16 Fake ChatGPT Extensions Caught Hijacking User Accounts
A coordinated campaign of 16 malicious GPT optimisers has been caught hijacking ChatGPT accounts. These tools steal session tokens to access private chats, Slack, and Google Drive files.
Cyber Attack
ShinyHunters Target 100+ Firms Using Phone Calls to Bypass SSO Security
ShinyHunters is driving attacks on 100+ organisations, using vishing and fake login pages with allied groups to bypass SSO and steal company data, reports Silent Push.
US Charges 31 Suspects in Nationwide ATM Jackpotting Scam
US prosecutors have charged 31 more suspects in a nationwide ATM jackpotting scam, bringing the total number of defendants to 87 across multiple states.
Poland Thwarts Russian Wiper Malware Attack on Power Plants
Poland blocked a Russian wiper malware attack on power and heating plants, officials say, avoiding outages during winter and prompting tighter cyber rules.
Fake Microsoft Teams Billing Phishing Alerts Reach 6,135 Users via 12,866 Emails
Scammers are abusing Microsoft Teams invitations to send fake billing notices, with 12,866 emails reaching around 6,135 users in a phone-based phishing campaign.
$6,000 “Stanley” Toolkit Sold on Russian Forums Fakes Secure URLs in Chrome
Say hello to Stanley, a new malicious toolkit that guarantees bypassing Google’s Chrome Web Store review process.
Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls
Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations, leveraging SharePoint file-sharing services to bypass traditional email security controls and compromise…
Venezuelan Nationals Face Deportation After Multi State ATM Jackpotting Scheme
According to authorities, both suspects were in the United States unlawfully.
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
ShinyHunters claim more data breaches and leaks are coming soon!
Hackers Are Using LinkedIn DMs and PDF Tools to Deploy Trojans
That LinkedIn message pretending to be job offer could just be malwre.