Flux RSS

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below - react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader

Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign

The UK’s financial regulator has issued new rules to make incident and third-party reporting clearer

Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform

Palo Alto Networks’ Unit 42 has developed a successful attack to bypass safety guardrails in popular generative AI tools

Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances

Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

Cloudflare Threat Report warns that AI tools enable attackers who lacked required skills to generate effective attacks rapidly and at scale

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS

2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities

Malicious NuGet package mimicking Stripe's library targeted developers

Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information

CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective

A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances