Evil Twin Wi‑Fi Hacker Jailed for Stealing Data Mid‑Flight
An Australian man who used fake “evil‑twin” Wi‑Fi networks at airports and on flights to steal travellers’ data has been jailed for 7 years and 4 months.
phishing
New “HashJack” attack can hijack AI browsers and assistants
Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice)…
To buy or not to buy: How cybercriminals capitalize on Black Friday
How cybercriminals prepare for Black Friday: phishing, scams and malware targeting online shoppers and gamers, fake sales in spam and real sales on the dark web.
Scam USPS and E-Z Pass Texts and Websites
Google has filed a complaint in court that details the scam:
In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card numbers, or banking information, often by impersonating well-known brands, government agencies, or even people the victim knows.”
These branded “Lighthouse” kits offer two versions of software, depending on whether bad actors want to launch SMS and e-commerce scams. “Members may subscribe to weekly, monthly, seasonal, annual, or permanent licenses,” Google alleged. Kits include “hundreds of templates for fake websites, domain set-up tools for those fake websites, and other features designed to dupe victims into believing they are entering sensitive information on a legitimate website.”…
Inside the dark web job market
This report examines how employment and recruitment function on the dark web, based on over 2,000 job-related posts collected from shadow forums between January 2023 and June 2025.
AI Is Supercharging Phishing: Here’s How to Fight Back
AI has given cybercriminals the ability to operate like Fortune‑500‑scale marketing departments—except their product is account takeover, data theft, and identity fraud.
The post AI Is Supercharging Phishing: Here’s How to Fight Back appeared first on…
DoorDash hit by data breach after an employee falls for social engineering scam
Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen.
Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit
The cybercriminals informed customers that their cloud server was shut down due to complaints.
The post Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit appeared first on SecurityWeek.
Fake spam filter alerts are hitting inboxes
A new phishing campaign is attempting to trick users into believing they’ve missed important emails, security researchers are warning. The emails The bogus email alerts look like they are coming from the recipient’s email domain, and falsely clai…
Google Sues Chinese Cybercriminals Behind ‘Lighthouse’ Phishing Kit
Google is targeting the threat group known as Smishing Triad, which used over 194,000 malicious domains in a campaign.
The post Google Sues Chinese Cybercriminals Behind ‘Lighthouse’ Phishing Kit appeared first on SecurityWeek.