Flux RSS

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [...]

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below - react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader

Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign

Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform

Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS

2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities

Malicious NuGet package mimicking Stripe's library targeted developers

Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information

CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective

A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances

A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal

Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics

New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo

Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle