All articles tagged with #phishing
ThreatsDay flags AI-enhanced threats accelerating breaches and blurring into everyday activity: Kali Linux now integrates Claude via MCP for natural-language command execution; campaigns include Bitpanda phishing, four-minute lateral movement, and Mac/WinRAR exploits, aided by ad cloaking, typosquatting, and social engineering, as threat actors fragment post-RAMP and increasingly use AI-driven tactics.
Microsoft says an ongoing Exchange Online incident is caused by a new URL rule that erroneously flags legitimate messages as phishing and quarantines them, disrupting mail flow. The company is reviewing quarantined emails and working to unblock legitimate URLs, with some users potentially seeing previously flagged messages delivered as remediation proceeds; Microsoft has not provided scope or regional impact details yet.
A new open-source, cross-platform tool called Tirith hooks into major shells to inspect pasted commands for dangerous URLs and other homoglyph tricks, blocking execution locally with sub-millisecond overhead. It defends against homograph domains, terminal injections, pipe-to-shell patterns, dotfile hijacking, insecure transports, supply-chain risks, and credential exposure, while performing analysis offline and without telemetry. It supports Windows, Linux, and macOS and can be installed via Homebrew, apt/dnf, npm, Cargo, Nix, Scoop, Chocolatey, and Docker. It does not hook cmd.exe and has limited independent testing at publication.
A state-sponsored actor tracked as TGR-STA-1030/UNC6619, dubbed Shadow Campaigns, has compromised government and critical-infrastructure networks in 37 countries since early 2024, with reconnaissance activity touching 155 nations. The operation uses tailored phishing with a Diaoyu loader, exploits across multiple platforms, and a toolkit including Cobalt Strike, VShell, web shells, and a Linux kernel rootkit named ShadowGuard. It relies on legitimate VPS and proxy infrastructure and targets ministries, energy, finance, and diplomatic agencies, with activity intensifying around political events like elections. Unit 42 provides IoCs to help defenders detect and block these attacks.
A worldwide phishing campaign floods recipients with urgent emails claiming cloud-storage renewals failed, pushing them to a fake Google Cloud Storage link that redirects to scam pages impersonating cloud portals. The pages upsell a deceptive “loyalty” upgrade and collect credit card info, with the aim of affiliate revenue. Legitimate providers do not notify via such scans or require third-party security products, and users should delete the messages and verify billing directly on official sites.
Security experts warn that pop‑ups claiming your device is hacked—common in Chrome and Safari—are a form of scareware designed to scare you into paying, installing dubious software, or divulging credentials. Do not click any buttons in the warning. Instead, close the tab, run a trusted antivirus, update your browser and OS, and protect yourself with pop‑up blockers and safe browsing habits. If in doubt, verify alerts through official security sources rather than following in‑page prompts.
1Password’s browser extension will warn users and halt autofill when a clicked login link leads to a URL that doesn’t match the saved login, aiming to curb phishing. It’s not foolproof, can still be bypassed by manual login entry, and will rollout gradually with individual/family accounts enabled by default when available and business use requiring admin activation.
Cybersecurity researchers have uncovered a campaign targeting European hospitality staff using fake booking cancellation emails and BSoD pages to deliver the DCRat remote access trojan, employing sophisticated techniques like living-off-the-land methods and malware evasion tactics.
KrebsOnSecurity.com celebrates its 16th anniversary by highlighting its recent coverage on cybercrime, including sanctions against cybercriminal entities, major phishing and DDoS attacks, and the rise of powerful botnets like Aisuru and Kimwolf, with plans to investigate Kimwolf's origins in 2026. The site thanks its readers and encourages support through ads and newsletter subscriptions.
Cybersecurity researchers uncovered a targeted spear-phishing campaign using 27 malicious npm packages to host browser-based phishing lures mimicking document-sharing portals and Microsoft sign-in pages, primarily targeting organizations in critical infrastructure sectors across multiple countries. The campaign leverages package CDNs for resilient hosting, employs anti-analysis techniques, and hard-codes specific email addresses, with the goal of stealing login credentials. The activity highlights ongoing threats in the software supply chain, emphasizing the need for stringent dependency verification and monitoring.
Hackers exploit the holiday season when security teams are reduced and companies are less vigilant, leading to a spike in cyberattacks like ransomware and phishing, with many high-profile incidents occurring during this period. Security teams prepare months in advance, and AI tools are suggested to help mitigate burnout and improve defenses during this vulnerable time.
Google is suing a Chinese-speaking cybercriminal group called Darcula for sending massive scam text messages impersonating organizations like the IRS and USPS, aiming to seize their web infrastructure and stop their operations. The group has stolen nearly 900,000 credit card numbers and sent over 5,000 scam texts to Americans recently, highlighting the ongoing threat of cyber scams targeting U.S. citizens.
This weekly cybersecurity recap highlights active exploits and critical vulnerabilities in popular software like Apple, WinRAR, and .NET, along with emerging threats such as OAuth scams, sophisticated phishing campaigns, and state-sponsored cyber espionage, emphasizing the urgent need for timely security updates and vigilance.
Google has filed a lawsuit to dismantle the Lighthouse criminal enterprise responsible for widespread phishing scams targeting Americans through Telegram channels, aiming to stop the spread of scam texts like E-Z Pass and USPS notifications, and to hold the perpetrators accountable for wire fraud and other charges.
Google has filed a lawsuit against a Chinese-based cybercriminal group, dubbed the 'Smishing Triad,' responsible for a large-scale SMS phishing operation using a platform called 'Lighthouse' to steal sensitive information from over a million victims across 120 countries, aiming to dismantle the group and prevent further harm.