On July 24, 2025, the cryptocurrency platform WOO X suffered a sophisticated targeted attack in which $14 million was siphoned from nine user accounts. All evidence points to the operation being orchestrated by the...
In August of this year, specialists from Israel’s National Digital Agency uncovered a large-scale campaign known as ShadowCaptcha, designed to compromise users through more than a hundred hacked WordPress websites. These sites had been...
Researchers at Check Point Research have uncovered a new targeted campaign, dubbed ZipLine, which leverages the malicious tool MixShell against industrial and high-tech companies. The hallmark of this operation lies in its unorthodox delivery...
Microsoft has issued a warning over the growing surge of large-scale ClickFix phishing attacks and has recommended that system administrators restrict the use of command-line tools and disable the Run dialog in Windows. This...
An attack on Google Classroom has escalated into one of the largest phishing campaigns in recent months. According to Check Point, between August 6 and 12, attackers launched five coordinated waves of distribution, sending...
CloudSEK researchers have uncovered a new attack vector, dubbed ClickFix, which exploits invisible prompt injection and the prompt overdose technique to compromise automated AI summarization systems. The essence of the method lies in concealing...
A massive cryptocurrency theft has once again revealed how vulnerable users remain to the manipulations of social engineering. On August 19, an anonymous Bitcoin holder was stripped of 783 BTC — roughly $89 million...
Over the past two years, the banking sector across the Middle East, Turkey, and Africa has witnessed a marked evolution in cash-out schemes driven by so-called “money mules.” According to Group-IB, drawing on data...
Experts at Guardio Labs have unveiled a novel method of deceiving artificial intelligence, dubbed PromptFix. This technique embeds malicious instructions within a counterfeit CAPTCHA on a webpage. When browsers equipped with autonomous AI capabilities...
Cybercriminals have discovered a way to weaponize Cisco’s own security mechanisms against its users. Researchers at Raven have documented a credential theft campaign in which attackers learned to exploit Cisco’s Safe Links technology—a tool...
Groups of cybercriminals specializing in mobile phishing have discovered a new way to profit from stolen credentials. Whereas they once focused on transferring compromised cards into digital wallets and selling them for fraudulent transactions,...
CrowdStrike has released its Global Threat Report 2025, documenting a profound shift in the behavior of both cybercriminals and state-sponsored groups. Analysts have described 2024 as “the year of the enterprising adversary”—threat actors are...
