Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. ” continues the report.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 334

Hacking Cybercrime Phishing Passwords 334

Schneier on Security

JULY 13, 2021

In subsequent phishing emails, TA453 shifted their tactics and began delivering the registration link earlier in their engagement with the target without requiring extensive conversation. The compromised site was configured to capture a variety of credentials.

Hacking 362

Hacking Phishing Accountability Cybersecurity 362

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Some of those lures worked, and allowed thieves to gain control over booking.com accounts.

Phishing 257

Phishing Malware Scams Passwords 257

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing 103

Phishing Identity Theft Cryptocurrency Cybercrime 103

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing 325

Phishing DNS Social Engineering Accountability 325

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. government for its hacking operations, CEO Eugene Kaspersky says he ordered workers to delete the code.

Malware 241

Malware Antivirus Software DDOS 241

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking 326

Hacking Social Engineering Phishing Scams 326

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing 95

Phishing Accountability Authentication Advertising 95

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.

Accountability 362

Accountability Hacking Authentication Marketing 362

Security Affairs

MARCH 24, 2025

“Cloaks attack strategy involves acquiring network access through Initial Access Brokers (IABs) or social engineering methods such as phishing, malvertising, exploit kits, and drive-by downloads disguised as legitimate updates like Microsoft Windows installers.” .” reads a report published by Halcyon.

Ransomware 101

Ransomware Hacking Social Engineering VPN 101

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 280

Phishing Cybercrime Malware Advertising 280

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. On May 9, MetrixCoin reported that its Discord server was hacked, with fake airdrop details pushed to all users.

Hacking 340

Hacking Accountability Scams Cryptocurrency 340

Schneier on Security

FEBRUARY 11, 2022

The initial breach came after a HSE staff member interacted with a malicious Microsoft Office Excel file attached to a phishing email; numerous subsequent alerts were not effectively investigated. Over 30,000 machines were running Windows 7 (out of support since January 2020).

Antivirus 354

Antivirus Hacking Ransomware CISO 354

Security Affairs

NOVEMBER 23, 2024

Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation. Microsoft announced the disruption of the ONNX phishing service, another success against cybercrime which led to the seizure of 240 sites. Microsoft has tracked Nady, linked to phishing services since 2017.

Phishing 71

Phishing Cybercrime Financial Services Media 71

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Meanwhile, while business logic hacks, supply chain holes, and cyber extortion continue to loom large. Attackers arent hacking in theyre logging in.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 229

Phishing Passwords Internet Internet 229

Krebs on Security

AUGUST 29, 2023

QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders. Qbot and Pinkslipbot ) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.

Hacking 309

Hacking Malware Ransomware Government 309

Penetration Testing

JULY 26, 2024

On the popular pirate e-book site Z-Library, or rather its phishing clone Z-lib, created in late 2022, there was a recent data breach affecting nearly 10 million users. On June 27, 2024, the Cybernews... The post 10 Million Users Compromised in Z-Library Phishing Site Hack appeared first on Cybersecurity News.

Phishing 128

Phishing Hacking Data breaches Cybersecurity 128

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. Compounding the confusion, on Sept.

Hacking 300

Hacking Identity Theft Government Phishing 300

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals.

Cybercrime 108

Cybercrime Identity Theft Cryptocurrency Phishing 108

Security Affairs

JANUARY 16, 2025

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.

Accountability 121

Accountability Phishing Government Hacking 121

SecureWorld News

FEBRUARY 26, 2025

Well-known crypto researcher ZachXBT reached the same conclusion as Elliptic, sharing his analysis on X: Lazarus Group just connected the Bybit hack to the Phemex hack directly on-chain commingling funds from the intial theft address for both incidents. Farronato further emphasized that immediate and decisive action is necessary.

Hacking 75

Hacking Cryptocurrency Cyber threats Malware 75

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Some of those hacked accounts already had hundreds of other legitimate ads running, and one of them was for a popular Taiwanese electronics company.

Advertising 133

Advertising Accountability Phishing Scams 133

Krebs on Security

FEBRUARY 3, 2022

The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. Urlscan also found this phishing scam from Jan.

Phishing 358

Phishing Marketing Scams Accountability 358

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. ” The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website.”

Phishing 111

Phishing Scams Malware Authentication 111

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. TARGETED PHISHING. The targeted phishing message that went out to classicfootballshirts.co.uk So hopefully by this point it should be clear why re-using passwords is generally a bad idea. customers this month.

Passwords 363

Passwords Password Management Phishing Scams 363

Hacker's King

DECEMBER 28, 2024

Data breaches and account hacks are a growing concern for users, especially with the personal and professional information shared on the platform. If youre worried about your Instagram account being hacked , it's essential to take proactive steps to protect your data. Revoke access to any app you no longer use or trust.

Data breaches 52

Data breaches Hacking Passwords Accountability 52

Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 108

Cryptocurrency Hacking Phishing Cyber Attacks 108

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. Korean and Chinese authorities dismantled a voice phishing syndicate that caused $1.1B in losses to 1,900+ victims. The operation led to 27 arrests and 19 indictments.

Cryptocurrency 125

Cryptocurrency Phishing Scams Cybercrime 125

SecureList

JUNE 10, 2024

Unfortunately, its popularity has spurred on the development of many methods to hack or bypass it that keep evolving and adapting to current realities. The particular hack scheme depends on the type of 2FA that it targets. Malicious actors can obtain OTPs in a variety of ways including complex, multi-stage hacks.

Phishing 144

Phishing Banking Social Engineering Accountability 144

Adam Levin

FEBRUARY 7, 2020

A recent study released by Kaspersky Labs uncovered several hacking and phishing campaigns promising their targets free and early access to Best Picture nominees for this year’s Academy Awards. Online scammers are using the 2020 Oscars to spread malware.

Malware 309

Malware Adware Phishing Hacking 309

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users.

Phishing 142

Phishing DNS Social Engineering Engineering 142

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime 108

Cybercrime Advertising Phishing Hacking 108

Hacker's King

JANUARY 8, 2025

You may also like to read: How Hackers Spy On Hacked Phone? How To Detect and Secure Yourself Hacker's Most Preferred Hacking Techniques These techniques can be described as the most liked techniques of users to hack Android devices. By using this technique, hackers extract any information required to hack your Android device.

Hacking 52

Hacking Spyware Antivirus Passwords 52

Security Affairs

SEPTEMBER 21, 2024

A joint international law enforcement operation led by Europol dismantled a major phishing scheme targeting mobile users. Europol supported European and Latin American law enforcement agencies in dismantling an international criminal network that unlocks stolen or lost mobile phones using a phishing platform.

Mobile 130

Mobile Phishing Computers and Electronics Marketing 130