Articles tagged "Phishing"

Found 301 articles

Critical
Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

A new phishing scam is exploiting the ongoing conflict between Iran, the US, and Israel by sending out fake missile alerts to trick users into revealing their Microsoft login credentials. Attackers are using QR codes and counterfeit government emails to lure victims. This tactic is particularly concerning as it preys on the heightened anxiety surrounding geopolitical tensions, making users more susceptible to clicking on malicious links. The scam underscores the importance of vigilance regarding unsolicited communications, especially during times of crisis. Users are advised to verify the authenticity of any alerts before taking action, particularly those requesting sensitive information.

Read Original
Actively Exploited

Recent research has identified several email-based threats that are evolving with the rise of AI and sophisticated attack methods. Key threats include OAuth consent attacks, where attackers exploit legitimate app permissions to gain unauthorized access to accounts. Lateral phishing is also on the rise, where compromised accounts are used to target other users within the same organization. Additionally, AI is being misused in payroll fraud schemes, tricking companies into making mistaken payments. These threats impact a wide range of organizations, as they rely heavily on email for communication and transactions. As these tactics become more common, businesses must remain vigilant and enhance their email security measures to protect against these evolving risks.

Read Original

Hims & Hers Health, a telehealth service provider, has reported a data breach due to stolen support tickets from Zendesk, a third-party customer service platform. This incident raises concerns as it potentially exposes sensitive information from users who sought medical advice or treatment through the service. The company is urging affected users to stay vigilant about their personal information and to monitor their accounts for any suspicious activity. This breach underscores the risks associated with relying on third-party vendors for customer support and handling sensitive data. Users should be aware of possible phishing attempts or unauthorized access to their accounts following this incident.

Read Original

A Chinese cyber group known as TA416 has been targeting European government and diplomatic entities since mid-2025, resuming its activities after a two-year lull. This campaign employs malware like PlugX and uses OAuth-based phishing techniques to compromise systems. TA416 is linked to various other hacking groups, including DarkPeony and RedDelta, indicating a broader network of cyber threats. The resurgence of these attacks raises concerns about the vulnerability of government institutions in Europe, especially given the increasing geopolitical tensions. Authorities and organizations need to bolster their cybersecurity measures to protect sensitive information from these state-sponsored actors.

Read Original

A new spear-phishing campaign has emerged, targeting senior executives and effectively bypassing multi-factor authentication (MFA) systems. This attack utilizes a recently identified phishing kit named VENOM, which allows attackers to craft convincing emails that trick recipients into providing sensitive information. The campaign poses a significant risk to businesses, as executives often have access to critical company data and systems. If successful, these attacks can lead to data breaches and financial losses. Companies must be vigilant and enhance their security measures to protect against such sophisticated phishing threats.

Read Original
Actively Exploited

A Brazilian cybercrime group known as Augmented Marauder and Water Saci has launched a phishing campaign that spreads two banking trojans: Casbaneiro and Horabot. The attackers use a mix of WhatsApp, ClickFix techniques, and email phishing to deliver these malicious programs. The campaign primarily targets individuals and organizations, aiming to steal sensitive banking information. This is particularly concerning as it showcases the evolving tactics employed by cybercriminals to exploit users through familiar communication channels. Users should be cautious about unsolicited messages and verify the authenticity of links before clicking.

Read Original
Actively Exploited

Cybercriminals are sending out fake LinkedIn alert messages that claim to offer job opportunities, but their real goal is to steal user credentials. This phishing campaign tricks recipients into providing sensitive information, putting their accounts at risk. The fraudulent messages imitate legitimate notifications from LinkedIn, making them difficult to detect. Users who fall for this scam could find their personal data compromised, leading to potential identity theft or unauthorized access to their accounts. It's essential for LinkedIn users to be cautious and verify messages before clicking on any links or providing information.

Read Original
Actively Exploited

A recent report from Infosecurity Magazine reveals that the Phantom Stealer, a .NET-based malware, has been targeting manufacturing, technology, and logistics sectors across Europe. This malware is part of the Phantom Project cybercrime kit, which also includes a crypter and a remote access tool. The attacks occurred in a series of phishing campaigns from November 2025 to January 2026. Organizations in these industries should be aware of the potential for data breaches and operational disruptions due to these ongoing attacks. The targeted sectors are crucial for the economy, making the successful exploitation of these vulnerabilities particularly concerning.

