Flux RSS

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

Publicly accusing an entity of a cyberattack could have negative consequences that organizations should consider before taking the plunge.

A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles.

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx's KICS and VS Code plug-ins, and the LiteLLM AI library — and all signs point to more attacks to come.

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below - react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader

Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign

Major providers are testing a quantum-safe version of HTTPS that shrinks certificates to one-tenth their previous size, decreasing latency and adding transparency.

The suspected India-linked threat group targets governments, telecom, and critical infrastructure using spear-phishing, old vulnerabilities, and rapidly rotating infrastructure to maintain persistent access.

In an unsuccessful phishing attack, threat actors leveraged trusted brands and domains to try to redirect a C-suite executive at Outpost24 to give up his credentials.

Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform

A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.

Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS

2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities

Malicious NuGet package mimicking Stripe's library targeted developers

Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information

CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective