phishing
Why your phishing simulations aren’t building a security culture
Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training …
Russian hackers go after high-value targets through Signal
Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of …
HR, recruiters targeted in year-long malware campaign
An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments …
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page, Datadog …
Phishing campaign spoofs local officials to steal permit fees
The FBI is warning about a phishing scheme in which cybercriminals impersonate city and county officials to solicit fraudulent payments for planning and zoning permits. …
Russian hackers crack into officials’ Signal and WhatsApp accounts
Russian state hackers are trying to break into Signal and WhatsApp accounts used by diplomats, military staff, and government officials worldwide, Dutch intelligence agencies …
Why phishing still works today
In this Help Net Security video, Gal Livschitz, Senior Penetration Tester at Terra Security, explains how phishing has evolved and why employees still fall for it. He outlines …
Authorities pull plug on Tycoon 2FA phishing-as-a-service platform
Tycoon 2FA, a phishing-as-a-service platform that allowed cybercriminals to bypass MFA and break into online accounts, has been disrupted by law enforcement agencies and …
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have …
Ransomware activity peaks outside business hours
Intrusions continue to center on credential access and timed execution outside standard business hours. The Sophos Active Adversary Report 2026 analyzes 661 incident response …
Airline brands become launchpads for phishing, crypto fraud
Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike …
Police seize 100,000 stolen Facebook credentials in cybercrime raid
Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group that used phishing to seize Facebook accounts and extract BLIK payment …
Featured news
Resources
Don't miss
- Your browser tab could become encrypted storage for someone else’s files
- Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned
- 74,000 Fortinet firewall credentials exposed in FortiBleed data leak
- GentleKiller targets more than 400 security processes across 48 products
- Securing digital keys when your phone unlocks the car