More results...
An developer recently came across a highly advanced phishing email that spoofs the support@npmjs.org address in order to impersonate npm, the Node.js package registry. The email directed recipients to a malicious link on npnjs.com, a domain cleverly ty…
Iranian state-backed Advanced Persistent Threat (APT) groups and their hacktivist allies have stepped up operations that could spark worldwide cyber retaliation in the wake of Israeli and American strikes on Iranian nuclear and military facilities in J…
Attackers are increasingly using advanced disguising techniques, such polyglot files, to get around email filters and successfully send phishing payloads in the constantly changing world of cyber threats. These polyglot files, which can be interpreted …
By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is email bombing? Email bombing (aka spam bombing) is an attack technique that r…
A sophisticated phishing campaign targeting over 70 organizations, predominantly in the US, has been uncovered by Varonis’ Managed Data Detection and Response (MDDR) Forensics team. This campaign, active since May 2025, exploits a lesser-known feature …
Microsoft has announced a significant enhancement to its Office 365 Defender suite with the introduction of Mail Bombing Detection, a new feature designed to combat the rising threat of email bombing attacks. This capability will be rolled out globally…
A targeted cyberattack has struck The Washington Post, compromising the email accounts of several of its journalists and raising new concerns about the digital security of newsrooms worldwide. The breach, discovered late last week, prompted an immediat…
In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a previous attack, according to Abnormal AI. Vendor email compromise risks incre…
The More_Eggs malware, operated by the financially motivated Venom Spider group (also known as Golden Chickens), continues to exploit human trust through meticulously crafted social engineering. Sold as a Malware-as-a-Service (MaaS) to notorious threat…
A sophisticated cyberespionage campaign, dubbed Operation RoundPress, has been uncovered by cybersecurity researchers at ESET. Attributed with medium confidence to the Russian-linked Sednit group-also known as APT28, Fancy Bear, and Forest Blizzard-thi…