Jährlich veröffentlicht das Bundesamt für Sicherheit in der Informationstechnik (BSI) seinen aktuellen Bericht zur Lage der IT-Sicherheit in Deutschland. Der| DID | Dresdner Institut für Datenschutz
Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.| Securelist
Phishing scams in 2025 are more advanced than ever, leveraging AI, deepfakes, and cloud-based attacks to trick users. The post Phishing Scams of 2025: Spotting the Red Flags first appeared on CatchMark Technologies.| CatchMark Technologies
Global smishing activity tracked by Unit 42 includes impersonation of many critical services. Its unique ecosystem allows attackers to quickly scale. The post The Smishing Deluge: China-Based Campaign Flooding Global Text Messages appeared first on Unit 42.| Unit 42
The China-linked operation has grown from a phishing kit marketplace into an active and growing community supporting a decentralized large-scale phishing ecosystem. The post Researchers track surge in high-level Smishing Triad activity appeared first on CyberScoop.| CyberScoop
Trucos comunes en el phishing de correo electrónico en 2025: archivos adjuntos PDF con códigos QR, documentos PDF con contraseña, phishing en el calendario y sitios avanzados que verifican la validez de la dirección de correo electrónico.| Securelist
Phishing remains one of the most significant cyber threats impacting organizations worldwide, according to SlashNext.| Help Net Security
There has been an uptick in phishing campaigns leveraging Microsoft Forms this month to go after Microsoft 365 login credentials.| Help Net Security
That urgent text from your 'bank' is a lie. The Zelle pay request scam is draining accounts in seconds. Learn how it works and how to stay safe.| Budget and the Bees
T-Mobile data breach settlement delayed again as payouts move to May 2025. Learn who qualifies, how much you’ll get, and when payments will be sent.| Baddiehu
Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments. The post Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign appeared first on Unit 42.| Unit 42
Hospitals and healthcare systems are facing a growing cyber threat, one that’s being greatly accelerated by generative AI. While much of the public conversation around AI has focused on job displacement or deepfakes, AI’s role in cybercrime has expanded. Phishing attacks, in particular, have become more effective and easier to launch, posing serious risks to […] The post AI Is Supercharging Phishing Scams – Are Hospitals Ready? appeared first on Health-ISAC - Health Information Sharin...| Health-ISAC – Health Information Sharing and Analysis Center
Author: Dan Cinnamon, Principal Solutions Architect, Okta October is Cybersecurity Awareness Month. GuidePoint Security is proud to join the national […]| GuidePoint Security
A deep dive into the 4-stage NPM phishing attack flow that led to high-profile repository account takeover. Protect your development security. The post SecuritySnack: Repo The Repo - NPM Phishing appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
The post The Call is Coming from Inside the House: Why Malicious Insiders are 2025’s Costliest Cyber Threat appeared first on CISOteria - CISOs Advisor.| CISOteria – CISOs Advisor
Phishing has evolved. See how AI-driven social engineering and deepfakes are driving breach costs to $4.8M in 2025 and learn the CISO strategies to fight back.| CISOteria - CISOs Advisor
Threat feed evaluation: Vendor sees 25% lift in net new value with zvelo's phishing & threat intelligence feeds.| zvelo
Financial institutions could find the early warning signs of attack where cybercriminals organize themselves: on the dark web.| Searchlight Cyber
Mexican journalists, lawyers and a child were targeted with infection attempts using NSO Group's government-exclusive Pegasus spyware and Trident exploits.| The Citizen Lab
Research note uncovering use of NSO Group's Pegasus spyware and exploit framework to target Mexican senators and senior politicians in June and July 2016| The Citizen Lab
Nowadays, businesses face multiple cybersecurity challenges that can cripple operations if not properly managed. From malware that damages systems to phishing scams that steal sensitive data, this guide highlights the most common cyberthreats and offers practical steps for safeguarding your business. Implementing strong protection measures, such as training your team and leveraging external IT experts, […]| VTech Support
Fake email sender identity attacks still succeed because email identity is broken. Learn how to fix it with modern email authentication and DMARC.| Valimail -
How attackers abuse Milesight cellular router APIs to run smishing at scale via unauthenticated SMS endpoints—targeting Belgium (CSAM/eBox).| Sekoia.io Blog
Współczesne ataki phishingowe wykorzystują dokładne kopie wizualne znanych serwisów, co uniemożliwia rozpoznanie oszustwa na podstawie wyglądu strony. Przedstawiamy metodę analizy adresów URL jako jedyną niezawodną technikę weryfikacji autentyczności witryn. Omawiamy również funkcje bezpieczeństwa przeglądarek wspierające użytkowników w identyfikacji prawdziwych domen.| cert.pl
by Sam Mayne, Product Solution Analyst, VIPRE Feedback is an integral part of learning. It is what allows us to improve, and tells us when we are on the right track. And it is incredibly important when teaching employees how to tell the difference between a safe email and a malicious one. In the world... The post The Need for Risk Indicators in Phishing Simulations appeared first on Inspired eLearning.| Inspired eLearning
by John Trest, Chief Learning Officer, VIPRE Mobile devices are so essential to our lives today that it’s difficult to imagine a world without them. However, our reliance on mobile devices also puts us at risk. Over the years, cybercriminals have become increasingly skilled at launching mobile scams, as exemplified by a recent smishing campaign... The post Combating Common Mobile Scams appeared first on Inspired eLearning.| Inspired eLearning
by Shawn Boubel, Sales Engineer, VIPRE In the world of cybersecurity, there are countless measures that organizations can implement in order to defend against an ever-developing threat landscape. It can be easy to get overwhelmed by the range of security tools available. This is why it is vital to prioritize solutions and practices that can... The post Measuring ROI: The Importance of Security Awareness Training appeared first on Inspired eLearning.| Inspired eLearning
by John Trest, Chief Learning Officer, VIPRE Phishing attacks have been around for a long time. They are also both common and effective. VIPRE’s Email Threat Trend Report found that phishing emails constituted 20% of all spam in Q3 2024, while AAT research from 2021 revealed that the average click rate for a phishing campaign was 17.8%.... The post Identifying the Undead: Protecting Against Zombie Phishing appeared first on Inspired eLearning.| Inspired eLearning
Spear phishing is an email scam targeted towards a specific individual, organization or business. Cybercriminals are targeting these businesses and high earning individuals because it can be much more lucrative for them. We don’t want anyone to get phished, so in this article, we The post Definitive Guide: How to Stop Phishing Attacks appeared first on Inspired eLearning.| Inspired eLearning
Social media phishing is a type of fraud in which users receive an enticing invitation to click on an infected link or provide personal information. And as social media replaces email, social media phishing is becoming the greater danger. The post Social Media Phishing: A Primer appeared first on Inspired eLearning.| Inspired eLearning
by David Bloxberg, Senior Global Marketing Manager, VIPRE Security Group AI-Driven Gmail Account Takeover Scams: A Growing Threat for 2.5 Billion Users Gmail users are increasingly becoming targets of advanced account takeover scams , with cybercriminals now using artificial intelligence (AI) to make these attacks more convincing than ever. With over 2.5 billion Gmail users... The post New AI-Driven Gmail Account Takeover Scam: 2.5B Affected appeared first on Inspired eLearning.| Inspired eLearning
by David Bloxberg, Senior Global Marketing Manager, VIPRE Security Group Phishing is one of the most common and effective forms of cyber attacks, posing a significant risk to organizations of all sizes. Cybercriminals use phishing to deceive individuals into revealing confidential information, often by sending emails that appear to come from legitimate sources. This technique... The post Phishing Training: Build Employee Awareness, Defense appeared first on Inspired eLearning.| Inspired eLearning
by David Bloxberg, Senior Global Marketing Manager, VIPRE Security Group Phishing is one of the most common and dangerous techniques cybercriminals use to steal sensitive information such as employee ID numbers, bank account numbers, social security and credit card numbers, and other private data. These attacks typically arrive in the form of an email that... The post The Phishing Email Framework appeared first on Inspired eLearning.| Inspired eLearning
Phishing is a technique scammers and hackers employ to acquire your personal information. It’s an increasingly common form of identity theft. Always approach emails and links to other sites with skepticism. The post Phishing Protection Checklist – Preventing Phishing appeared first on Inspired eLearning.| Inspired eLearning
