Articles tagged "Phishing"

Found 301 articles

A massive database containing around 24 billion credentials has been discovered exposed online, amounting to about 8 terabytes of data. This database was gathered from 36 different sources, which include Telegram channels and previous data breaches, as well as data extracted from live servers. The sheer volume of exposed credentials raises significant concerns for individuals and organizations, as this information can be used for identity theft, phishing attacks, and unauthorized access to accounts. Users who may have been affected should take immediate steps to secure their accounts, such as changing passwords and enabling two-factor authentication. This incident underscores the ongoing risks associated with data breaches and the importance of safeguarding personal information.

Read Original
Actively Exploited

A new phishing kit called GitBait has been discovered that specifically targets users of Mexican banks. This kit takes advantage of GitHub Pages and the SheetBest API to create fake login pages designed to capture sensitive banking credentials. Researchers have noted that this attack is particularly concerning because it leverages trusted platforms to appear legitimate, potentially tricking victims into providing their information. Users of Mexican banking services should be especially vigilant and ensure they are accessing official websites before entering any personal details. This incident serves as a reminder of the evolving tactics employed by cybercriminals to exploit unsuspecting individuals.

Read Original

Researchers at Proofpoint have identified two phishing campaigns linked to a North Korean hacking group known as Contagious Interview, also referred to as Famous Chollima. These campaigns are cleverly disguised as recruitment efforts for developer roles or as requests for code reviews. The tactics used by these attackers demonstrate a sophisticated approach to lure potential victims into providing sensitive information. This is particularly concerning for software developers and companies in the tech sector, who may be targeted due to their access to valuable intellectual property and sensitive data. The rise in these types of campaigns serves as a reminder for organizations to remain vigilant about phishing threats and to educate employees about identifying suspicious communications.

Read Original

This week saw several cybersecurity incidents that highlight ongoing vulnerabilities in various systems. A zero-day vulnerability was discovered in Google Chrome, which could allow attackers to execute arbitrary code. Additionally, exploits affecting UniFi devices were reported, taking advantage of outdated software. Cybercriminals are also utilizing phishing kits that are increasingly easy to rent, making them more accessible to a wider range of attackers. Meanwhile, macOS systems are facing threats from new data-stealing malware, and a flaw in VPN services was identified, potentially exposing user data. These incidents remind users and organizations of the continuous need to update their software and remain vigilant against evolving cyber threats.

Read Original

Google has initiated legal action against a Chinese cybercrime group accused of using its Gemini AI technology to send phishing text messages to Americans. This group is believed to operate a phishing-as-a-service tool called Outsider, which facilitates these scams. The use of Gemini AI in this context raises concerns about how advanced technologies can be weaponized for malicious purposes. This case not only targets the perpetrators but also aims to raise awareness about the growing sophistication of phishing attacks that can deceive unsuspecting users. As phishing remains a major threat to online security, this lawsuit underscores the need for vigilance among consumers and businesses alike.

Read Original

Charter Communications fell victim to a data breach that compromised the personal information of approximately 4.9 million accounts. The hacking group ShinyHunters is behind the attack, which occurred in early April. This breach has raised concerns about the security of user data, as sensitive information may have been exposed. Users of Charter Communications should be vigilant for potential phishing attempts or identity theft as a result of this incident. It serves as a reminder for both consumers and companies to prioritize data security measures to protect against such breaches in the future.

Read Original
Actively Exploited

The FBI has issued a warning to law firms about a new tactic being used by the Silent Ransom Group (SRG) to steal sensitive data. These attackers are impersonating IT support staff and reaching out to victims through phone calls or phishing emails, aiming to gain access to their systems via remote desktop sessions. This method is particularly concerning for law firms, which often handle confidential information. If successful, these attacks could lead to significant data breaches, putting client information at risk. The FBI emphasizes the need for firms to be vigilant and to verify the identity of anyone requesting remote access to their systems.

Read Original
Actively Exploited

Cybercriminals have leaked 5.8 million records of Uruguayan citizens, marking another instance of hackers targeting government databases to sell personal information. This breach raises serious concerns about the security of sensitive data held by government agencies and the potential for identity theft and fraud. The leaked information could be used for various malicious purposes, including financial scams and phishing attacks. As more government data becomes accessible online, the risks to citizens increase, highlighting the need for stronger security measures to protect personal information. This incident serves as a stark reminder for governments to prioritize cybersecurity to safeguard their citizens' data.

Read Original

As artificial intelligence tools enhance phishing and credential theft techniques, security teams are struggling to keep pace with cybercriminals. The increasing sophistication of these attacks means that stolen credentials are becoming a major vulnerability for organizations. This situation creates a significant risk for companies and their users, as attackers can easily bypass traditional security measures. Organizations must prioritize improving their defenses against credential abuse to protect sensitive data and maintain trust with their customers. The ongoing battle between attackers and defenders highlights the urgent need for more effective security protocols and user education around credential safety.

Read Original
Actively Exploited

FortiGuard Labs has reported on a new campaign involving the PureLogs malware, which uses techniques like JavaScript, PowerShell, and process hollowing to steal sensitive data. The attackers lure victims through fake purchase orders, tricking them into providing confidential information. This tactic poses a significant risk to organizations that handle financial transactions or sensitive data, as it can lead to data breaches and financial losses. Companies should be vigilant and educate their employees about these types of scams to prevent falling victim to such attacks. The ongoing nature of this campaign highlights the need for continuous awareness and cybersecurity training.

Read Original

Chinese cybercriminals are shifting tactics from using static phishing pages to employing live credential interception techniques. Research indicates that these phishing operations overwhelmingly target non-Chinese organizations, suggesting a strategic choice to avoid domestic entities. This shift allows attackers to capture login information in real-time, making their phishing efforts more effective. As these tactics evolve, it raises concerns for global organizations who may find themselves impersonated in these schemes. The implications are significant, as the potential for data breaches and unauthorized access increases with the sophistication of these attacks.

Read Original

Iranian hackers, known as Nimbus Manticore, have launched a campaign targeting U.S. aviation through phishing attacks and SEO poisoning. They are distributing a malicious backdoor called MiniFast, which is designed to exploit vulnerabilities in systems related to aviation. This campaign poses a significant risk to the aviation sector, as it could potentially allow attackers to gain unauthorized access to sensitive information and disrupt operations. The use of AI to create the MiniFast backdoor indicates a sophisticated approach to cyberattacks, raising concerns about the evolving tactics of state-sponsored hacking groups. Companies in the aviation industry need to be vigilant and enhance their cybersecurity measures to protect against such threats.

Read Original

The Belarusian hacking group known as Ghostwriter has targeted Ukrainian government entities with a phishing campaign using the Prometheus online learning platform as bait. Researchers from the Computer Emergency Response Team of Ukraine (CERT-UA) reported that the attackers are sending phishing emails from compromised accounts, aiming to breach government organizations. This type of cyber activity raises significant concerns, especially given the ongoing tensions in the region. As the situation escalates, the threat of cyberattacks against government infrastructure can undermine national security and disrupt essential services. It’s crucial for organizations to be vigilant and enhance their cybersecurity measures to protect against such targeted attacks.

Read Original
Actively Exploited

Malwarebytes has uncovered a phishing scam on Facebook that specifically targets users aged 40 and older. This scheme lures victims with fake offers for Aldi meat boxes, enticing them to provide personal information or financial details. The attackers are exploiting the trust users may have in social media platforms, making it crucial for older adults to be vigilant about suspicious offers. This incident serves as a reminder that scammers often tailor their tactics to exploit specific demographics, highlighting the need for increased awareness among users. Protecting personal information online is essential, especially when faced with seemingly harmless promotions.

Read Original

Keepnet, a platform focused on human risk management, has provided data on voice and SMS phishing simulations to the 2026 Verizon Data Breach Investigations Report (DBIR). This edition marks the first time such data has been included at this scale, revealing a notable 40% increase in the median click rate for phone-centric phishing attempts compared to traditional email-based simulations. This indicates a growing trend in phishing tactics that exploit voice and SMS channels, which could pose significant risks to users and organizations alike. As cybercriminals diversify their methods, understanding these new threats becomes essential for companies aiming to protect themselves and their employees. The inclusion of this data in a reputable report like the DBIR emphasizes the need for heightened awareness and training regarding these types of attacks.

Read Original
PreviousPage 5 of 21Next