Experts at Guardio Labs have unveiled a novel method of deceiving artificial intelligence, dubbed PromptFix. This technique embeds malicious instructions within a counterfeit CAPTCHA on a webpage. When browsers equipped with autonomous AI capabilities...
Cybercriminals have discovered a way to weaponize Cisco’s own security mechanisms against its users. Researchers at Raven have documented a credential theft campaign in which attackers learned to exploit Cisco’s Safe Links technology—a tool...
Groups of cybercriminals specializing in mobile phishing have discovered a new way to profit from stolen credentials. Whereas they once focused on transferring compromised cards into digital wallets and selling them for fraudulent transactions,...
CrowdStrike has released its Global Threat Report 2025, documenting a profound shift in the behavior of both cybercriminals and state-sponsored groups. Analysts have described 2024 as “the year of the enterprising adversary”—threat actors are...
The Trustwave SpiderLabs research team has documented a fresh wave of EncryptHub attacks, in which the human element and the exploitation of a Microsoft Management Console (MMC) vulnerability converge into a single, cohesive campaign....
The hacker groups ShinyHunters and Scattered Spider, once operating independently, now appear to have joined forces in a coordinated campaign to extort data from Salesforce’s corporate clients. As noted by ReliaQuest, ShinyHunters has undergone...
Researchers at Forcepoint X-Labs have identified a new malware campaign targeting macOS users. The attack employs an enhanced ClickFix technique—combining phishing with social engineering—to steal data from cryptocurrency wallets, browser accounts, and confidential files....
Meta is waging an intense campaign against organized scam networks in Southeast Asia, where dozens of fraudulent schemes operate in parallel. In just the first half of the year, more than 6.8 million WhatsApp...
The Kimsuky group has once again found itself at the center of attention following a campaign that deftly combined social engineering tactics with sophisticated techniques for bypassing Windows security mechanisms. Their targets included South...
Trust in familiar IT tools is increasingly being weaponized by malicious actors: remote monitoring and management (RMM) solutions—originally designed for administration and support—are now leveraged for attacks, covert control, and data exfiltration. Security professionals...
Although humans have traditionally been regarded as the weakest link in the cybersecurity chain, a new study by Canadian researchers reveals that even untrained individuals can effectively detect malicious software when provided with minimal...
Over the past year, a social engineering technique known as ClickFix has witnessed a meteoric rise, propelled by a fusion of unique delivery methods, persuasive narratives, and sophisticated evasion tactics. According to analysts at...
The French fashion house Chanel has become the latest victim of an ongoing data compromise campaign targeting users of the Salesforce platform, suffering a breach of personal client information in the United States. The...
Threat actors operating under the name ShinyHunters have orchestrated a series of cyberattacks targeting major corporations, including Qantas, Allianz Life, LVMH, and Adidas. Each incident centers around attempts to infiltrate client Salesforce environments through...
Email protection mechanisms, originally conceived as a bulwark against malicious links, have ironically become unwitting allies to cybercriminals. Researchers have uncovered a troubling trend: threat actors are increasingly exploiting “link wrappers” provided by platforms...
The Scattered Spider group has intensified its assaults on corporate IT environments, concentrating its efforts on VMware ESXi hypervisors within U.S. companies across the retail, transportation, and insurance sectors. Rather than exploiting conventional software...