Phishing

Phishers try to lure 5K Facebook advertisers with fake business pages

One company alone was hit with more than 4,200 emails

Security10 Nov 2025 | 1

Attackers targeting unpatched Cisco kit notice malware implant removal, install it again

Infosec in brief PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more

Security02 Nov 2025 | 1

Iran's MuddyWater wades into 100+ government networks in latest spying spree

Group-IB says Tehran-linked crew used hijacked mailbox and VPN to sling phishing emails across Middle East

Security24 Oct 2025 |

AI makes phishing 4.5x more effective, Microsoft says

And potentially 50 times more profitable

Cybersecurity Month16 Oct 2025 | 9

Chinese phishing kit helps scammers who send fake texts impersonate TikTok, Coinbase, others

Exclusive Researchers tracking 2,158 domains hosting YYlaiyu phishing pages

Cybersecurity Month10 Oct 2025 | 3

New string of phishing attacks targets Python developers

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password

Cyber-crime24 Sep 2025 | 3

Microsoft blocks bait for ‘fastest-growing’ 365 phish kit, seizes 338 domains

Redmond names alleged ringleader, claims 5K+ creds stolen and $100k pocketed

Cyber-crime16 Sep 2025 | 5

Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand

Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim

Cyber-crime11 Sep 2025 | 1

ZipLine attack uses 'Contact Us' forms, White House butler pic to invade sensitive industries

'Many dozens' targeted in ongoing campaign, CheckPoint researcher tells The Reg

Cyber-crime26 Aug 2025 | 6

'Impersonation as a service' the next big thing in cybercrime

Underground forums now recruiting English-speaking social engineers

Cyber-crime21 Aug 2025 | 1

Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons

Devs told to exercise 'extreme caution' with emails disguised as account update prompts

Cyber-crime04 Aug 2025 | 7

Massive spike in use of .es domains for phishing abuse

¡Cuidado! Time to double-check before entering your Microsoft creds

Security05 Jul 2025 | 17

ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies

Crims have cottoned on to a new way to lead you astray

Research03 Jul 2025 | 24

That WhatsApp from an Israeli infosec expert could be a Iranian phish

Charming Kitten unsheathes its claws and tries to catch credentials

Cyber-crime26 Jun 2025 | 2

DeepSeek installer or just malware in disguise? Click around and find out

'BrowserVenom' is pure poison

Cyber-crime11 Jun 2025 | 5

Hire me! To drop malware on your computer

FIN6 moves from point-of-sale compromise to phishing recruiters

Cyber-crime11 Jun 2025 | 3

Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry

Because coding phishing sites from scratch is a real pain in the neck

Cyber-crime25 Apr 2025 | 5

Scattered Spider stops the Rickrolls, starts the RAT race

Despite arrests, eight-legged menace targeted more victims this year

Research08 Apr 2025 | 5

Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish

16,000 stolen records pertain to former and active mail subscribers

Cyber-crime25 Mar 2025 | 37

That 'angry guest' email from Booking.com? It's a scam, not a 1-star review

Phishers check in, your credentials check out, Microsoft warns

Research13 Mar 2025 | 9

Rather than add a backdoor, Apple decides to kill iCloud encryption for UK peeps

Infosec in brief Plus: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more

Security24 Feb 2025 | 89

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir

CSO15 Feb 2025 | 27

India's banking on the bank.in domain cleaning up its financial services sector

With over 2,000 banks in operation, a domain only they can use has potential to make life harder for fraudsters

Security10 Feb 2025 | 16

DeepSeek's iOS app is a security nightmare, and that's before you consider its TikTok links

Infosec In Brief PLUS: Spanish cops think they've bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more!

