social engineering
Browser-in-the-Browser phishing is on the rise: Here’s how to spot it
Browser-in-the-Browser (BitB) phishing attacks are on the rise, with attackers reviving and refining the technique to bypass user skepticism and traditional security controls. …
Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience
In this Help Net Security interview, Liad Shnell, CISO and CTO at Rakuten Viber, discusses how messaging platforms have become critical infrastructure during crises and …
Fake Booking.com emails and BSODs used to infect hospitality staff
Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The …
Crypto theft in 2025: North Korean hackers continue to dominate
When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new …
The collapse of trust at the identity layer
Identity verification has become the latest front in the fight against industrialized fraud, according to a new report from Regula. The shift is visible across sectors that …
Fake “Windows Update” screen fuels new wave of ClickFix attacks
A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery …
The long conversations that reveal how scammers work
Online scammers often take weeks to build trust before making a move, which makes their work hard to study. A research team from UC San Diego built a system that does the …
Attackers upgrade ClickFix with tricks used by online stores
Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware …
Cybercriminals exploit RMM tools to steal real-world cargo
Cybercriminals are compromising logistics and trucking companies by tricking them into installing remote monitoring and management (RMM) tools, Proofpoint researchers warned. …
Ransomware, extortion groups adapt as payment rates reach historic lows
Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no encryption, …
Researchers uncover ClickFix-themed phishing kit
Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting …
North Korean hackers stole over $2 billion in cryptocurrency this year
North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet. Though …
Featured news
Resources
Don't miss
- Product showcase: Penetration test reporting with PentestPad
- Sensitive data of Eurail, Interrail travelers compromised in data breach
- PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)
- Microsoft shuts down RedVDS cybercrime subscription service tied to millions in fraud losses
- LinkedIn wants to make verification a portable trust signal