LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.
phishing
EvilTokens ramps up device code phishing targeting Microsoft 365 users
Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service v…
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from […]
New AITM phishing wave hijacks TikTok Business accounts
A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous […]
New Ghost Campaign Uses Fake npm Progress Bars to Phish Sudo Passwords
ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers.
Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam
OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets
Why your phishing simulations aren’t building a security culture
Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell …
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
Attack volumes are back to pre-disruption levels, and the adversary tactics have remained unchanged.
The post Tycoon 2FA Fully Operational Despite Law Enforcement Takedown appeared first on SecurityWeek.
AI Factories, Security Flaws, and Workforce Shifts Define This Week in Tech
See what you missed in Daily Tech Insider from March 16–20.
The post AI Factories, Security Flaws, and Workforce Shifts Define This Week in Tech appeared first on TechRepublic.
New Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs
Cybersecurity researchers at Sublime Security have discovered a new scam that uses realistic, interactive JavaScript-based Zoom meeting invites to trick users into installing malware.