Articles tagged "Phishing"

Found 301 articles

Actively Exploited

The article discusses the limitations of technical security measures in preventing cyber attacks, emphasizing that employees often serve as the first line of defense. It outlines four specific types of attacks that target human vulnerabilities, such as phishing and social engineering. These attacks exploit the trust and behavior of employees rather than technical flaws in systems. This highlights the need for companies to invest in training and awareness programs for their staff to recognize and respond to potential threats effectively. As cyber threats continue to evolve, a well-informed workforce is crucial for enhancing overall security.

Read Original

South Staffordshire Water's parent company has been fined nearly £1 million by the UK's Information Commissioner’s Office (ICO) due to a severe security breach that lasted for almost two years. The incident began in September 2020 when an employee fell for a phishing email and opened an infected attachment, allowing hackers to install malicious software on the company’s network. This intrusion went unnoticed for 20 months, during which the personal data of 633,887 individuals was compromised. This case underscores the importance of robust cybersecurity measures, especially for organizations handling sensitive customer information. The long duration of the breach raises concerns about the effectiveness of the company's security protocols and employee training regarding potential cyber threats.

Read Original

Zara, the popular clothing retailer, has suffered a data breach affecting nearly 200,000 customers. The hacker group ShinyHunters reportedly obtained sensitive information, including email addresses and other personal data from Zara's database. This incident raises concerns about the safety of customer information and the potential for phishing attacks or identity theft. Customers who provided their data to Zara may now be at increased risk, as attackers could exploit this information for malicious purposes. Companies like Zara need to enhance their security measures to protect customer data and prevent future breaches.

Read Original

A data breach affecting nearly 197,000 Zara customers has been linked to a cyberattack on a former technology provider, ShinyHunters. The breach exposed sensitive customer information, including emails, purchase history, and support data. This incident raises concerns about the security measures in place at third-party vendors that companies rely on. Customers whose data was compromised may face increased risks of phishing attempts and identity theft. As major retailers like Zara continue to rely on external partners, ensuring robust security practices across their supply chain becomes increasingly critical.

Read Original
Critical
Scammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Scammers are now using invisible text in phishing emails to trick AI email filters, making it easier for their fraudulent messages to reach users' inboxes. This method involves inserting hidden characters that are not visible to the naked eye but can bypass automated security systems. As a result, more phishing emails could successfully land in inboxes, increasing the risk of users falling victim to scams. This tactic poses a significant challenge for email service providers and cybersecurity experts, who must adapt their filtering techniques to combat this evolving threat. Users should be vigilant and look out for suspicious emails, even if they seem to pass through standard security filters.

Read Original
Actively Exploited

Cofense has reported a notable rise in phishing campaigns that exploit the Vercel platform. Vercel, a popular service for frontend developers that allows for easy deployment of web applications, has been misused by attackers to create deceptive sites aimed at tricking users into providing sensitive information. This uptick in abuse is significant enough to raise alarms among cybersecurity experts, as it could affect a wide range of organizations using Vercel for their web projects. Companies relying on this platform need to be vigilant and enhance their security measures to protect against these phishing attacks. Users should also be cautious about unsolicited communications that may lead to fraudulent websites.

Read Original

A hacker claims to have stolen around 280 million data records from 8,809 educational institutions, including colleges, school districts, and online platforms, in a breach involving Instructure, a prominent education technology company. The records reportedly contain sensitive information about students and staff, raising concerns over identity theft and privacy violations. This incident highlights the vulnerabilities in educational systems, which often store vast amounts of personal data. Users and institutions need to be vigilant about potential phishing attacks and other exploits that could arise from this breach. The impact on students and staff could be severe, as their personal information may be used maliciously.

Read Original

Instructure, the company behind the Canvas learning management system, has confirmed a data breach that has exposed personal information of its users. The breach was disclosed on a Friday, and the hacker group ShinyHunters has claimed responsibility for the attack. While Instructure has not provided detailed information about the types of personal data compromised, the incident raises concerns about the security of educational platforms and the sensitive information they handle. Users of Canvas and potentially other Instructure services should remain vigilant and take steps to secure their accounts, as the exposure of personal data can lead to identity theft or further phishing attempts. This incident highlights the ongoing risks that educational institutions face in protecting their digital environments.

