If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir CSO15 Feb 2025 | 18
India's banking on the bank.in domain cleaning up its financial services sector With over 2,000 banks in operation, a domain only they can use has potential to make life harder for fraudsters Security10 Feb 2025 | 16
DeepSeek's iOS app is a security nightmare, and that's before you consider its TikTok links Infosec In Brief PLUS: Spanish cops think they've bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more! Security10 Feb 2025 | 23
Google takes action after coder reports 'most sophisticated attack I've ever seen' Latest trope is tricky enough to fool even the technical crowd… almost Cyber-crime27 Jan 2025 | 32
Europe coughs up €400 to punter after breaking its own GDPR data protection rules Infosec in brief PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more Security13 Jan 2025 | 15
It's only a matter of time before LLMs jump start supply-chain attacks Interview 'The greatest concern is with spear phishing and social engineering' Security29 Dec 2024 | 58
Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns Cyber-crime19 Dec 2024 | 17
Phishers cast wide net with spoofed Google Calendar invites Not that you needed another reason to enable the 'known senders' setting Cyber-crime18 Dec 2024 | 17
Solana blockchain's popular web3.js npm package backdoored to steal keys, funds Damage likely limited to those running bots with private PKI access Cyber-crime05 Dec 2024 | 7
Russian spies may have moved in next door to target your network Infosec in brief Plus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more Security25 Nov 2024 | 22
Helpline for Yakuza victims fears it leaked their personal info Organized crime types tend not to be kind to those who go against them, so this is nasty Security22 Nov 2024 | 21
Don't open that 'copyright infringement' email attachment – it's an infostealer Curiosity gives crims access to wallets and passwords Research07 Nov 2024 | 21
Russian spies use remote desktop protocol files in unusual mass phishing drive The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel Cyber-crime30 Oct 2024 | 18
ESET denies it was compromised as Israeli orgs targeted with 'ESET-branded' wipers Says 'limited' incident isolated to 'partner company' Cybersecurity Month18 Oct 2024 | 3
Microsoft says more ransomware stopped before reaching encryption Volume of attacks still surging though, according to Digital Defense Report Cyber-crime15 Oct 2024 | 6
US and UK govts warn: Russia scanning for your unpatched vulnerabilities in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more Security12 Oct 2024 | 11
OpenAI says Chinese gang tried to phish its staff Claims its models aren't making threat actors more sophisticated - but is helping debug their code Cybersecurity Month10 Oct 2024 | 4
If you're holding important data, Iran is probably trying spearphish it It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them Cyber-crime30 Sep 2024 | 6
Mind your header! There's nothing refreshing about phishers' latest tactic It could lead to a costly BEC situation Research12 Sep 2024 | 2
Kremlin-linked COLDRIVER crooks take pro-democracy NGOs for phishy ride The latest of many attempts to stifle perceived threats to Putin's regime Security09 Sep 2024 | 10
Novel attack on Windows spotted in phishing campaign run from and targeting China Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Research02 Sep 2024 | 3
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare Needless to say, it backfired in a big way CSO22 Aug 2024 | 118
Iran named as source of Trump campaign phish, leaks Political stirrer Roger Stone may have been a weak link after personal emails cracked Security20 Aug 2024 | 40
Google raps Iran's APT42 for raining down spear-phishing attacks US politicians and Israeli officials among the top targets for the IRGC’s cyber unit Research15 Aug 2024 | 1
Orion SA says scammers conned company out of $60 million Incident sounds like a BEC fraud targeting an unwitting staffer Cyber-crime13 Aug 2024 | 7
Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net A simple HTML change and the warning is gone! Research07 Aug 2024 | 13
Users call on Microsoft to update Outlook's friendly name feature That one weird thing in Outlook that gives phishers and scammers an in to an inbox Security06 Aug 2024 | 76
'LockBit of phishing' EvilProxy used in more than a million attacks every month Insight Leaves a trail of ransomware infections, data theft, business email compromise in its wake Malware Month30 Jul 2024 | 7
Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis Latest trend follows various malware campaigns that began just hours after IT calamity Cyber-crime23 Jul 2024 | 4
Singapore's banks to ditch texted one-time passwords Accessibility be damned, preventing phishing is the priority Security12 Jul 2024 | 41
Cops cuff 22-year-old Brit suspected of being Scattered Spider leader Spanish plod make arrest at airport before he jetted off to Italy Cyber-crime17 Jun 2024 | 22
Two cuffed over suspected smishing campaign using 'text message blaster' Thousands of dodgy SMSes bypassed network filters in UK-first case, it is claimed Cyber-crime10 Jun 2024 | 23
