來自頂級安全媒體的最新動態
The Belarus-aligned threat group Ghostwriter, also tracked as FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC-0057, Umbral Bison, UNC1151, and White Lynx, has launched a fresh wave...
A sophisticated phishing operation dubbed "Operation HookedWing" has been systematically targeting organizations across critical sectors for over four years, according to threat in...
A sophisticated malvertising campaign is leveraging Google Ads and the public chat‑sharing feature of Anthropic’s Claude.ai to distribute a macOS backdoor. Victims who search for "...
Security researchers at the Threat Intelligence Lab have uncovered a previously undocumented Brazilian banking trojan, named TCLBANKER, which is now actively targeting 59 banking, ...
The Hacker News recently highlighted an emerging cybersecurity threat model dubbed "Patient Zero" that organizations increasingly struggle to detect. A specialized webinar hosted b...
Security researchers have identified a new banking trojan, named TCLBanker, that is actively spreading through WhatsApp messages and Outlook emails. The campaign lures victims with...
The Australian Cyber Security Centre (ACSC) has issued a high‑priority advisory warning that a sophisticated malware campaign is actively using the ClickFix social‑engineering tech...
Security researchers have uncovered a phishing campaign that spoofs the official Anthropic Claude AI portal to distribute a new Windows backdoor dubbed “Beagle.” The fraudulent sit...
The Iranian state-sponsored threat actor MuddyWater, also tracked as Mango Sandstorm, Seedworm, and Static Kitten, has been linked to a sophisticated cyberattack that leveraged Mic...
A sophisticated phishing campaign is leveraging Google’s sponsored search ads to mimic the login page of ManageWP, GoDaddy’s platform for centrally managing large fleets of WordPre...
MuddyWater, the Iranian advanced persistent threat (APT) group also tracked as Static Kitten, has been observed disguising its espionage operations behind a non‑functional Chaos ra...
Microsoft’s Threat Intelligence Center (MSTIC) has released details of a large‑scale credential‑harvesting operation that successfully targeted roughly 35,000 users in 26 countries...
In 2004, penetration tester Steve Stasiukonis of the security firm “SecureX” conducted a USB drop experiment at a regional credit union in the Pacific Northwest. Armed with a batch...
Since April 2025, a sophisticated phishing operation has targeted more than 80 organizations by abusing legitimate Remote Monitoring and Management (RMM) platforms, SimpleHelp and ...
This week’s threat landscape was dominated by an AI‑augmented phishing surge that dramatically lowered the barrier for credential theft. Researchers at Cisco Talos documented a cam...
The China-based advanced persistent threat (APT) group Silver Fox, also tracked as Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne, has launched a sophi...
An international law enforcement coalition dubbed 'Operation Crypto Shield,' led by the FBI, Europol, and China's Ministry of Public Security, has achieved a landmark victory again...
Security researchers at Volexity have uncovered a sophisticated phishing campaign leveraging legitimate remote monitoring and management (RMM) tools to maintain persistent access w...
Security researchers have uncovered a sophisticated campaign by the China-backed advanced persistent threat (APT) group Silver Fox, targeting organizations in India and Russia with...
Kaspersky researchers identified a surge in phishing campaigns leveraging Amazon Simple Email Service (SES). Attackers abuse the trusted infrastructure by sending emails via verifi...
Amazon Simple Email Service (SES), the cloud‑based email sending platform offered by Amazon Web Services, is increasingly being weaponized by threat actors to distribute phishing e...
Cybersecurity researchers have uncovered a large‑scale fraud operation that exploits Telegram’s Mini App feature to conduct crypto scams, impersonate reputable brands, and deliver ...
A newly uncovered Vietnamese‑linked phishing campaign has compromised roughly 30,000 Facebook accounts by abusing Google’s low‑code AppSheet platform as a covert relay. Researchers...
Cybersecurity researchers have identified two distinct cybercrime groups orchestrating rapid, high‑impact extortion campaigns that operate almost entirely within Software‑as‑a‑Serv...
Law enforcement agencies in the United States and Europe have dismantled a sprawling SMS phishing campaign that leveraged fake cellular base stations, known as IMSI catchers, to bl...
Security researchers have uncovered a new phishing-as-a-service platform called Bluekit that advertises more than 40 ready‑made templates targeting popular online services such as ...
Security researchers at Group-IB have uncovered a large-scale smishing operation that combines fake CAPTCHA verification pages with International Revenue Share Fraud (IRSF) and cry...
Romance scams, a form of confidence scheme that preys on emotional trust, continue to trap thousands of victims each year. Security analysts note that those who fall prey to these ...
The US Department of Justice has announced the indictment of 29 individuals linked to a cyber fraud syndicate operating from Myanmar, charging them with conspiracy to commit wire f...
In the past six months, a surge of AI‑powered phishing campaigns has reshaped the threat landscape, according to an analysis published by Dark Reading. Threat actors are moving awa...
Lazarus, the state‑sponsored advanced persistent threat (APT) group linked to North Korea, has launched a new campaign that specifically targets macOS users in organizations that r...
NASA's Office of Inspector General (OIG) has disclosed a sophisticated spear‑phishing campaign orchestrated by a Chinese national who masqueraded as a U.S. defense researcher. The ...
Cybersecurity researchers at CleverSight Threat Intelligence have uncovered a cluster of 26 malicious iOS applications that masquerade as popular cryptocurrency wallets such as Tru...
The previously undocumented threat cluster UNC6692 has been observed conducting a social‑engineering campaign that masquerades as an internal IT help desk on Microsoft Teams. The a...
Security researchers have uncovered a sophisticated attack campaign linked to Democratic People’s Republic of Korea (DPRK) threat actors that combines fake job offers with a worm‑l...
Tyler Robert Buchanan, a 24‑year‑old British national known in the cybercrime underground as “Tylerb,” pleaded guilty on June 5 2024 in a U.S. District Court to one count of wire‑f...
Tycoon, a well‑known phishing collective that has long abused two‑factor authentication (2FA) bypass tricks, has quietly shifted to a new attack vector: OAuth 2.0 device‑code phish...
Security researchers have identified a sophisticated campaign by North Korean threat actor Sapphire Sleet targeting macOS users through ClickFix attack vectors. The group, tracked ...
A coordinated phishing operation attributed to the threat group 0ktapus has ensnared more than 130 organizations across multiple industries, according to researchers at Threatpost....
A wave of phishing campaigns masquerading as airline and hotel reservation confirmations is compounding the frustration of travelers already grappling with cancellations and overbo...