Read Original

A phishing campaign named VENOMOUS#HELPER has been targeting over 80 organizations since at least April 2025. The attackers exploit legitimate Remote Monitoring and Management (RMM) tools, specifically SimpleHelp and ScreenConnect, to gain ongoing remote access to compromised systems. Most of the affected organizations are based in the United States. This type of attack is concerning because it allows attackers to maintain control over their targets, potentially leading to data breaches or further exploitation. Organizations need to be vigilant about phishing attempts and ensure that their RMM tools are secured against unauthorized access.

Read Original

The cybercrime group Silver Fox, based in China, has launched a phishing campaign targeting organizations in India and Russia using a new malware known as ABCDoor. The attackers sent emails posing as communications from the Income Tax Department of India in December 2025, followed by similar attempts aimed at Russian entities. This tactic is concerning as it exploits tax-related themes to gain trust and infiltrate systems. The use of ABCDoor malware can lead to unauthorized access to sensitive information, potentially compromising the security of targeted organizations. As cyber threats continue to evolve, it is crucial for companies in these regions to enhance their security measures and educate employees on recognizing phishing attempts.

Read Original

Researchers have identified a new phishing technique that exploits Amazon's Simple Email Service (SES) to send fraudulent emails that appear legitimate. By using this widely trusted cloud email service, attackers can bypass traditional email security measures. Victims may struggle to distinguish these phishing emails from real communications, making them more susceptible to scams. The implications are significant, as this method could lead to increased identity theft and financial loss for individuals and organizations alike. Users are advised to be vigilant and verify the authenticity of unexpected emails, especially those requesting sensitive information or prompting urgent actions.

Read Original

A Vietnamese-linked phishing campaign, dubbed AccountDumpling, has been uncovered, targeting Facebook users. This operation employs Google AppSheet as a tool to send phishing emails aimed at stealing Facebook account credentials. Researchers estimate that around 30,000 accounts have been compromised, with the attackers selling the stolen information through an underground marketplace. This incident raises concerns about the effectiveness of current phishing defenses, as even reputable platforms like Google can be misused for malicious purposes. Users are advised to remain vigilant and employ strong security measures to protect their accounts.

Read Original

A new phishing kit called Bluekit has emerged, featuring over 40 templates designed to target well-known online services. This kit stands out because it also includes basic AI capabilities that help users create phishing campaign drafts more efficiently. This means that even those with limited technical skills can launch sophisticated phishing attacks, increasing the risk for individuals and organizations. The availability of such tools makes it easier for cybercriminals to exploit unsuspecting users, potentially leading to data breaches and financial losses. As these tools become more accessible, companies and users need to be more vigilant about phishing attempts and enhance their security measures to protect sensitive information.

Read Original

Chinese state-backed hackers have been targeting journalists and activists in Taiwan, Hong Kong, Tibet, and the Uyghur region through phishing campaigns over the past nine months. These campaigns are believed to be orchestrated by freelance hackers affiliated with the Chinese government, aiming to extract sensitive information from individuals who are often critical of the Chinese regime. The report from Recorded Future details the tactics used in these attacks, which are particularly concerning given the ongoing suppression of dissent in these regions. The implications are serious, as these efforts not only threaten the safety of the targeted individuals but also aim to silence voices of opposition and undermine press freedom. This situation highlights the ongoing cybersecurity risks faced by those advocating for human rights in China and surrounding areas.

Read Original
Critical
New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

The newly discovered Bluekit Phishing Kit is a sophisticated tool that employs advanced techniques to target major online platforms. It utilizes an AI-driven approach called AiTM, which allows attackers to steal session data and bypass multi-factor authentication (MFA) protections. This poses a significant risk to users, as it could lead to unauthorized access to their accounts on popular services. The implications are serious, as many individuals rely on MFA to secure their online identities. Companies and users alike need to be vigilant and update their security measures to counteract these emerging threats.

Read Original
PreviousPage 7 of 21Next