMs and Phishing

Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks

Stay Connected