Social Engineering
TikTok Phishing: Alarming AiTM Campaign Targets Business Accounts
Beware of a sneaky new phishing campaign targeting TikTok Business accounts, using clever AiTM tactics to steal login credentials. Don't get caught out - stay vigilant and protect your account from these cunning cyber threats!
Phishing Surges with Alarming New Tactics This Tax Season
Tax season is here, and with it, a surge in phishing attacks that could leave you vulnerable to identity theft and financial loss. Don't wait until it's too late - stay ahead of cybercriminals and protect your sensitive info from their alarming new tactics.
Meta Disables 150K Accounts in Severe, Stunning Crackdown
Meta’s latest account takedowns—more than 150,000 disabled profiles and 21 arrests across multiple countries—show how platforms and law enforcement are finally pushing back against industrialized online scams.
Phishing Attacks Targeting Programmers: Exclusive Warning
Heads up — that routine coding challenge from a recruiter might be a trap: researchers say North Korean–linked actors are spoofing recruiters to get developers to run sample code that quietly installs spyware. Stay skeptical of unsolicited interview exercises and verify before running anything.
Multifaceted Phishing Scheme Stunningly Damages Bitpanda
Thousands of Bitpanda users are reeling after a sophisticated phishing campaign spun up convincing lookalike sites—with disposable domains and SSL certificates—to harvest credentials and fuel criminal markets. The attack shows how industrialized phishing‑as‑a‑service turns takedown efforts into whack‑a‑mole, leaving customers, companies and regulators scrambling to restore digital trust.
StopICE Hacked: Exclusive Alarming Agent Sabotage Claims
StopICE is warning users after an alarming incident: a suspected CBP agent allegedly sent unauthorized push notifications and texts falsely claiming users’ data were handed to authorities. The group says it doesn’t store usernames or addresses, but the scare shows how easily reporting can be intimidated.
LastPass Warns: Critical Phishing Steals Master Passwords
If you get a frantic LastPass email demanding a 24‑hour backup, pause — its a phishing campaign trying to steal your master password, the single key that unlocks everything in your vault. Never click the links or enter your master password — LastPass will never ask for that.
World Economic Forum: Stunning Face-Swapping Security Risk
Imagine your employee ID photo swapped in seconds and a stranger sounding exactly like your CEO — the World Economic Forum shows this isnt sci‑fi but a real, growing threat. Commercial deepfake tools can now defeat biometric and voice checks, turning familiar security cues into new attack vectors.
FBI Issues Critical Alert on Dangerous QR Phishing
Dont let a quick scan be your undoing: the FBI warns that QR-enabled spear-phishing is turning everyday convenience into a precision tool for state-backed espionage, tricking victims into handing over credentials or approving authentications that give attackers persistent access.
Phishing Attacks Exclusive: Critical Risk to Microsoft 365
Think an email from your CEO is safe? Microsoft 365 phishing campaigns now use cloud misconfigurations and device-code tricks to make external messages look internal and steal authentication tokens or MFA codes.
SMS Phishers: Exclusive Warning on Deceptive Points Scams
Think twice before tapping that text about an unclaimed tax refund or rewards — it could be a modern smishing trap. Commercial phishing kits now spin up lifelike checkout pages and spoof trusted senders to steal card data and convert it into fast, hard-to-trace mobile wallet cashouts.
SMS Phishers Exclusive: Dangerous Scams Hit Points, Taxes
That “urgent package” or “unclaimed tax refund” text could be a smishing trap — attackers are now using turnkey phishing kits to steal card details and even slip them into Apple Pay or Google Wallet. With fake storefronts and rewards‑point bait, fraud looks more like legitimate tap‑to‑pay than ever.
Meet Rey: Exclusive Look at Best-Run Lapsus$ Hunters
When Rey — long the shadowy operator and public face of the Scattered LAPSUS$ Hunters — agreed to be identified and speak, the story shifted from faceless hacks to a real person whose groups social‑engineering tactics fueled costly data thefts. That rare revelation forces hard questions about motive, responsibility, and how we defend against attacks that prey on human error.
SMS Phishers Exclusive: Dangerous Points and Tax Scams
One missed-package text emptied a persons bank account — and researchers warn SMS-based phishing (“smishing”) now converts stolen card data into Apple/Google Wallet tokens, turning your phone into a cash machine for criminals. Holiday shoppers and smartphone users: think twice before tapping links about deliveries, tolls, or tax refunds — these slick phishing kits make fraud fast and hard to undo.
Rey Exclusive: Inside the Best Scattered Lapsus$ Admin
When a reporter called his father and unmasked Rey, the public face of Scattered LAPSUS$ Hunters, it upended a group built on anonymity and exposed how social‑engineering, account takeovers and micropaid crowds power a new, scalable extortion playbook. The fallout forces a rare reckoning about motive, accountability—and the practical fixes defenders and regulators can’t ignore.
QR codes Exclusive Threat: Pyongyang’s Dangerous Phishing
Think twice before you scan: the FBI warns North Korean hackers are using QR-based quishing to turn innocent-looking codes into multi-step traps that steal cloud credentials and bypass enterprise defenses.
QR codes Stunning Pyongyang Phishing Threat
QR codes have gone from handy shortcuts to attack vectors—North Korean actors are using QR-based phishing to steal cloud credentials by hiding multi-step payloads inside seemingly legitimate scans. The real question now isnt whether to scan, but how to verify what the square tells you.
LinkedIn Job Scams: Exclusive Tips to Avoid Costly Fraud
When a recruiter asks for your LinkedIn password, it’s not hiring—it’s a trap. Learn simple, practical ways to spot fake job offers, protect your credentials, and keep your career and accounts safe from sophisticated scammers.
Russian Phishing Campaign: Exclusive ISO Stealer Threat
Exclusive: a Russian phishing campaign is circulating a stealthy ISO stealer — learn how it works and quick, practical steps to keep your data safe.
Threat Actors Use Stunning, Dangerous Calendar Subs
Think that calendar invite is safe? Threat actors are weaponizing calendar subscriptions—slipping phishing links, malware, or hidden instructions into benign-seeming invites hosted on trusted services, turning everyday convenience into a stealthy breach vector.
Black Friday Exclusive: 3 Dangerous Scams to Avoid
Black Friday scams are getting smarter—learn the three dangerous tricks scammers use and the simple steps you can take to protect your wallet and personal info.
Lapsus$ Hunters Pose Dangerous, Exclusive Threat to Zendesk
Patchable missteps meet crowd‑powered coercion: Scattered Lapsus$ Hunters are resurfacing with new phishing domains and social‑engineering tricks aimed at support tools like Zendesk. Compromised help‑desk credentials can give attackers an exclusive backdoor into customer and corporate data—so small lapses can have big consequences.
FBI Reveals Stunning Rise in Costly AI Phishing Scams
Imagine a voicemail that sounds exactly like your daughter begging for help — only its a scam. The FBI warns cheap AI tools are fueling a surge of hyper‑personalized phishing scams that have already cost victims hundreds of millions and can fool individuals, businesses, and banks alike.
Smishing Triad Impersonation Campaigns: Exclusive Threat
Think that bank-looking text is really from your provider? Smishing Triad attackers now pair believable sender IDs with lookalike Egyptian domains, SIM farms and hijacked devices to harvest credentials and bypass 2FA—one click can mean compromise.