Tag: phishing attacks
14 articles

Microsoft Warns of Device Code Phishing Attacks via Legitimate Website
Beware of device code phishing attacks that can trick you into giving away access to your accounts, even on legitimate websites. Hackers are using a clever tactic that exploits Microsoft's authentication endpoint to steal your credentials.

Avalon Malware Framework Targets Enterprise with CrownX Ransomware
Meet Avalon, a sneaky malware framework that's targeting enterprises with a potent ransomware punch, known as CrownX, and discover how it infiltrates systems through clever phishing tactics. This modular menace combines credential collection, lateral movement, and more into a single, reusable threat.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software
Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

AI Agents Vulnerable to Phishing Attacks, Expose Sensitive Data
Researchers put an AI agent named Pinchy to the test with classic phishing simulations, and the results were alarming: sometimes it fell for the bait, spilling sensitive data, and other times it successfully blocked the attacks. The experiment revealed a stark vulnerability - AI agents can be tricked into exposing confidential information.

AI Phishing Overwhelms SOCs, Exposing Gaps in Alert Triage
AI has transformed phishing from a numbers game into a volume machine, allowing attackers to churn out convincing lures in minutes and flood security teams with a tidal wave of alerts to sift through. This overwhelming surge is exposing gaps in alert triage, putting Tier 1 analysts to the test.

China-Linked TA4922 Expands Phishing Attacks Globally
Meet TA4922, a China-linked group rapidly expanding its phishing attacks worldwide, with a financially motivated agenda to infiltrate and exploit victim environments for data theft, fraud, and more. This threat actor is now targeting organizations globally, from the UK to Germany, Italy, and South Africa.

ChatGPT Vulnerability Exposes Users to Phishing Attacks via Web Summaries
Beware of ChatGPhish, a vulnerability in ChatGPT's web summarization feature that lets hackers disguise phishing attacks as harmless links and images. This security flaw could put you at risk of falling prey to scams via web summaries.

Phishing Attacks Expose Gaps in Early Detection
In just 40 seconds, ANY.RUN's interactive sandbox exposed the full attack chain of a phishing attack, revealing redirects, fake pages, and signs of possible remote access. This game-changing tool helps teams detect phishing threats early, providing concrete evidence of business exposure before it's too late.

Signal Bolsters Defenses Against Social Engineering, Phishing Attacks
Stay one step ahead of scammers with Signal's latest update, designed to help you spot fake profiles and phishing attempts with added confirmations and warning messages. You'll now see a "Name not verified" label and get richer safety tips to make sure you're chatting with the real deal.

Phishing Attacks Exploit Amazon SES to Evade Detection
Kaspersky researchers have uncovered a surge in phishing attacks that cleverly exploit Amazon's trusted email service to evade detection. By using valid Amazon SES credentials, attackers can send convincing phishing messages that slip past standard security checks.

Medtronic Breach Exposes Risks in Medical Tech Sector
The recent Medtronic data breach highlights a glaring vulnerability in the medical tech sector, with phishing attacks like this one proving that many organizations are still granting employees far more access than they need. Medtronic has confirmed the breach was contained within its corporate IT systems, with no evidence it impacted patient safety or product operations.

Phishing Attacks Exploit Email Blind Spots with Silent Subject Lines
Phishing attacks are on the rise, with a 13.9% surge in January and February, followed by a 7% increase in March, and cybercriminals are getting sneaky by using empty subject lines to bypass email defenses and pique human curiosity. By ditching the subject line, attackers are exploiting a blind spot that can trick both automated filters and human instincts.

Scattered Spider Member Pleads Guilty to $8 Million Crypto Heist
A 24-year-old British hacker, Tyler Robert Buchanan, has pleaded guilty to masterminding an $8 million crypto heist as part of the notorious Scattered Spider cybercrime group. His downfall began with a trail of seemingly harmless text messages that ultimately led to his guilty plea.

Microsoft Bolsters Windows Defenses Against Malicious Remote Desktop Files
Microsoft is stepping up its game to protect Windows users from phishing attacks that hide in plain sight as Remote Desktop files. The tech giant is introducing on-screen warnings and stricter default settings to help shield you from malicious .rdp files.