Articles tagged "Phishing"

Found 301 articles

Actively Exploited

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a phishing campaign linked to Russian hackers that targets users of the messaging app Signal. This campaign has evolved to specifically steal Signal Backup Recovery Keys, which can grant attackers access to a user's past messages. This poses a significant risk for Signal users, as it could expose sensitive communications and personal information. The attackers are likely aiming to exploit this access for espionage or other malicious activities. Users are urged to be vigilant about suspicious messages and to take steps to secure their accounts against potential phishing attempts.

Read Original

Cybercriminals are impersonating legitimate companies by creating fake OpenAI accounts and inviting employees to join them. This tactic aims to deceive individuals into sharing sensitive company information through chats and projects hosted on these fraudulent platforms. The incidents have been reported primarily among cybersecurity firms, raising concerns about the potential for data breaches and leaks of confidential information. As employees may not recognize the deception, they could inadvertently compromise their organizations' security. Companies should be vigilant and educate their staff on verifying the authenticity of such invitations to prevent falling victim to these scams.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a new warning about Russian Intelligence Services (RIS) targeting commercial messaging applications through phishing campaigns. This update comes from a previous alert released in March 2026 and details the latest tactics used by these cybercriminals, along with examples of phishing messages they employ. Users of popular messaging platforms are particularly at risk, as attackers seek to exploit vulnerabilities in these widely used applications. The warning emphasizes the importance of being cautious and implementing security measures to protect against these ongoing threats. As phishing attacks continue to evolve, it is crucial for users and organizations to stay informed and vigilant to safeguard their communications and sensitive information.

Read Original

A phishing campaign has been preying on hotels and hospitality organizations in Europe and Asia since April 2026, according to Microsoft. The attackers use ZIP files disguised as photo attachments to deliver a Node.js implant, targeting front-desk computers. While Microsoft has not linked this activity to any known threat actor, the exact objectives of the attackers remain unclear. This type of attack is particularly concerning because it exploits the routine operations of hotels, potentially compromising sensitive guest information and operational systems. Organizations in the hospitality sector need to be vigilant and enhance their security measures to protect against such targeted phishing attempts.

Read Original

Kaspersky researchers have examined the growing cybersecurity threats facing small and medium-sized businesses (SMBs) in 2026. They found that attacks using fake artificial intelligence tools are on the rise, alongside traditional phishing schemes. These tactics are particularly concerning as they can lead to data breaches and the sale of sensitive information on the dark web. SMBs, which often lack the resources of larger corporations, are especially vulnerable to these types of attacks. Companies need to enhance their security measures and educate employees about recognizing scams to protect themselves against these evolving threats.

Read Original

Xsolis, a healthcare technology firm, recently reported a phishing attack that compromised its network, affecting approximately 1.4 million individuals. The company, which provides AI-driven software to hospitals and health insurers, discovered the unauthorized access on January 22, 2026, following the phishing incident that occurred two days earlier. Xsolis has stated that it took immediate measures to contain the situation. This breach raises concerns about the security of sensitive healthcare information, as personal data of patients and insurance details may have been exposed. The attack underscores the growing threat of phishing in the healthcare sector, where sensitive information is a prime target for cybercriminals.

Read Original

Xsolis, a healthcare technology firm, reported a data breach affecting approximately 1.4 million individuals. The breach occurred due to a phishing attack, which allowed attackers to gain unauthorized access to the company's network. The compromised data includes sensitive personal information, raising serious concerns about privacy and security for those affected. This incident underscores the vulnerability of healthcare organizations to cyberattacks, especially as they increasingly rely on digital systems. Individuals whose data was exposed may face risks such as identity theft and fraud, prompting a need for vigilance and protective measures.

Read Original

Abdellah Belmili, an Algerian man, has been charged by federal prosecutors for allegedly operating two online marketplaces that specialize in cybercrime. These websites reportedly sold stolen financial credentials and custom-designed phishing kits specifically aimed at major American banks. This situation raises significant concerns as it highlights the ongoing issue of cybercrime and the ease with which sensitive information can be bought and sold on the dark web. The impact of such marketplaces can be far-reaching, potentially affecting countless individuals and businesses as attackers exploit the stolen data. Law enforcement's action against Belmili underscores the need for continued vigilance in the fight against cybercrime and the protection of financial systems.

