VulnHub

Real-time Cybersecurity News

Mobile phishing is a bigger threat than email now - how to stay protected

Latest news
Actively Exploited
PhishingData Breach

Overview

According to Verizon's latest Data Breach Investigations Report (DBIR), mobile phishing is on the rise, surpassing email as the preferred method for cyber attackers. This shift is largely due to improved defenses against email phishing, prompting attackers to increasingly use texts and phone calls to trick users into revealing sensitive information. Businesses are encouraged to enhance their security measures, particularly by training employees to recognize these types of attacks and implementing stronger verification processes. This trend is concerning because mobile phishing can catch users off guard, making it easier for attackers to succeed. Companies need to act quickly to protect themselves and their customers from these evolving threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Mobile devices, SMS, voice calls
  • Action Required: Increase employee training on recognizing phishing attempts, implement multi-factor authentication, and strengthen verification processes for sensitive transactions.
  • Timeline: Recently disclosed

Original Article Summary

Verizon's latest DBIR shows attackers are turning to texts and calls as email defenses improve. Here's what businesses should do now.

Impact

Mobile devices, SMS, voice calls

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Recently disclosed

Remediation

Increase employee training on recognizing phishing attempts, implement multi-factor authentication, and strengthen verification processes for sensitive transactions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Data Breach.

Read Original Article

Related Coverage

Ukraine identifies infostealer operator tied to 28,000 stolen accounts

BleepingComputer

Ukrainian cyberpolice, in collaboration with U.S. law enforcement, have apprehended an 18-year-old man from Odesa who is believed to be behind an infostealer malware operation. This operation specifically targeted users of an online store based in California, resulting in the theft of approximately 28,000 accounts. The malware was designed to harvest sensitive information from victims, raising concerns about the security of online shopping platforms. This incident serves as a stark reminder of the ongoing risks associated with online transactions and the importance of robust cybersecurity measures for both users and businesses. Authorities are continuing to investigate the scope of the operation and its potential connections to other cybercrimes.

May 20, 2026

Hackers bypass SonicWall VPN MFA due to incomplete patching

BleepingComputer

Hackers have successfully bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances, allowing them to gain unauthorized access to networks. They achieved this by brute-forcing VPN credentials, which enabled them to deploy tools commonly used in ransomware attacks. This incident poses a serious risk for organizations relying on SonicWall's VPN technology, as it undermines the security measures intended to protect sensitive data. Companies using these appliances should be vigilant and consider strengthening their security protocols. The exploitation of this vulnerability emphasizes the need for timely patching and updates to prevent similar attacks in the future.

May 20, 2026

How AI can trick you into making fake payments - 5 red flags

Latest news

Recent research from Visa has identified AI-driven scams as the fastest growing form of consumer fraud. These scams often involve sophisticated tactics that can trick individuals into making fake payments. Consumers need to be vigilant and look out for five key red flags that may indicate a scam, such as unsolicited requests for payment, pressure to act quickly, and unusual payment methods. The implications of these scams are significant, as they can lead to financial loss and erode trust in digital payment systems. Awareness and education are crucial for consumers to protect themselves from these evolving threats.

May 20, 2026

Discord implements end-to-end encryption for voice and video calls

SCM feed for Latest

Discord has rolled out end-to-end encryption for its voice and video calls, a significant upgrade aimed at enhancing user privacy. This new feature uses the DAVE encryption protocol, which is open-source, making it available across all platforms including desktop, mobile, web browsers, and gaming consoles. With approximately 690 million registered users on the platform, this move is particularly relevant as it addresses growing concerns over data security and privacy in online communications. The implementation of end-to-end encryption means that only the participants in a call can access the content of their conversations, making it much harder for third parties to intercept or eavesdrop. This is a step forward in safeguarding user information and ensuring a safer communication environment for millions of users worldwide.

May 20, 2026

Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control

darkreading

A serious vulnerability has been found in the operating system used by certain robotic systems, allowing unauthenticated attackers to execute command injections. This flaw enables attackers to gain remote access, potentially leading to significant disruptions in environments that rely on these robots. Affected organizations need to take immediate action to protect their systems, as the implications of such control could be severe, impacting operations and safety. Users of the affected robotic systems should prioritize applying any available patches to mitigate this risk. The vulnerability underscores the need for ongoing vigilance in securing operational technology environments.

May 20, 2026

Grafana breach caused by missed token rotation after TanStack attack

BleepingComputer

The Grafana data breach occurred due to a failure in rotating a GitHub workflow token after a recent npm supply-chain attack involving TanStack. This oversight allowed unauthorized access to Grafana's systems, potentially exposing sensitive data. The incident raises concerns about the importance of maintaining secure token management practices, especially in the wake of supply-chain vulnerabilities. Companies using Grafana may be at risk if they rely on outdated or improperly managed tokens. This breach serves as a reminder for organizations to regularly review and update their security protocols to prevent similar incidents.

May 20, 2026