Threat actors are abusing DocuSign’s API to send phony invoices that appear “strikingly authentic,” according to researchers at Wallarm. “Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate…
ReliaQuest warns that the BlackBasta ransomware gang is using new social engineering tactics to obtain initial access within corporate networks. The threat actor begins by sending mass email spam campaigns targeting employees, then adding people who fall for the emails to Microsoft Teams chats…
Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks increased by 900% between July and October 2024. “Perception Point researchers observed phishing emails delivered via ‘noreply@events.eventbrite[.]com,’” the researchers write. “Despite being presented as…
Threat actors are targeting people who have recently lost their jobs with employment scams on LinkedIn, according to researchers at Malwarebytes. The scammers are using bots to search LinkedIn for posts with certain phrases, such as “I was laid off”…
Sophos describes a QR code phishing (quishing) campaign that targeted its own employees in an attempt to steal information. The attackers sent phishing emails that appeared to be related to employee benefits and retirement plans. The emails contained PDF attachments which, when…
As generative AI evolves and becomes a mainstream part of cyber attacks, new data reveals that deepfakes are leading the way. Deepfake technology has been around for a number of years, but the AI boom has sparked new attacks, campaigns,…
