A new open-source tool called 'ScamBuster' is designed to combat email scammers by using artificial intelligence to imitate victim personas. This system engages with phishing attackers to collect valuable data on their operations, which can be useful for organizations and law enforcement agencies. By turning the tables on scammers, ScamBuster aims to enhance the understanding of cybercriminal tactics and improve defenses against phishing attacks. This initiative is significant as phishing remains one of the most common and effective cyber threats, targeting individuals and businesses alike. The tool could potentially help reduce the number of successful scams and improve overall cybersecurity awareness.
Articles tagged "Phishing"
Found 301 articles
Dutch police are investigating a cyberattack on telecom provider Odido that occurred in February 2026, which led to the theft of data belonging to over six million customers. Authorities believe that local hackers, possibly Dutch nationals, were behind the phishing attack that initiated the breach. The police are currently seeking public assistance to identify these suspects. This incident raises serious concerns about the security of customer data in the telecommunications sector and highlights the ongoing risks posed by phishing schemes. As the investigation unfolds, affected customers should be vigilant about potential misuse of their personal information.
The Hacker News
A misconfigured Python web server used in a phishing operation targeting Microsoft 365 was discovered by Lexfo, a French cybersecurity firm. The server was left publicly accessible with directory listing enabled, allowing researchers to access a log file that contained the command used to run the server. This oversight led them to uncover not only the phishing toolkit but also two additional related operations. The exposed setup raises concerns about the security practices of attackers, as it can lead to further exploitation of users unaware of these phishing attempts. Organizations using Microsoft 365 should be vigilant and ensure their security measures are robust against such phishing schemes.
SCM feed for Latest
On February 7, 2023, a data breach at Odido compromised the personal information of 6.2 million customers. The breach was made public on February 12, and Dutch police are currently investigating the incident, with suspicions pointing towards local hackers. This breach raises concerns about the security of personal data, especially given the scale of the impact. Affected customers may face risks such as identity theft and fraud. The investigation is ongoing, and it remains crucial for users to monitor their accounts and be aware of potential phishing attempts in the aftermath.
Anastasia Tikhonova from Group-IB emphasizes the importance of integrating software supply chain security into daily operations rather than treating it as a one-time compliance task. In a recent video, she advocates for the active use of Software Bill of Materials (SBOM) for various security processes, including vulnerability assessments and incident responses. Drawing insights from Group-IB’s High-Tech Crime Trend Report 2026, she warns that supply chain attacks are becoming more sophisticated, often linking phishing, ransomware, and data breaches through the trust companies place in their suppliers. This shift means organizations need to be proactive in managing their software supply chain risks to protect against these evolving threats. Acknowledging that these vulnerabilities can have widespread implications, Tikhonova encourages teams to make security a daily habit.
A recent report by Secret Double Octopus reveals that only 28% of the financial workforce is using phishing-resistant multi-factor authentication (MFA). Many banks and financial organizations still rely on traditional passwords, which leaves them vulnerable to phishing attacks and credential theft. The combination of phishing-resistant technologies with less secure methods, like passwords plus one-time passwords (OTPs), is common but insufficient to protect against identity security risks. This situation raises concerns about the overall security posture of financial institutions, as attackers can exploit weaknesses in authentication processes. As phishing attacks continue to rise, the need for stronger authentication measures becomes more critical for protecting sensitive financial data.
A new group called Helix has emerged, employing tactics like voice phishing (vishing) to target SharePoint environments for data theft. They are using identity-focused strategies to gain access to sensitive information by tricking users into providing their credentials. This method includes device code phishing and exploiting multi-factor authentication (MFA) weaknesses. The emergence of Helix poses a significant risk to organizations that rely on SharePoint for data management, as attackers can bypass traditional security measures. Companies must remain vigilant and educate their employees about these tactics to prevent falling victim to such scams.
A serious vulnerability has been found in OpenPLC v3, which could allow authenticated attackers to write arbitrary files to the filesystem and execute malicious code. This flaw, identified as CVE-2026-14480, stems from how the legacy web user interface handles file uploads, enabling attackers to specify file names without proper validation. If exploited, it could lead to code execution under the OpenPLC runtime user, posing significant risks to critical infrastructure sectors such as manufacturing, energy, and transportation. OpenPLC v3 is now end-of-life and no longer receives security updates, making it essential for users to upgrade to OpenPLC v4 to mitigate this risk.
