Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites. We saw earlier this year that phishing attacks leveraging XSS were on the rise. Now, new scams are…
Researchers at Menlo Security warn that a phishing campaign is exploiting Google Drawings to evade security filters. The phishing emails inform the user that their Amazon account has been suspended, instructing them to click on a link in order to…
A new phishing campaign is targeting Israeli organizations to deliver the RHADAMANTHYS information-stealing malware, Cyber Security News reports. Security researcher Maor Dayan discovered the campaign, noting that the phishing emails impersonate the Israeli news organizations Calcalist and Mako. The emails…
A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order to reach users’ inboxes. “Building on the insights from the 2023 End of Year…
New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker. I first saw this kind of attack earlier this month – where the user is asked to launch the Run dialog box and…
Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator. If someone typed “Google Authenticator” into Google, the malicious ad would be at the top of the search results. The ad copied…