Read Original
Actively Exploited

A recent phishing campaign has targeted various sectors in Ukraine, including government entities, healthcare providers, financial institutions, educational organizations, and software development firms. Attackers impersonated the country's Computer Emergency Response Team (CERT) to deliver the AGEWHEEZE Remote Access Trojan (RAT) between March 26 and 27. This type of malware allows unauthorized access to infected systems, posing significant risks to sensitive data and operational security. The incidents emphasize the ongoing cyber threats faced by Ukrainian organizations, particularly amid heightened geopolitical tensions. Entities in the affected sectors need to remain vigilant and enhance their cybersecurity measures to mitigate such risks.

Read Original
Actively Exploited

As tax season approaches, cybercriminals are ramping up their phishing attacks, targeting individuals and businesses with a variety of scams. These attacks are designed to deliver remote monitoring and management (RMM) malware, steal credentials, and perpetrate business email compromise (BEC) schemes. Additionally, hackers are using tax-form scams to trick users into providing sensitive information. This surge in phishing attempts poses significant risks, especially for those who may be more vulnerable during the busy tax season. Users and organizations need to be vigilant and implement security measures to protect against these evolving tactics, which can lead to financial loss and identity theft.

Read Original

A Russian-linked hacking group known as TA446 is actively targeting iPhone users through a new phishing campaign that employs the DarkSword iOS exploit kit. These attacks involve sending malicious emails designed to compromise iOS devices, putting users' personal information at risk. The group, also referred to as SEABORGIUM and ColdRiver, has been noted for its sophisticated tactics in the past. This wave of phishing emphasizes the increasing dangers that smartphone users face, especially as attackers refine their methods to bypass security measures. As these campaigns evolve, it’s crucial for iPhone users to remain vigilant about suspicious emails and links.

Read Original
Critical
ShinyHunters Walk Away from BreachForums, Leak 300,000-User Database

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

ShinyHunters, a notorious hacking group, has departed from BreachForums and leaked a database containing information on 300,000 users. This data breach raises alarms as ShinyHunters warns that all active domains associated with the leak are fake, suggesting that users should be cautious of phishing attempts. The group has also threatened to release more data from forum backups, indicating that the situation could worsen. Users affected by this breach may have their personal information exposed, which could lead to identity theft or other malicious activities. This incident underscores the ongoing risks associated with online forums and the potential for significant data leaks.

Read Original
Actively Exploited

A new phishing campaign is targeting TikTok for Business accounts, aiming to trick users into revealing their login credentials. The attackers have employed tactics that hinder security bots from detecting the malicious pages, making it easier for them to succeed. This means that businesses using TikTok for advertising or promotion are at risk of having their accounts compromised. The implications are significant, as a breach could lead to unauthorized access, loss of sensitive data, and damage to brand reputation. Companies and users need to be vigilant and implement strong security measures to protect their accounts.

Read Original

A recent article discusses the growing issue of multi-channel impersonation attacks, where cybercriminals exploit outdated security controls to impersonate individuals across various communication platforms. These attacks often target employees within organizations, leading to unauthorized access to sensitive information and financial losses. Researchers emphasize that traditional security measures, such as basic email filtering and outdated authentication methods, are no longer sufficient to combat these sophisticated scams. Companies are urged to adopt more advanced security protocols, including multi-factor authentication and employee training on recognizing phishing attempts. The rise in these impersonation tactics poses a significant risk to businesses, making it crucial for them to reassess their security strategies.

Read Original

Fortinet's FortiGuard Labs has released its 2026 Global Threat Landscape Report, revealing significant trends in cybersecurity threats. The report indicates a rise in sophisticated attacks targeting both enterprise and personal systems, particularly through ransomware and phishing schemes. These attacks are increasingly leveraging artificial intelligence to bypass traditional security measures. Companies across various sectors, including finance and healthcare, are particularly vulnerable, as attackers exploit their reliance on digital infrastructure. The findings stress the urgent need for organizations to enhance their security protocols and invest in advanced threat detection technologies to protect sensitive data and maintain operational integrity.

Read Original
PreviousPage 10 of 21Next