Flux RSS

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

Publicly accusing an entity of a cyberattack could have negative consequences that organizations should consider before taking the plunge.

A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles.

Organizations disclose attack details, though information may be limited, following a breach, but what if they did the same with close calls?

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx's KICS and VS Code plug-ins, and the LiteLLM AI library — and all signs point to more attacks to come.

The FBI has warned that Iranian hacking group Handala has been targeting opponents of the regime since 2023

Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA

Major providers are testing a quantum-safe version of HTTPS that shrinks certificates to one-tenth their previous size, decreasing latency and adding transparency.

The suspected India-linked threat group targets governments, telecom, and critical infrastructure using spear-phishing, old vulnerabilities, and rapidly rotating infrastructure to maintain persistent access.

In an unsuccessful phishing attack, threat actors leveraged trusted brands and domains to try to redirect a C-suite executive at Outpost24 to give up his credentials.

Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform

A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.

Ericsson data breach affects 15k employees/customers after third-party service provider compromise

Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

A global operation has resulted in the takedown of popular cybercrime forum LeakBase

Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors

Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS