Researchers at Checkmarx warn that attackers uploaded more than 15,000 packages to NPM, the open-source repository for JavaScript packages, to distribute phishing links. The packages themselves weren’t malicious, but they contained README text files with links to phishing sites. “The…
New cyber attack data from 2022 is providing insight into what to expect in 2023, including ransomware campaigns. The philosopher George Santayana is credited with the saying “Those who forget their history are condemned to repeat it.” It’s one of…
With nearly 280 million phishing emails detected by just one vendor, and the increase in the number of unique emails, organizations have a lot to be worried about in 2023. I want to start with some context around this stat.…
New data shows users aren’t scrutinizing emails used in business email compromise (BEC) attacks, allowing critical changes in banking details that would impact the victim's organization financially. Someone sends an email to your Accounts Payable specialist stating they want to…
Coinbase describes a targeted social engineering attack that led to the theft of some employee data. The attacker first sent smishing messages to several Coinbase employees, urging them to click a link and log in to their Coinbase work account.…
Cloudflare warns that business email compromise (BEC) phishing has assumed a new form: vendor email compromise (VEC). The classic BEC case involves the impersonation of someone within an organization, taking advantage of the trust that builds up among co-workers to…