Google guru roasts useless phishing tests, calls for fire drill-style overhaul Current approaches aren't working and demonize security teams Security23 May 2024 | 57
US charges Iranians with cyber snooping on government, companies Their holiday options are now far more restricted Cyber-crime24 Apr 2024 |
Fraudsters abused Apple Stores' third-party pickup policy to phish for profits Black Hat Asia Scam prevalent across Korea and Japan actually had some winners Cyber-crime18 Apr 2024 | 2
Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op Feature Police emit Spotify Wrapped-style videos to let crims know they're being hunted Security18 Apr 2024 | 13
X fixes URL blunder that could enable convincing social media phishing campaigns Poorly implemented rule allowed miscreants to deceive users with trusted URLs CSO10 Apr 2024 | 27
China encouraged armed offensive against Myanmar government to protest proliferation of online scams Report claims Beijing is most displeased by junta's failure to address slave labor scam settlements Cyber-crime28 Mar 2024 | 5
As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims Wave of Okta attacks mark what researchers are calling the biggest security trend of the year Research15 Mar 2024 | 15
Iranian charged over attacks against US defense contractors, government agencies $10M bounty for anyone with info leading to Alireza Shafie Nasab's identification or location Security01 Mar 2024 | 3
Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond Plenty of successful attacks observed with dangerous follow-on activity Cyber-crime13 Feb 2024 | 6
Deepfake CFO tricks Hong Kong biz out of $25 million Recordings of past vidchats suspected as source of fakery – so there's another class of data you need to lock down AI + ML05 Feb 2024 | 27
BreachForums admin 'Pompourin' sentenced to 20 years of supervised release Infosec in brief Also: Another UEFI flaw found; Kaspersky discovers iOS log files actually work; and a few critical vulnerabilities Security22 Jan 2024 | 16
ShinyHunters chief phisherman gets 3 years, must cough up $5M Sebastien Raoult developed various credential-harvesting websites over more than 2 years Cyber-crime10 Jan 2024 | 5
Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials Research highlights how major attacks like those exploiting Booking.com are executed Cyber-crime20 Dec 2023 | 20
Hershey phishes! Crooks snarf chocolate lovers' creds Stealing Kit Kat maker's data?! Give me a break Security04 Dec 2023 | 48
Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence Research27 Oct 2023 | 1
Telcos should compensate phished subscribers, suggests Singapore Regulator reckons letting scam texts through is a culpable act Cybersecurity Month26 Oct 2023 | 6
Pro-Russia group exploits Roundcube zero-day in attacks on European government emails With this zero-day, researchers say the 'scrappy' group is stepping up its operations Cyber-crime25 Oct 2023 | 4
D-Link clears up 'exaggerations' around data breach Who knew 3 million actually means 700 in cybercrime forum lingo? Cyber-crime18 Oct 2023 | 5
South Korea accuses North of Phish and Ships attack Kim Jong-un looks at industry's progress with green eyes, says South Korea's spy agency Cyber-crime05 Oct 2023 |
Singapore may split liability for phishing losses between banks and victims Won't someone please think of the banks? Cyber-crime20 Sep 2023 | 14
More Okta customers trapped in Scattered Spider's web Oktapus phishing campaign criminals are back in action Cyber-crime01 Sep 2023 |
US government to investigate China's Microsoft email breach Infosec in brief PLUS: Phishing campaign targets the C-suite; Cybercrime arrests in EU and Africa; and more Security14 Aug 2023 | 1
INTERPOL shutters '16shop' phishing-as-a-service outfit Alleged administrator cuffed in Indonesia, associate arrested in Japan, accused of selling fake Amazons for $60 Security09 Aug 2023 |
American and Southwest Airlines pilot candidate data exposed Time to start practising identity protection Cyber-crime26 Jun 2023 | 2
North Korea created very phishy evil twin of Naver, South Korea's top portal Think of it as a fake Google tuned for credential capture and you'll understand why authorities want to kill it Security15 Jun 2023 | 9
Posing as journalists, Pink Drainer pilfers $3.3M in crypto First the interview, then the phishing attack Cyber-crime12 Jun 2023 | 10
You might have been phished by the gang that stole North Korea’s lousy rocket tech US, South Korea, warn 'Kimsuky' is a very sophisticated social engineer Security02 Jun 2023 | 13
Ads for lucrative jobs in Asia fail to mention chance of slavery as crypto-scammer FBI warns jobseekers to be very skeptical of working holidays in Cambodia Cyber-crime23 May 2023 | 17
Russia's APT28 targets Ukraine government with bogus Windows updates Nasty emails designed to infect systems with info-stealing malware Cyber-crime02 May 2023 | 4
ChatGPT fans need 'defensive mindset' to avoid scammers and malware Palo Alto Networks spots suspicious activity spikes such as naughty domains, phishing, and worse AI + ML21 Apr 2023 | 4