All news with #phishing tag

🔒 Water Saci has shifted to a layered infection chain that uses HTA files and malicious PDFs delivered via WhatsApp to deploy a banking trojan in Brazil. The actors moved from PowerShell to a Python-based worm that propagates through WhatsApp Web, while an MSI/AutoIt installer and process-hollowing techniques load the trojan only on Portuguese (Brazil) systems. Trend Micro links the behavior to Casbaneiro-style features and notes possible use of code-translation or AI tools to port scripts. In parallel, a React Native Android strain named RelayNFC executes real-time NFC APDU relays to enable contactless payment fraud.

✅ Check Point has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Email Security. This independent evaluation reinforces our commitment to delivering best-in-class email protection that blocks increasingly sophisticated threats while remaining easy to deploy and manage. According to Check Point Research, 68% of attacks start with email and 61% of harmful files are delivered as HTML attachments, underscoring the need for robust, reliable defenses.

🔒 Today's low-cost AI services have industrialized cybercrime, enabling novice actors to produce highly convincing BEC and phishing content at scale. Tools such as WormGPT, FraudGPT, and SpamGPT remove traditional barriers by generating personalized messages, exploit code, and automated delivery that evade static filters. Defensive detection alone is insufficient when signatures continually mutate; organizations must protect identity and neutralize credential exposure. Join the webinar to learn targeted signatures and access-point controls to stop attacks even after a click.

🔒 In 2025 threat actors increasingly used AI—deepfakes, automated scripts, and AI-generated lures—to scale ransomware, phishing, and data-exfiltration attacks, exposing gaps between siloed security and backup tools. Publicly disclosed ransomware victims rose sharply and phishing remained the dominant initial vector, overwhelming legacy protections. Organizations are moving to AI-driven automation and unified detection, response, and recovery platforms to shorten dwell time and streamline compliance.

🛡️ A BdB survey of 1,057 German adults found that only 54% regularly or occasionally seek information about online security, even as 41% believe they are likely to face online fraud (9% very likely, 32% likely). Nearly a quarter (23%) reported being victims of online fraud in the past two years, yet 82% still consider online banking at home to be safe. BdB CEO Heiner Herkenhoff warns that awareness and basic protective measures significantly reduce the risk of falling for scams.

🔒Crimeware now behaves like subscription software: inexperienced attackers can rent turnkey services for phishing, access, data feeds, and malware instead of building tools. Varonis outlines five subscriptionized offerings — from AI-driven PhaaS (e.g., SpamGPT) and malicious PDF builders (MatrixPDF) to Telegram OTP-capture bots and searchable infostealer feeds. The piece shows how IABs and low-cost RAT subscriptions (for example, Atroposia) commoditize breaches and lower technical barriers. Defenders should adopt a system-first posture: automate detection playbooks, rotate credentials frequently, and enforce least privilege to raise costs for subscription-based attackers.

📅 A targeted phishing campaign uses fake Calendly meeting invitations impersonating recruiters from major brands to harvest Google Workspace and Facebook Business credentials. The lures are professionally crafted—likely produced with AI—and direct victims through a CAPTCHA to an AiTM credential‑harvesting flow capable of bypassing some 2FA protections. Compromised ad manager accounts are then leveraged for malvertising, geo‑targeted attacks, device‑specific campaigns, or resale on illicit markets.

🔒 An Australian man was sentenced to seven years and four months for operating an evil twin Wi-Fi network that targeted airline passengers and airport patrons in Perth, Melbourne and Adelaide. He deployed a WiFi Pineapple to clone legitimate SSIDs and present phishing captive portals that harvested social media credentials, then used those accounts to access victims' private messages and intimate images. Forensic analysis of seized devices recovered thousands of stolen images, videos, credentials and records of fraudulent Wi‑Fi pages.

📅 New research from BitSight reveals that threat actors are exploiting third‑party calendar subscription mechanisms to inject malicious events and notifications directly into users' devices. Attackers are leveraging expired or hijacked domains to host deceptive .ics files and run large‑scale social engineering campaigns that can deliver phishing URLs, attachments, or code execution vectors. While this is not a vulnerability in Google Calendar or iCalendar, the findings expose a neglected security blind spot. Organizations and individuals should strengthen monitoring and protections around calendar subscriptions.

📧 Darktrace warns of a major increase in Black Friday-themed phishing, reporting a 620% spike in the weeks before the 2025 sales and forecasting a further 20–30% rise during Black Friday week. The firm highlights three primary tactics: brand impersonation, fake marketing domains and generative AI-generated adverts. Amazon was the most impersonated brand, and other US retailers were also targeted. Consumers are advised to verify senders and avoid clicking suspicious links.

