Skip to main content

Tag: phishing attacks

14 articles

Person working on laptop with blurred screen in home office setting.

Microsoft Warns of Device Code Phishing Attacks via Legitimate Website

Beware of device code phishing attacks that can trick you into giving away access to your accounts, even on legitimate websites. Hackers are using a clever tactic that exploits Microsoft's authentication endpoint to steal your credentials.

Analyst 207
Office workers in background, with a computer workstation and file cabinet in sharp focus in the foreground.

Avalon Malware Framework Targets Enterprise with CrownX Ransomware

Meet Avalon, a sneaky malware framework that's targeting enterprises with a potent ransomware punch, known as CrownX, and discover how it infiltrates systems through clever phishing tactics. This modular menace combines credential collection, lateral movement, and more into a single, reusable threat.

Analyst 207
Office worker sits at desk with laptop, surrounded by papers, with a concerned expression.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software

Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

Analyst 207
Laptop on office desk with smartphone and notepad, in front of blurred window background.

AI Agents Vulnerable to Phishing Attacks, Expose Sensitive Data

Researchers put an AI agent named Pinchy to the test with classic phishing simulations, and the results were alarming: sometimes it fell for the bait, spilling sensitive data, and other times it successfully blocked the attacks. The experiment revealed a stark vulnerability - AI agents can be tricked into exposing confidential information.

Analyst 207
Security analysts work at computer stations in a dimly lit operations center.

AI Phishing Overwhelms SOCs, Exposing Gaps in Alert Triage

AI has transformed phishing from a numbers game into a volume machine, allowing attackers to churn out convincing lures in minutes and flood security teams with a tidal wave of alerts to sift through. This overwhelming surge is exposing gaps in alert triage, putting Tier 1 analysts to the test.

Analyst 207
Laptop on a cluttered office desk with papers and supplies nearby.

China-Linked TA4922 Expands Phishing Attacks Globally

Meet TA4922, a China-linked group rapidly expanding its phishing attacks worldwide, with a financially motivated agenda to infiltrate and exploit victim environments for data theft, fraud, and more. This threat actor is now targeting organizations globally, from the UK to Germany, Italy, and South Africa.

Analyst 207
Person working at desk with laptop showing ChatGPT summary page surrounded by papers.

ChatGPT Vulnerability Exposes Users to Phishing Attacks via Web Summaries

Beware of ChatGPhish, a vulnerability in ChatGPT's web summarization feature that lets hackers disguise phishing attacks as harmless links and images. This security flaw could put you at risk of falling prey to scams via web summaries.

Analyst 207
Security analyst working at a workstation surrounded by screens in a bright operations center.

Phishing Attacks Expose Gaps in Early Detection

In just 40 seconds, ANY.RUN's interactive sandbox exposed the full attack chain of a phishing attack, revealing redirects, fake pages, and signs of possible remote access. This game-changing tool helps teams detect phishing threats early, providing concrete evidence of business exposure before it's too late.

Analyst 207
Smartphone screen showing messaging interface with blurred contacts and verified name label.

Signal Bolsters Defenses Against Social Engineering, Phishing Attacks

Stay one step ahead of scammers with Signal's latest update, designed to help you spot fake profiles and phishing attempts with added confirmations and warning messages. You'll now see a "Name not verified" label and get richer safety tips to make sure you're chatting with the real deal.

Analyst 207
Cloud-based email service dashboard on laptop screen with blurred interface, surrounded by a brightly-lit institutional…

Phishing Attacks Exploit Amazon SES to Evade Detection

Kaspersky researchers have uncovered a surge in phishing attacks that cleverly exploit Amazon's trusted email service to evade detection. By using valid Amazon SES credentials, attackers can send convincing phishing messages that slip past standard security checks.

Analyst 207
Hospital corridor with medical staff, laptop and device in foreground.

Medtronic Breach Exposes Risks in Medical Tech Sector

The recent Medtronic data breach highlights a glaring vulnerability in the medical tech sector, with phishing attacks like this one proving that many organizations are still granting employees far more access than they need. Medtronic has confirmed the breach was contained within its corporate IT systems, with no evidence it impacted patient safety or product operations.

Analyst 207
Office cubicle with open laptop showing an email inbox with a blank subject line on a cluttered desk.

Phishing Attacks Exploit Email Blind Spots with Silent Subject Lines

Phishing attacks are on the rise, with a 13.9% surge in January and February, followed by a 7% increase in March, and cybercriminals are getting sneaky by using empty subject lines to bypass email defenses and pique human curiosity. By ditching the subject line, attackers are exploiting a blind spot that can trick both automated filters and human instincts.

Analyst 207
Person in hoodie with obscured face pleading, surrounded by code and scattered items on a desk.

Scattered Spider Member Pleads Guilty to $8 Million Crypto Heist

A 24-year-old British hacker, Tyler Robert Buchanan, has pleaded guilty to masterminding an $8 million crypto heist as part of the notorious Scattered Spider cybercrime group. His downfall began with a trail of seemingly harmless text messages that ultimately led to his guilty plea.

Analyst 207
Cityscape at dusk with a slightly ajar gate and a laptop screen displaying a blue glow, symbolizing secure defenses.

Microsoft Bolsters Windows Defenses Against Malicious Remote Desktop Files

Microsoft is stepping up its game to protect Windows users from phishing attacks that hide in plain sight as Remote Desktop files. The tech giant is introducing on-screen warnings and stricter default settings to help shield you from malicious .rdp files.

Analyst 207