Read Original

Vishing, or voice phishing, is emerging as a significant cybersecurity threat as attackers increasingly target employees through phone calls instead of emails. This method of social engineering exploits human behavior, tricking individuals into divulging sensitive information or performing actions that compromise security. Companies must be vigilant, as these attacks can lead to data breaches or financial loss. To protect against vishing, organizations should educate employees about the risks, establish clear protocols for verifying callers, implement call monitoring systems, and encourage reporting of suspicious calls. By taking these proactive measures, companies can reduce their vulnerability to this type of fraud.

Read Original

Xsolis, a healthcare technology company based in Tennessee, has reported a data breach that has affected approximately 1.4 million individuals. The breach occurred due to a phishing attack that compromised personal and health information stored in the systems of its hospital clients. Xsolis provides essential services in utilization management and revenue cycle solutions, making the breach particularly concerning for those whose data was exposed. This incident raises alarms about the security of sensitive health data and the potential risks for identity theft and privacy violations. As healthcare providers increasingly rely on technology, the need for robust cybersecurity measures becomes even more critical to protect patient information.

Read Original

A recent survey conducted with over 7,800 participants from eight different countries revealed that a significant number of users, between 40% and 50%, still choose to store their passwords in web browsers for the sake of convenience. This practice raises concerns about security, as browser-based password storage can be vulnerable to various cyber threats, including phishing attacks and malware. Many users may not realize the risks associated with this method of password management, potentially exposing their sensitive information to attackers. The survey indicates a need for greater awareness about secure password practices and encourages individuals to consider more secure alternatives, such as dedicated password managers. As cyber threats continue to evolve, users should reassess their password storage methods to better protect their online accounts and personal data.

Read Original
Actively Exploited

Check Point Research has reported a significant rise in the registration of Amazon-themed domains, with 6,843 new domains registered between December and May. Alarmingly, nearly 10% of these domains have been flagged as malicious or suspicious. This spike coincides with Amazon Prime Day, a time when many consumers are actively shopping online, making them prime targets for cybercriminals. The increase in malicious domains could lead to phishing attempts and scams, putting users' personal and financial information at risk. As shoppers gear up for sales events, researchers urge users to be vigilant and verify the authenticity of websites before making purchases.

Read Original

As the World Cup kicks off, cybersecurity experts warn that the global event creates a prime opportunity for cybercriminals to exploit vulnerabilities and disrupt systems. Attackers may target organizations involved in the tournament, including event organizers, broadcasters, and sponsors, by launching phishing campaigns, deploying malware, or executing denial-of-service attacks. With millions of fans engaged online, these threats could impact not just businesses but also the safety of personal data and financial transactions. Organizations need to bolster their security measures to protect against these potential risks during this high-profile event. The urgency for enhanced cybersecurity is clear as the stakes are high and the potential for widespread disruption looms.

Read Original

Nintendo of America has confirmed that data from the TinyPulse service, a third-party platform used for internal surveys, was stolen during a cyberattack. While Nintendo's own systems were not compromised, the breach affects the survey data collected through TinyPulse. This incident raises concerns over the security of third-party services that companies rely on for internal operations. Users whose data was stored on TinyPulse may be at risk, as the stolen information could be used for phishing or other malicious activities. Companies using third-party services should ensure they have robust security measures in place to protect sensitive information.

Read Original

International law enforcement has successfully taken action against the SocGholish botnet, which is linked to the notorious Russian cybercrime group Evil Corp. They cleaned nearly 15,000 WordPress websites infected with malware and dismantled over 100 servers used in these attacks. This operation is significant as SocGholish is known for distributing malware that targets users through fake software updates and phishing tactics. The cleanup effort not only helps to secure the affected websites but also disrupts the operations of a well-established cybercrime group, which could reduce the risk of future attacks on unsuspecting users. The impact of this operation highlights the ongoing battle against cybercrime and the importance of maintaining secure online environments.

Read Original
PreviousPage 4 of 21Next