All articles tagged with #phishing
Cybersecurity researchers have uncovered a campaign targeting European hospitality staff using fake booking cancellation emails and BSoD pages to deliver the DCRat remote access trojan, employing sophisticated techniques like living-off-the-land methods and malware evasion tactics.
KrebsOnSecurity.com celebrates its 16th anniversary by highlighting its recent coverage on cybercrime, including sanctions against cybercriminal entities, major phishing and DDoS attacks, and the rise of powerful botnets like Aisuru and Kimwolf, with plans to investigate Kimwolf's origins in 2026. The site thanks its readers and encourages support through ads and newsletter subscriptions.
Cybersecurity researchers uncovered a targeted spear-phishing campaign using 27 malicious npm packages to host browser-based phishing lures mimicking document-sharing portals and Microsoft sign-in pages, primarily targeting organizations in critical infrastructure sectors across multiple countries. The campaign leverages package CDNs for resilient hosting, employs anti-analysis techniques, and hard-codes specific email addresses, with the goal of stealing login credentials. The activity highlights ongoing threats in the software supply chain, emphasizing the need for stringent dependency verification and monitoring.
Hackers exploit the holiday season when security teams are reduced and companies are less vigilant, leading to a spike in cyberattacks like ransomware and phishing, with many high-profile incidents occurring during this period. Security teams prepare months in advance, and AI tools are suggested to help mitigate burnout and improve defenses during this vulnerable time.
Google is suing a Chinese-speaking cybercriminal group called Darcula for sending massive scam text messages impersonating organizations like the IRS and USPS, aiming to seize their web infrastructure and stop their operations. The group has stolen nearly 900,000 credit card numbers and sent over 5,000 scam texts to Americans recently, highlighting the ongoing threat of cyber scams targeting U.S. citizens.
This weekly cybersecurity recap highlights active exploits and critical vulnerabilities in popular software like Apple, WinRAR, and .NET, along with emerging threats such as OAuth scams, sophisticated phishing campaigns, and state-sponsored cyber espionage, emphasizing the urgent need for timely security updates and vigilance.
Google has filed a lawsuit to dismantle the Lighthouse criminal enterprise responsible for widespread phishing scams targeting Americans through Telegram channels, aiming to stop the spread of scam texts like E-Z Pass and USPS notifications, and to hold the perpetrators accountable for wire fraud and other charges.
Google has filed a lawsuit against a Chinese-based cybercriminal group, dubbed the 'Smishing Triad,' responsible for a large-scale SMS phishing operation using a platform called 'Lighthouse' to steal sensitive information from over a million victims across 120 countries, aiming to dismantle the group and prevent further harm.
Google has filed a lawsuit against the Chinese-based Lighthouse organization, which provides software and support for online scammers involved in phishing and smishing attacks worldwide, aiming to deter their operations and protect users from financial fraud and identity theft.
Google has filed a lawsuit to dismantle Lighthouse, a network providing tools for large-scale phishing scams that create fake websites to steal sensitive information, affecting millions of potential victims. The company aims to have the scheme declared illegal and removed from the internet, while supporting legislation to combat such scams.
Google is suing 25 individuals involved in a large-scale scam text operation using a phishing-as-a-service platform called Lighthouse, which has been responsible for billions of dollars in fraud through impersonation and scam messages globally.
Passkeys are a more secure and user-friendly alternative to passwords, using public-key cryptography to prevent theft and phishing, but widespread adoption is still in progress, so maintaining strong password habits remains important.
The article discusses concerns about over-reliance on AI like ChatGPT for technical tasks, highlighting how simple tasks like base64 decoding are better done with traditional tools, and warns about sophisticated phishing and malware attacks that can be easily disguised and scaled, emphasizing the importance of skepticism and proper security measures.
A new Android spyware called ClayRat is impersonating popular apps like WhatsApp and TikTok to infect Russian users via phishing sites and Telegram channels, capable of stealing messages, call logs, photos, and making calls, with over 600 samples detected in three months, and now blocked by Google Play Protect.
ClayRat is a sophisticated Android spyware campaign targeting users in Russia by impersonating popular apps like WhatsApp and TikTok through fake websites and Telegram channels. It can exfiltrate sensitive data, take photos, and propagate itself by sending malicious links to contacts. The malware uses obfuscation and fake app installers to bypass security measures, and while Google Play Protect offers some protection, the threat highlights ongoing risks from pre-installed apps with elevated privileges.