Articles tagged "Phishing"

Found 302 articles

Actively Exploited

A recent phishing campaign has been discovered that spreads the Phantom information-stealing malware through ISO file attachments. Attackers are targeting users by disguising these malicious files as legitimate content, tricking them into opening the files and executing the malware. Once installed, Phantom can collect sensitive information, including login credentials and personal data. This campaign poses a significant risk to individuals and organizations, as it can lead to data breaches and identity theft. Users should be cautious when receiving unsolicited emails with attachments, especially ISO files, and ensure their security software is up to date.

Read Original

A new email scam is exploiting PayPal's subscription feature to send deceptive purchase notifications. These emails appear legitimate as they come from PayPal but contain links directing users to fraudulent sites. The scam takes advantage of the way PayPal's subscription system generates email notifications, making it challenging for recipients to discern the authenticity of the messages. Users who fall for these scams could inadvertently share personal information or financial details with malicious actors. It's crucial for PayPal users to be cautious when receiving unexpected purchase notifications and to verify any claims before taking action.

Read Original

A significant security oversight was uncovered when researchers found an unsecured 16TB MongoDB database that exposed approximately 4.3 billion professional records. This database primarily contained LinkedIn-style data, which could be exploited for large-scale AI-driven social engineering attacks. The discovery was made by Bob Diachenko and nexos.ai on November 23, 2025, and the database was secured only after the researchers alerted its owner. This incident underscores the risks associated with unsecured databases, as the exposed data could facilitate identity theft and phishing schemes targeting professionals. Organizations need to ensure better security measures for their data to prevent such breaches in the future.

Read Original
UK’s ICO Fine LastPass £1.2 Million Over 2022 Security Breach

Hackread – Cybersecurity News, Data Breaches, AI, and More

The UK's Information Commissioner's Office (ICO) has imposed a £1.2 million fine on LastPass following a significant data breach in 2022 that compromised the personal information of 1.6 million users. The breach was traced back to a vulnerability in an employee's personal computer, which allowed attackers to access sensitive data. This incident raises serious concerns about the security practices of password management services, especially considering the potential for misuse of the exposed information. Users of LastPass are now at increased risk of phishing attacks and identity theft. The fine serves as a reminder for companies to enhance their cybersecurity measures and protect user data more effectively.

Read Original
Critical
New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera

Hackread – Cybersecurity News, Data Breaches, AI, and More

Actively Exploited

Researchers at Zimperium zLabs have discovered a new Android malware called DroidLock, which behaves like ransomware. This malicious software can lock users out of their devices and steal sensitive information by tricking them into providing their credentials through phishing tactics. Additionally, DroidLock has the capability to stream users' screens and activate their front cameras through VNC, raising serious privacy concerns. This malware primarily targets Android users, making it essential for them to remain vigilant about their device security and be cautious of suspicious links or applications. The emergence of DroidLock emphasizes the ongoing risks associated with mobile malware and the need for users to adopt strong security practices.

Read Original
Critical
Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks

Hackread – Cybersecurity News, Data Breaches, AI, and More

Actively Exploited

A recent phishing campaign has targeted around 6,000 companies, sending over 40,000 fraudulent emails that appeared to come from trusted services like SharePoint and DocuSign. These emails contained malicious links disguised by reputable redirect services, making it easier for scammers to trick recipients into clicking. The scale and speed of this attack raise concerns about the vulnerability of businesses to such tactics, which exploit the trust users place in well-known platforms. Companies need to be vigilant, as these phishing attempts can lead to data breaches or financial loss if employees fall for the scams. Ensuring proper training and awareness around phishing tactics is crucial for organizations to protect themselves.

Read Original
Actively Exploited

A new phishing kit named Spiderman is targeting customers of various European banks and cryptocurrency users by creating nearly identical fake websites that impersonate legitimate brands and organizations. This sophisticated kit allows attackers to mimic the look and feel of real banking sites, making it difficult for users to identify them as fraudulent. Affected users may enter sensitive information, such as login credentials or financial details, which could lead to identity theft or financial loss. The rise of such phishing attacks is concerning as they exploit the trust users have in established financial institutions. Awareness and caution are crucial for users to protect themselves from these deceptive schemes.

Read Original
Critical
Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft

Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

Actively Exploited

Varonis threat analysts have identified a new phishing kit named Spiderman that specifically targets European banks and cryptocurrency customers. This kit automates the process of stealing users' credentials and personal information, creating a complete identity profile of the victim. The implications of this attack are significant, as it not only compromises individual accounts but can also lead to broader financial fraud and identity theft. Banks and crypto platforms should be on high alert and enhance their security measures to protect against this sophisticated threat. Users must also remain vigilant and be cautious about sharing their information online.

Read Original
Critical
Over 70 Domains Used in Months-Long Phishing Spree Against US Universities

Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

Actively Exploited

A phishing campaign utilizing the Evilginx kit has targeted 18 US universities, successfully bypassing Multi-Factor Authentication (MFA) to steal credentials over a period from April to November 2025. The severity of the threat highlights the vulnerabilities in MFA systems and the need for enhanced security measures in educational institutions.

Read Original
Actively Exploited

A new wave of spear-phishing attacks has been identified, attributed to the Russia-based hacking group Star Blizzard. This threat poses significant risks to organizations, particularly targeting the French NGO Reporters Without Borders, highlighting the ongoing cybersecurity challenges faced by non-profits and media organizations.

Read Original

BitSight research highlights a significant cybersecurity threat where threat actors exploit calendar subscriptions to deliver phishing links and malware via hijacked domains. This method poses a serious risk as it can lead to social engineering attacks, potentially compromising sensitive information and systems.

Read Original
Actively Exploited

The article discusses a new phishing campaign targeting Zendesk users, attributed to the Scattered Lapsus$ Hunters collective. This campaign involves the use of newly registered phishing domains, indicating a serious threat to users of the Zendesk platform.

Read Original

Recent research indicates that advanced phishing attacks are effectively circumventing traditional security measures employed by enterprises. This highlights a significant concern for organizations, as these tactics remain effective despite the implementation of sophisticated security systems.

Read Original
PreviousPage 19 of 21Next