by David Bloxberg, Senior Global Marketing Manager, VIPRE Security Group What is a Phishing Scam? Phishing emails are a common method that cybercriminals use to trick individuals into providing personal information, making wire transfers, or clicking malicious links. These scams often involve attackers impersonating trusted entities, such as government officials, credit card providers, coworkers, or... The post How To Report a Phishing Email appeared first on Inspired eLearning.| Inspired eLearning
by David Bloxberg, Senior Global Marketing Manager, VIPRE Security Group Hollywood has been enthralled by the themes of cybersecurity, cyber attacks, and the criminals who orchestrate these threats for nearly fifty years. As technology became more embedded in our everyday lives at the beginning of the 21st century, the popularity of films and TV shows... The post 5 Must See Cybersecurity Themed TV Shows and Movies appeared first on Inspired eLearning.| Inspired eLearning
Sie gelten als digital fit – doch fast jede zweite Person der Gen Z erkennt Phishing-Mails nicht.| CSO Online
macOS users are being tricked in the ongoing campaign with fake GitHub pages that deliver the Atomic infostealer.| CSO Online
AI improves phishing defense by spotting unusual behaviors and subtle threats early, helping security teams respond faster.| Help Net Security
Users of Ledger wallet are once again a target of a phishing campaign, that tries to lure out users' recovery phrases| Gridinsoft Blogs
The "Internet Fraudsters Arrested" email message is a selection of scam messages that route people to phishing pages to "claim the compensation"| Gridinsoft Blogs
In an era when email remains one of the most important forms of communication for business, commerce, and personal use, ensuring that emails reach their intended recipients (and don’t end up in spam, or worse, aiding cybercrime) is more important than ever. One of the often “behind‐the‐scenes” organizations helping to defend email systems is Spamhaus. In this post, we’ll explain what Spamhaus is, how it works, why it matters, and what best practices companies should follow to stay...| Sucuri Blog
On Sept 8, a maintainer’s npm account was phished and attackers pushed malicious updates to 18 popular packages (including chalk and debug). The payload targeted browser environments and could hijack Web3 wallet interactions. Collectively, the impacted packages see billions of weekly downloads, so even short-lived exposure has a big blast radius.| IPConfig.in - What is My IP Address?
Need a VirusTotal alternative? zvelo delivers human-curated, AI-powered threat & phishing intel with broad coverage and predictable pricing. The post zvelo. Smart, Cost Effective VT Alternative for Threat Intel. appeared first on zvelo.| zvelo
Legacy phishing detection fails against modern attacks. Learn how to modernize protection with zvelo’s real-time phishing intelligence. The post Addressing Legacy Phishing Detection Failure appeared first on zvelo.| zvelo
Explore AI agent risk mitigation using SaaS App Intelligence and threat data to detect misuse and prevent internal autonomous agent threats. The post AI Agent Risk Mitigation appeared first on zvelo.| zvelo
Spear phishing, a form of highly targeted digital deception, has evolved dramatically. Here’s how businesses and HNWIs mitigate the threat.| BlackCloak | Protect Your Digital Life™
A newly disclosed trick involving Safari's handling of custom cursors on macOS has reignited concerns over address bar spoofing.| CyberInsider
In this era, phishing scams are widespread. Every hour, someone is scamming someone in the world. Nothing is safe, from your inbox to your phone, and even social media. Below, we’ll explore 10 common phishing scams you have probably seen before, how they work, and what red flags to watch for. The government, banks, and [...]| Lipson Thomas
How Hackers Use Custom Domains & Google Workspace to Sneak Past Detection explores how attackers exploit trial Google Workspace accounts and custom domains to bypass security filters.| Lipson Thomas
GenAI-created phishing campaigns misuse tools ranging from website builders to text generators in order to create more convincing and scalable attacks.| Unit 42
Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms| Help Net Security
85% of phishing emails utilized malicious links in the content of the email, and spam emails increased by 30% from Q1 to Q2 2023.| Help Net Security
The emergence of new AI technology and large language models have made it easier for cybercriminals to generate phishing campaigns.| Help Net Security
One in five law firms isn't sure if they've been hacked. Don't be one of them. Learn the 5 cybersecurity risks that could shut down your practice and damage client trust forever.| Deepak Gupta | AI & Cybersecurity Innovation Leader | Founder's Journey from ...
