VulnHub

Articles tagged "LinkedIn"

Found 4 articles

Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs

Infosecurity Magazine

Actively Exploited

Researchers from ReliaQuest have identified a phishing campaign targeting high-profile business executives through LinkedIn messages. The attackers are using an open-source penetration testing tool to craft convincing messages that trick individuals into revealing sensitive information. This campaign is particularly concerning because it targets 'high-value individuals,' making it more likely to succeed against those with access to critical company data. Companies need to educate their employees about recognizing phishing attempts and to implement stronger security measures to protect against these types of attacks. With the rise of social engineering tactics like this, vigilance is essential for safeguarding sensitive business information.

Impact: LinkedIn, Business Executives

Remediation: Companies should train employees to recognize phishing attempts and consider implementing two-factor authentication for LinkedIn accounts.

Phishing Critical

1 month ago

Read Original

Convincing LinkedIn comment-reply tactic used in new phishing

BleepingComputer

Actively Exploited

Scammers are targeting LinkedIn users with a new phishing tactic that involves fake comments appearing as replies to legitimate posts. These comments, which resemble official LinkedIn notifications, falsely warn users about policy violations and encourage them to click on malicious external links. Some attackers are even using LinkedIn's own lnkd.in URL shortener, making it more difficult for users to recognize these attempts as scams. This tactic is particularly concerning as it exploits the trust users have in the platform, potentially compromising personal and professional information. LinkedIn users should be cautious and verify the authenticity of comments before clicking on any links.

Impact: LinkedIn users, especially professionals using the platform for networking and job searching.

Remediation: Users should verify the authenticity of comments and links before clicking, report suspicious activity to LinkedIn, and consider adjusting privacy settings to limit exposure.

Phishing

1 month ago

Read Original

Experts found an unsecured 16TB database containing 4.3B professional records

Security Affairs

A significant security oversight was uncovered when researchers found an unsecured 16TB MongoDB database that exposed approximately 4.3 billion professional records. This database primarily contained LinkedIn-style data, which could be exploited for large-scale AI-driven social engineering attacks. The discovery was made by Bob Diachenko and nexos.ai on November 23, 2025, and the database was secured only after the researchers alerted its owner. This incident underscores the risks associated with unsecured databases, as the exposed data could facilitate identity theft and phishing schemes targeting professionals. Organizations need to ensure better security measures for their data to prevent such breaches in the future.

Impact: Unsecured MongoDB database, professional records, LinkedIn-style data

Remediation: Database secured after researcher notification; organizations should implement strict access controls and regular security audits.

Phishing Data Breach

2 months ago

Read Original

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

The Hacker News

This week has highlighted a surge in cybersecurity incidents, including arrests of hackers and the increasing sophistication of espionage activities. The use of everyday technology, such as browser add-ons and IoT devices, for malicious purposes underscores the evolving nature of online threats.

Impact: N/A

Remediation: N/A

Malware

3 months ago

Read Original