Schneider Electric's PowerChute Serial Shutdown software has several vulnerabilities that could allow attackers to manipulate system files, inject malicious data, or gain unauthorized access to accounts. Versions 1.4 and earlier are affected by these security flaws, which include issues like improper path restrictions and output handling. If exploited, these vulnerabilities could disrupt services or expose sensitive information across critical sectors such as energy, healthcare, and transportation. Users of affected versions are urged to upgrade to version 1.5, which includes fixes for these issues. The vulnerabilities were disclosed recently, and it is crucial for organizations to address them promptly to mitigate potential risks.
Hackread – Cybersecurity News, Data Breaches, AI and More
Kaspersky has reported that the Armored Likho group, a previously identified advanced persistent threat (APT), is actively targeting government and energy sectors using a combination of techniques. They employ BusySnake Stealer, a type of malware designed to extract sensitive information, alongside AI-generated loaders and phishing methods to infiltrate systems. This campaign poses significant risks to organizations in these critical sectors, as the stolen data could lead to further exploitation or security breaches. The use of sophisticated tools and tactics highlights the evolving nature of cyber threats and the need for enhanced security measures within these industries. Organizations should remain vigilant and strengthen their defenses against such targeted attacks.
Labcenter Electronics' Proteus 9 software has been found to have several critical vulnerabilities, including out-of-bounds write, stack-based buffer overflow, and use-after-free issues. These vulnerabilities could allow attackers to execute arbitrary code on affected installations, potentially compromising sensitive systems in various sectors like healthcare, energy, and defense. Specifically, version 9.1_SP4_Build_42914 is affected, and users are urged to upgrade to the latest version, 9.2 SPO, to protect against these risks. While there are currently no known public exploits actively targeting these vulnerabilities, the potential for abuse remains concerning. It’s crucial for organizations to apply the recommended updates and implement security measures to safeguard their systems.
Recent phishing attacks have targeted Facebook users by offering fake verification processes, aiming to steal sensitive information from business accounts. Attackers utilized a compromised chatbot to enhance their deception, making it easier for them to extract data from unsuspecting users. This campaign specifically affected individuals and businesses that rely on Facebook for communication and marketing. The incident raises concerns about the security of online platforms and highlights the importance of user awareness regarding potential scams. Users are advised to verify requests for information directly through official channels and to be cautious about sharing personal details online.
Hackread – Cybersecurity News, Data Breaches, AI and More
Malwarebytes has reported that attackers are using fake Google and Cloudflare verification pages as part of a scheme to distribute multiple families of malware, including StealC and NetSupport. This operation is linked to a shared infrastructure known as ClickFix. The fraudulent pages trick users into believing they are legitimate, making it easier for the malware to be delivered. This affects anyone who may inadvertently interact with these deceptive sites, potentially leading to data theft and system compromise. The incident emphasizes the need for users to be cautious about online verifications and the sites they engage with, as the risks of malware infections continue to rise.
The Hacker News
A group of hackers, believed to be linked to China, has launched a campaign targeting Indian taxpayers and finance professionals using a fake tax filing tool. This operation, dubbed Operation DragonReturn by Seqrite Labs, involves sending emails that appear to be from the Income Tax Department of India. The goal is to deliver a remote access trojan (DcRAT) that can steal sensitive information from infected systems. This attack not only threatens individual taxpayers but also poses risks to corporate finance teams who handle sensitive financial data. As cyber threats continue to evolve, awareness and vigilance are crucial for those in the affected sectors.
Securelist
A new phishing attack is exploiting the OAuth 2.0 Device Authorization Grant, commonly used for authenticating smart devices like TVs and printers. Attackers have created a fake Microsoft website that mimics the legitimate login process, tricking users into entering their credentials. This type of attack is particularly concerning as it targets users who may not be familiar with the intricacies of secure URL verification. As a result, anyone using devices that rely on OAuth for authentication could be at risk. Users are advised to be cautious and verify URLs carefully before entering sensitive information, especially when prompted by unexpected requests.