Originally published at DMARC Software Options with Built-in Alert Systems by EasyDMARC. DMARC is a foundational part of email security ... The post DMARC Software Options with Built-in Alert Systems appeared first on EasyDMARC.| EasyDMARC
In today’s digital age, protecting online privacy has become increasingly crucial. While Virtual Private Networks (VPNs) have been a popular choice for many, they aren’t [...]| IPConfig.in – What is My IP Address?
Review my 12 cyber and physical methods for passport and document security from criminals and cybercriminals while planning and during your journey. For international travel, there is nothing more important than passport and document security. Passports serve as the primary documentary proof of identity and nationality to foreign governments on entry to their nations. There […]| Travelers United
﷽| cocomelonc
Gophish is an open-source framework that enables launching phishing campaigns. This framework helps organisations assess their employee's training| Lipson Thomas
The latest update includes a complete proxy engine rewrite, new anti-phishing evasions, added support for new DNS providers, custom hostnames for lure URLs, better Gophish integration and more!| BREAKDEV
Remember “cybersecurity”? Mysterious hooded computer guys doing mysterious hooded computer guy... things! Who knows what kind of naughty digital mischief they might be up to? Unfortunately, we now live in a world where this kind of digital mischief is literally rewriting the world’s history. For proof| Coding Horror
Phishing and pharming are two hacking techniques that resemble each other but in fact are different in their operating principles.| Gridinsoft Blogs
QR code is what we used to trust and rely upon. Nonetheless, they can be malicious - same as any other quick ways to get a link.| Gridinsoft Blogs
Pretexting is part of social engineering, in which an attacker provides a false script or pretext to gain access to information.| Gridinsoft Blogs
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
In today's world, cyberattacks are a constant threat.| blog.knowbe4.com
A phishing campaign is targeting Instagram users with phony notifications about failed login attempts, according to researchers at Malwarebytes.| blog.knowbe4.com
Keyavi Data issued a set of best practices for keeping personal and business data out of criminal hands using MFA.| Help Net Security
In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense.| Help Net Security
The 2023 Verizon DBIR has confirmed FBI's findings: BEC scammers are ramping up their social engineering efforts to great success.| Help Net Security
Phishing attacks using open redirect flaws have increased again, orgs should consider refreshing employees' knowledge on how to spot them.| Help Net Security
A phishing campaign using QR codes has been detected targeting various industries to acquire Microsoft credentials.| Help Net Security
QR scan scams trick users into scanning QR codes from their PCs using their mobile devices to take advantage of weaker phishing protection.| Help Net Security
ESET disclosed an actively exploited zero-day vulnerability in WinRAR abused in phishing campaigns by the Russia-aligned threat group RomCom.| CyberInsider
In this article, you will find excerpts from various reports that offer statistics and insights about the current phishing landscape.| Help Net Security
Thieves have opened a new front against cryptocurrency users with fake letters delivered by regular postal mail targeting owners of Ledger hardware wallets.| Bitcoinist.com
So far, researchers have identified thousands of these attacks involving abuse of the Microsoft Teams chat feature.| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Preventing phishing scams requires a comprehensive approach. You’ll need to layer together fraud awareness training, technology, and secure internal policies.| Chargebacks911
How safe are modern password managers? Is the convenience worth the risk, and should one use a password manager in 2022?| Gridinsoft Blogs
Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts.| CSO Online
Artificial Intelligence (AI) tools are helping people in every field and walk of life to improve their writing. In addition to making suggestions on content and tone, AI also helps us to avoid spelling or grammatical errors and inappropriate language. Unfortunately, the cyber attackers who design phishing scams also benefit from this technology.| CenturyLink
Keir Giles, a prominent expert on Russia, was targeted with a new form of social-engineering attack that leverages App-Specific Passwords. Google links the operation to UNC6293, a Russian state-backed group.| The Citizen Lab
