WhatsApp says it stopped an attempted spying campaign linked to Israeli firm NSO Group that used spear phishing tactics against users.
Phishing RSS
Microsoft is bolstering Teams security with new AI-driven alerts that flag suspicious brand impersonators. Find out how these real-time warnings will help protect your organization.
Sponsored
[Ends Today] Fighting Phishing: Everything you can do to fight it (worth $28) free download
Learn all the policies, education, and technical strategies that are essential to a complete phishing defense strategy.
Google announced it is taking legal action against the operators of a global phishing scam enterprise.
Google is rolling out new scam protection features for Google Messages and recovery options for people locked out of their accounts.
Google has played down reports that 2.5 billion Gmail users are at risk and need to update their passwords. It said Gmail remains very secure.
Microsoft has outlined a phishing scam used by the Russian hacking group Star Blizzard to get into the WhatsApp accounts of US government and diplomatic staff.
An ongoing phishing campaign targets Donald Trump supporters. It uses fake donation websites; however, the fact that it only accepts payments in crypto means its impact is limited.
File upload logic in GitHub's comments allows hackers to host malware on the service and abuse trusted developers and companies, such as Microsoft, to create legitimate-looking URLs.
Online scammers try to trick people into thinking that during crypto hype they registered on an online Bitcoin mining platform, then frighten them with the loss of their fictional funds.
In a rather atypical YouTube scamming scheme you can actually get paid by cybercriminals. However, earning a few extra bucks can get you into trouble, as the cheats hope you come back for more.
Google has outlined several measures taking senders of bulk emails to help cut down on spam. The company will be implementing the changes by February 2024 and users should see a difference.
Security experts have raised warnings about Google's new .zip and .mov top-level domains because they look like file extensions and could be used maliciously. They are already being used in the wild.
A new security blog post from Microsoft says that accounting and tax return firms are the targets of a phishing campaign designed to deliver a remote access trojan to their computers.
Google's YouTube is sounding the alarm about a recent email phishing scam that uses YouTube email addresses and asks people to click on a link about "changes in YouTube rules and policies."
YouTuber Linus Sebastian confirmed in a new video that his channels were taken over by hackers due to a session hijacking attack. This attack bypasses passwords and MFA to infiltrate an account.
A new report from the security firm Mandiant claims that a group based in North Korea is posting fake job listings on LinkedIn that eventually results in malware being downloaded to a user's PC.
Microsoft is set to introduce enhanced security to its OneNote program. This comes after threat actors started exploiting the note-taking app for their phishing campaigns to steal sensitive data.
Threat actors were recently seen advertising fake ChatGPT apps for Windows and Android. When downloaded, the apps will steal sensitive information or subscribe the victim to premium services.
The email account of domain registrar Namecheap was recently hacked, which allowed criminals to distribute phishing emails. The company has since rectified the issue after stopping all emails.
Reddit recently suffered a security breach that allowed cybercriminals to access some of its internal data and systems. The incident was a result of a successful phishing attack against the company.
Our latest edition of Microsoft Weekly unpacks news about Microsoft's declining revenues in consumer categories, some Windows 11 updates, bugs, and fixes, and a bunch of app enhancements.
According to new research by cybersecurity firm Check Point, Yahoo was the most impersonated brand by cybercriminals who sent phishing emails. Others who made the list include Google and DHL.
As we enter a new year, cybercriminals will develop more dangerous and sophisticated cyberthreats. Thankfully, there are many things you can do to mitigate the risk of falling victim to them.
Friendster, a defunct social media platform popular in the 2000s, was recently seen online again. However, it is not exactly known if the website is legitimate due to a few red flags.
Popular file hosting service Dropbox recently suffered a data breach that gave threat actors access to 130 of its code repositories. This was after Dropbox employees fell victim to a phishing scam.
Not long after Twitter's new CEO Elon Musk announced his plans to revamp the platform's verification process, cybercriminals are already exploiting the situation by sending out phishing emails.
A typosquatting campaign that steals sensitive data and infects Android and Windows devices with malware has recently been discovered. Many of the fake domains look very similar to the real ones.
A study by cybersecurity experts in Scotland found that passwords can be cracked by analyzing the traces of heat left by a person's fingertips when they enter their password on a keyboard or phone.
Meta has warned one million Facebook users who may have had their accounts compromised through a fraudulent iOS or Android app. The apps required users to sign in in order for the app to "work."
Samsung has launched Samsung Internet 19.0 beta that brings new features and enhancements to the previous ones. It is now available to download on the Google Play Store and Samsung Galaxy Store.
Signal has reported a recent phishing attack on its verification service provider, Twilio, which has exposed approximately 1,900 users registered to a Signal account. Twilio has shut down the attack.
Microsoft has warned about a phishing campaign called "SEABORGIUM". The threat actors of SEABORGIUM first build up rapport with the targets before duping them to rob their data, like credentials.
Provider of communications and two-factor authentication services, Twilio, has been targeted by a phishing attack, exposing what they say is a "limited number" of customer accounts.
Cloudflare has acquired Area 1 Security, an email anti-phishing firm, for $162 million. Cloudflare already made inroads into the email security domain and this purchase will boost those efforts.
Google Drive can now display warning banners to alert users of potentially malicious files. The new resource is available to all Google Workspace, G Suite Basic, and Business users.
A bug in Microsoft Outlook is tricking people into believing that phishing emails are from genuine contacts by using the Cyrillic alphabet which has letters similar to those in the Latin alphabet.
The ability to configure Safe Links policies for Microsoft Teams is now available for organizations which use Microsoft Defender for Office 365. It is utilized to protect against phishing attacks.
Google has announced a bunch of privacy- and security-focused improvements for Chrome 92. It has also stated that phishing detection is now 50 times faster and drains lower battery than before.
After another Nobelium cyberattack, Microsoft has emphasized the need to differentiate between "espionage as usual" acts and crippling attacks like SolarWinds. It has encouraged cloud adoption too.