🔒 ReliaQuest researchers discovered that a group calling itself Scattered Lapsus$ Hunters registered more than 40 fake domains over six months to impersonate Zendesk, host fraudulent login pages, and push malware. Domains such as znedesk.com and vpn-zendesk.com used realistic sign-in screens while other URLs embedded company names to build trust. Attackers also submitted bogus support tickets to real Zendesk portals to trick help-desk staff into surrendering credentials or installing malware. ReliaQuest noted registry patterns tied to NiceNic and Cloudflare-masked nameservers and shared findings with Zendesk.

🔒 OpenAI confirmed a customer data exposure after its analytics partner Mixpanel suffered a smishing attack on November 8, which allowed attackers to access profile metadata tied to platform.openai.com accounts. Stolen fields included names, email addresses, approximate location, OS/browser details, referrers, and organization or user IDs. OpenAI says ChatGPT and core systems were not breached and that no API keys, passwords, payment data, or model payloads were exposed. The company has terminated its use of Mixpanel and is notifying impacted customers directly.

🔒 According to an OpenAI statement, cybercriminals accessed analytics provider Mixpanel's systems in early November, and data tied to some API users may have been exposed. Potentially affected fields include account names, associated email addresses, approximate browser-derived location (city, state, country), operating system and browser details, referring websites, and organization or user IDs. OpenAI said its own systems and products such as ChatGPT were not impacted, that sensitive items like chat histories, API requests, API usage data, passwords, credentials, API keys, payment details, and government IDs were not compromised, and that it has removed Mixpanel from its systems while working with the vendor to investigate.

🔒 OpenAI has notified some ChatGPT API customers that limited identifying information was exposed following a breach at its third‑party analytics vendor, Mixpanel. Mixpanel says the incident resulted from a smishing campaign detected on November 8, and OpenAI received details of the affected dataset on November 25. Exposed fields may include names, emails, coarse location, device and browser metadata, referring websites, and account IDs, but OpenAI says no chats, API requests, usage data, passwords, API keys, payment details, or government IDs were exposed. OpenAI has removed Mixpanel from production, begun notifying affected parties, and is warning users to watch for phishing attempts and enable 2FA.

🔒 Huntsman Security's analysis of ICO reports from Q3 2024 to Q2 2025 indicates the retail and manufacturing sector experienced only minor seasonal peaks, with 1,381 incidents overall and quarterly counts clustered in the mid-300s. The firm reported 618 breaches caused by brute force, misconfigurations, malware, phishing and ransomware, and urged a shift to continuous assurance so defenses do not drift into vulnerable states. Other vendors cautioned that more than half of recent ransomware incidents occurred on weekends or holidays, while researchers warned of AI-enabled fake e-commerce sites, typosquatted domains and package-tracking scams targeting shoppers.

🚨 ReliaQuest has uncovered a campaign attributed to the Scattered Lapsus$ Hunters that leverages more than 40 typosquatted domains impersonating Zendesk portals, including deceptive SSO pages designed to harvest credentials. The actors have also been observed submitting fraudulent helpdesk tickets to target support staff, aiming to deploy remote access trojans and other malware. Organizations are advised to enforce MFA with hardware keys, implement IP allowlisting and session timeouts, monitor domains and DNS, and harden chat controls and content filtering to mitigate the risk.

🔒 Since January 2025 the FBI reports account takeover (ATO) schemes have produced losses exceeding $262 million. Cybercriminals impersonate bank, payroll and health account providers and use phishing domains, SEO poisoning and social engineering to harvest credentials and one-time codes. The Bureau recommends enabling MFA, using unique complex passwords, monitoring accounts regularly, avoiding search ads and verifying unsolicited calls or messages before sharing any login information.

🛡️ Researchers at Huntress uncovered a ClickFix campaign that hides malware inside the RGB pixels of PNG images on a fake Windows Update page, tricking victims into pasting and running commands. The delivered payloads include the LummaC2 infostealer and the Rhadamanthys malware family, with active domains observed after a mid-November takedown. Huntress warns the steganographic technique and the realistic Windows Update motif increase the attack's stealth, and recommends disabling the Windows Run dialog and strengthening endpoint monitoring.

🔐 The FBI warns that cybercriminals impersonating banks and payment services have caused over $262 million in losses this year through account takeover (ATO) fraud and more than 5,100 complaints. Attackers use phishing, SEO poisoning, calls and SMS to harvest credentials and MFA/OTP codes, then transfer funds to intermediary accounts and convert proceeds to cryptocurrency. The advisory highlights growing use of AI-generated phishing and holiday-themed scams and urges vigilance, unique passwords, URL checks and stronger authentication.

⚠️ The FBI warns that cybercriminals impersonating bank and payroll support teams have stolen over $262 million in account takeover (ATO) fraud since January 2025, with more than 5,100 complaints reported to the Internet Crime Complaint Center. Attackers use calls, texts, phishing sites and SEO‑poisoned search results to harvest credentials and MFA/OTP codes, then quickly wire funds to crypto wallets and lock owners out. The FBI advises monitoring accounts, using unique complex passwords, enabling MFA, bookmarking official banking sites, contacting financial institutions immediately to request recalls and indemnification, and filing detailed complaints with IC3.