Through the last several years, phishing is experiencing its new growth. But why a 20-year-old tactic is still so effective?| Gridinsoft Blogs
Identity theft is a severe cybercrime where an individual's personal information is stolen and used by someone else for fraudulent purposes.| Gridinsoft Blogs
Ledger Recovery Phrase Verification scam is a name for email messages that trick users into typing their recovery phrases on a phishing website| Gridinsoft Blogs
The ImBetter Stealer malware steals sensitive data by infecting victims through phishing cryptocurrency websites and online file converters.| Gridinsoft Blogs
Where to report phishing websites and other malicious URL’s in order to get them blocked and taken down: VirusTotal, Google Safebrowsing and others.| Frederik Himpe
Introduction to Phishing - Learn what phishing is, why it's dangerous, real-life examples, and powerful tips to protect yourself from online scams.| Lipson Thomas
Cybercriminals are using AI cloaking services to hide fake sites and malware from scanners. Learn how it works—and how defenders are adapting to fight back.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Are you running gophish straight from shell and want to make sure to not close the application by mistake during a phishing assessment? Or maybe that was what led you to this article? No worries, in this article I will show you how easy it is to run it as a service with systemd instead. […] The post How to run Gophish as a systemd service first appeared on TzuSec.com.| TzuSec.com
From defending against phishing to safeguarding personal apps and managing GenAI, data security is no longer just a perimeter defense.| Help Net Security
Imagine if hackers could give their scam websites a cloak of invisibility. The tech world calls this trick cloaking – showing one web page to regular people and a harmless page to the guards. That’s essentially what’s happening as cybercriminals start to leverage AI-powered cloaking services to shield phishing pages, fake stores, and malware sites […] The post How Threat Actors Use AI to Hide Malicious Sites first appeared on SlashNext.| SlashNext
ClickFix is a social engineering attack that tricks users into running malicious commands on their own devices – all under the guise of a routine security check. Disguised as something familiar, like a Cloudflare CAPTCHA, it convinces users to copy and paste dangerous code without realizing the risk. We’ll break down how ClickFix works, examine […] The post Decoding ‘ClickFix’: Lessons from the Latest Browser-Based Phish first appeared on SlashNext.| SlashNext
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape – Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 2025, Xanthorox began circulating in cybercrime communities across darknet forums and encrypted channels. The system is promoted […] The post Xanthorox AI – The Next Generation of Malicious AI Threats Emerges first appeared on SlashNext.| SlashNext
It’s no secret that cybercriminals love to exploit our trust in well-known brands. From big-name retailers to popular online services, attackers will latch onto anything that seems safe. In this post, we will explore a real-life example of this: the abuse of DocuSign’s actual application to deliver malicious links. Then, we’ll dive into how our […] The post How Attackers Abuse Trusted Cloud Apps—and Why URL Analysis Matters first appeared on SlashNext.| SlashNext
Phishing attacks have moved beyond simply sending emails with malicious links to incorporate more modern social engineering techniques, including the alarming trend of mixing in smishing (SMS phishing) and vishing (voice phishing). These techniques are a growing threat beyond email security and enhance cybercriminals’ capabilities to achieve their objectives using this new range of communication […] The post From Phishing to Vishing – Modern Social Engineering Attacks first appeared on ...| SlashNext
Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-factor authentication (2FA) through session hijacking and real-time credential interception. Astaroth utilizes an evilginx-style reverse proxy to intercept and manipulate traffic between […] The post Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and ...| SlashNext
Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud services. Today, cybercriminals are not just focusing on well-known platforms like DocuSign and Microsoft. They’re expanding their reach, exploiting a variety of cloud apps such […] The post Is That Really ProtonMail? New Credential Harvesting Threats Targeting...| SlashNext
