Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point. “Perception Point’s security researchers have observed a dramatic increase in two-step phishing attacks leveraging .vsdx files – a file extension rarely used…
Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware. Hive0145 acts as an initial access broker, selling access to compromised organizations to other threat actors…
A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique. In the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran, and North Korea used social engineering attacks to…
Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results. The researchers found when they searched “KeyBank login” in Bing, a spoofed KeyBank login page appeared above KeyBank’s official site…
Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results. The researchers found when they searched “KeyBank login” in Bing, a spoofed KeyBank login page appeared above KeyBank’s official site…
Cybercriminals are impersonating OpenAI in a widespread phishing campaign designed to trick users into handing over financial information. The emails inform users that a payment for their ChatGPT subscription was declined, inviting them to click a link in order to update their…