Security10 Feb 2025 | 23

Google takes action after coder reports 'most sophisticated attack I've ever seen'

Latest trope is tricky enough to fool even the technical crowd… almost

Cyber-crime27 Jan 2025 | 32

Europe coughs up €400 to punter after breaking its own GDPR data protection rules

Infosec in brief PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more

Security13 Jan 2025 | 15

It's only a matter of time before LLMs jump start supply-chain attacks

Interview 'The greatest concern is with spear phishing and social engineering'

Security29 Dec 2024 | 58

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns

Cyber-crime19 Dec 2024 | 17

Phishers cast wide net with spoofed Google Calendar invites

Not that you needed another reason to enable the 'known senders' setting

Cyber-crime18 Dec 2024 | 17

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Damage likely limited to those running bots with private PKI access

Cyber-crime05 Dec 2024 | 7

Russian spies may have moved in next door to target your network

Infosec in brief Plus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more

Security25 Nov 2024 | 22

Helpline for Yakuza victims fears it leaked their personal info

Organized crime types tend not to be kind to those who go against them, so this is nasty

Security22 Nov 2024 | 20

Don't open that 'copyright infringement' email attachment – it's an infostealer

Curiosity gives crims access to wallets and passwords

Research07 Nov 2024 | 21

Russian spies use remote desktop protocol files in unusual mass phishing drive

The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel

Cyber-crime30 Oct 2024 | 17

ESET denies it was compromised as Israeli orgs targeted with 'ESET-branded' wipers

Says 'limited' incident isolated to 'partner company'

Security18 Oct 2024 | 3

Microsoft says more ransomware stopped before reaching encryption

Volume of attacks still surging though, according to Digital Defense Report

Cyber-crime15 Oct 2024 | 6

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more

Security12 Oct 2024 | 11

OpenAI says Chinese gang tried to phish its staff

Claims its models aren't making threat actors more sophisticated - but is helping debug their code

Cybersecurity Month10 Oct 2024 | 4

If you're holding important data, Iran is probably trying spearphish it

It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them

Cyber-crime30 Sep 2024 | 3

Mind your header! There's nothing refreshing about phishers' latest tactic

It could lead to a costly BEC situation

Research12 Sep 2024 | 2

Kremlin-linked COLDRIVER crooks take pro-democracy NGOs for phishy ride

The latest of many attempts to stifle perceived threats to Putin's regime

Security09 Sep 2024 | 10

Novel attack on Windows spotted in phishing campaign run from and targeting China

Resources hosted at Tencent Cloud involved in Cobalt Strike campaign

Research02 Sep 2024 | 3

This uni thought it would be a good idea to do a phishing test with a fake Ebola scare

Needless to say, it backfired in a big way

CSO22 Aug 2024 | 116

Iran named as source of Trump campaign phish, leaks

Political stirrer Roger Stone may have been a weak link after personal emails cracked

Security20 Aug 2024 | 40

Google raps Iran's APT42 for raining down spear-phishing attacks

US politicians and Israeli officials among the top targets for the IRGC’s cyber unit

Research15 Aug 2024 | 1

Orion SA says scammers conned company out of $60 million

Incident sounds like a BEC fraud targeting an unwitting staffer

Cyber-crime13 Aug 2024 | 7

Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net

A simple HTML change and the warning is gone!

Research07 Aug 2024 | 12

Users call on Microsoft to update Outlook's friendly name feature

That one weird thing in Outlook that gives phishers and scammers an in to an inbox

Security06 Aug 2024 | 76

'LockBit of phishing' EvilProxy used in more than a million attacks every month

Insight Leaves a trail of ransomware infections, data theft, business email compromise in its wake

Malware Month30 Jul 2024 | 7

Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis

Latest trend follows various malware campaigns that began just hours after IT calamity

Cyber-crime23 Jul 2024 | 4

Singapore's banks to ditch texted one-time passwords

Accessibility be damned, preventing phishing is the priority

Security12 Jul 2024 | 41

Cops cuff 22-year-old Brit suspected of being Scattered Spider leader

Spanish plod make arrest at airport before he jetted off to Italy

Cyber-crime17 Jun 2024 | 22

Two cuffed over suspected smishing campaign using 'text message blaster'

Thousands of dodgy SMSes bypassed network filters in UK-first case, it is claimed

Cyber-crime10 Jun 2024 | 23

Google guru roasts useless phishing tests, calls for fire drill-style overhaul

Current approaches aren't working and demonize security teams

Security23 May 2024 | 57

US charges Iranians with cyber snooping on government, companies

Their holiday options are now far more restricted

Cyber-crime24 Apr 2024 |

Fraudsters abused Apple Stores' third-party pickup policy to phish for profits

Black Hat Asia Scam prevalent across Korea and Japan actually had some winners

Cyber-crime18 Apr 2024 | 2