phishing
You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code
Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their …
ClickFix attacks skyrocketing more than 500%
ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to …
Using AI to outsmart AI-driven phishing scams
Phishing scams used to be filled with awkward wording and obvious grammar mistakes. Not anymore. AI is now making it harder to distinguish what is real. According to Cofense, …
GitHub becomes go-to platform for malware delivery across Europe
Phishing has become the go-to method for attackers looking to get past security controls and access sensitive environments in Europe, according to Netskope. Users are now …
Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group
The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in …
CTM360 maps out real-time phishing infrastructure targeting corporate banking worldwide
A phishing operation that targets corporate banking accounts across the globe has been analyzed in a new report by CTM360. The campaign uses fake Google ads, advanced …
Polymorphic phishing attacks flood inboxes
AI is transforming the phishing threat landscape at a pace many security teams are struggling to match, according to Cofense. In 2024, researchers tracked one malicious email …
The many variants of the ClickFix social engineering tactic
As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are …
Low-tech phishing attacks are gaining ground
Cybercriminals are increasingly favoring low-tech, human-centric attacks to bypass email scanning technologies, according to VIPRE Security. The report is based on an analysis …
Property renters targeted in simple BEC scam
Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam …
Attackers phish OAuth codes, take over Microsoft 365 accounts
Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics …
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting …