Skip to main content

Tag: spearphishing

10 articles

Smartphone on a cluttered desk shows a blurred malicious link on its screen.

WhatsApp Disrupts NSO Group's Spearphishing Campaign

WhatsApp has successfully shut down a sneaky phishing campaign by notorious spyware firm NSO Group, which tried to trick users into clicking malicious links to spy on them. The messaging giant is now asking a US court to hold NSO Group accountable for violating a ban on targeting users.

Analyst 207
machine learning and generative AI: Must-Have Cyber Risks

machine learning and generative AI: Must-Have Cyber Risks

When a single ransomware strike toppled 158‑year‑old Passwork KNP and put 700 people out of work, it exposed how machine learning and generative AI have made powerful cyberattacks cheap and easy; consider this a wake‑up call to harden defenses, test backups, and treat cyber risk as core operational priority.

Analyst 207
WooperStealer and Anondoor: Exclusive Dangerous Threat

WooperStealer and Anondoor: Exclusive Dangerous Threat

A new wave of phishing attacks tied to the Confucius actor is using WooperStealer and Anondoor to harvest credentials and establish long-term access in Pakistani networks, putting government, military, and critical infrastructure at risk. Simple steps like enforcing MFA, patching systems, and running realistic phishing training can sharply reduce exposure—now’s the time to harden defenses.

Analyst 207
Generative AI: Stunning, Dangerous Scam Surge

Generative AI: Stunning, Dangerous Scam Surge

When a convincing video or familiar voice asks for money, generative AI makes the split-second choice to trust or verify riskier than ever; Bruce Schneier’s “Scam GPT” reveals how cheap, scalable synthetic text, images and voices are automating old cons and spawning new ones. We’ll need smarter tech, clearer rules and stronger community safeguards to keep deception from becoming the new normal.

Analyst 207
SVG files: Exclusive Risky Threat Exposed

SVG files: Exclusive Risky Threat Exposed

Researchers uncovered a clever phishing campaign weaponizing innocent-looking SVG images to deliver a chain of malware — including PureRAT — that’s been targeting ministries, aid groups, and civilians in Ukraine and Vietnam. Stay wary of unexpected attachments and verify senders before you click, because even an image can be the gateway to credential theft and hidden cryptomining.

Analyst 207
Formbook: Exclusive Devastating Phishing Risk

Formbook: Exclusive Devastating Phishing Risk

From a biotech lab in Minsk to a tour operator in Almaty, dozens of organizations across Belarus, Kazakhstan and Russia were targeted by a tailored phishing campaign that deployed the notorious Formbook trojan—now linked by researchers to a new actor called ComicForm and possibly tied to SectorJ149. The case is a sharp reminder that proven malware plus savvy social engineering lets small groups steal credentials across sectors, so adding MFA, least‑privilege controls and behavioral monitoring is more important than ever.

Analyst 207
cyber espionage: Dangerous Exclusive Threat to Trade

cyber espionage: Dangerous Exclusive Threat to Trade

China-backed hackers impersonated a U.S. congressman to snoop on trade deliberations, using tailored spear-phishing to harvest credentials and gain persistent access to policymakers, think tanks and law firms. Proofpoint warns this stealthy campaign undermines trust in policymaking and shows why stronger email defenses, MFA and tighter operational security are urgently needed.

Analyst 207
military ID cards: Exclusive Risky AI Forgeries

military ID cards: Exclusive Risky AI Forgeries

North Korean-linked hackers are using ChatGPT and image AI to forge photorealistic military IDs and craft highly convincing spear-phishing lures that can fool even seasoned professionals. It’s a wake-up call: stronger verification, cryptographic signing and vigilant cyber-hygiene are now essential to stop AI-enabled deception.

Analyst 207
spear-phishing campaign: Risky North Korean Tactic Exposed

spear-phishing campaign: Risky North Korean Tactic Exposed

North Korea’s APT37 is luring South Koreans with real-looking internal briefings, turning trusted emails into powerful espionage tools — a wake-up call to strengthen MFA, behavior-based detection, and cross‑agency info sharing.

Analyst 207
North Korean cyber-espionage: Exclusive Dangerous Campaign

North Korean cyber-espionage: Exclusive Dangerous Campaign

Imagine getting a flawless meeting invite from a trusted colleague that’s actually a spy—researchers found a North Korean campaign using believable calendar invites and GitHub-hosted malware to target diplomats and foreign ministry staff. The attack’s clever blend of social engineering and mainstream developer tools shows how easily trust can be weaponized, risking sensitive negotiations and long-term access to government networks.

Analyst 207