#phishing

#phishing

In today's digital workplaces, cyber threats rarely begin with broken systems. They begin with everyday actions-opening emails, sharing information, or accessing online platforms. Security awareness training helps reduce cyber attack risks by strengthening how individuals recognize and respond to these situations. Rather than focusing on technical controls alone, organizations are increasingly prioritizing cyber awareness as a core defense strategy. When users understand common threats such as phishing, social engineering, and unsafe online behavior, they are better equipped to prevent incidents before damage occurs.

Security company Trellix warns of a sharp increase in advanced phishing attacks on Facebook users. In the second half of 2025, researchers saw a rise in the use of the 'Browser-in-the-Browser' technique, in which attackers simulate fake login windows that are almost indistinguishable from the real thing. With more than 3 billion active users, Facebook remains an attractive target for cybercriminals. In recent months, however, the approach has been evolving rapidly.

"For initial access, the threat actors utilize a fake Booking.com reservation cancellation lure to trick victims into executing malicious PowerShell commands, which silently fetch and execute remote code," researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said. The starting point of the attack chain is a phishing email impersonating Booking.com that contains a link to a fake website (e.g., "low-house[.]com").

The prospects for phishing in the era of AI could be huge. We've (arguably) moved well beyond requests for money from fake nation state princes, we're now in place where all message formats (emails, audio messages or video messages) can faked. "We are going to have to have multiple trusted channels with those who are close to us. If one channel, email, WhatsApp, Slack, etc. gets an important message, you may need to validate this on another channel.

AI-Enhanced Phishing and Deepfakes: No longer are phishing emails riddled with obvious errors. AI tools can instantly craft convincing messages by harvesting content from social media and corporate sites, personalizing scams to increase their effectiveness. Adding to this, deepfake technology enables cybercriminals to mimic voices and even video images of executives to authorize wire transfers or issue fake instructions, making fraud exponentially harder to detect.

A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user's conversations in real time by manipulating the app's device pairing or linking routine.

Sometimes, a false sense of intimacy with AI can lead people to share information online that they never would otherwise. AI companies may haveemployees who work on improving the privacy aspects of their models, but it's not advisable to share credit card details, Social Security numbers, your home address, personal medical history, or other personally identifiable information with AI chatbots.

Scammers use a variety of techniques to trick you into parting with your cash. There are some ways to prevent it happening

Knight, who has over 25 years of experience in online security, revealed these have likely already begun, and warned people need to be extra vigilant as tensions rise. He admitted America has a huge advantage over Venezuela with its capabilities, and is understood to already be hitting assets like air defenses and security apparatus. But he warned hackers could unleash a wave of phishing links, fake emails and false profiles to impact ordinary Americans.

Officials are urging people not to click on suspicious links or attachments in emails, websites, or social media posts, warning that a single click can install malware on a device. 'Phishing scams and similar crimes get you to click on links and give up personal information like your name, password, and bank account number,' the FBI said. 'Be especially wary if a company asks you to update your password or account information. 'Look up the company's phone number on your own and call the company.'

The scheme relies on fake notifications, fraudulent websites and malicious links designed to trick shoppers into handing over personal information, including bank details and Amazon login credentials. The e-commerce giant issued the alert in a mass email, warning that cybercriminals are 'targeting Amazon users by reaching out to try and get access to sensitive information like personal or financial information, or Amazon account details.'

Here's how it works: The scammers pretend to be a legitimate Apple representative. They send text messages or iMessages, claiming that your lost iPhone has been found abroad, sometimes weeks or months after you may have lost it. "To make the messages look convincing, they include accurate details of the missing device - such as its model, color, and storage capacity - which the scammers can read directly from the phone itself," the NCSC warns in its alert.

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations' security investments are asymmetrical, robust detection tools paired with an under-resourced SOC, their last line of defense.

Neither I nor anyone on my team can access it, or any of our accounts. We received emails of an unknown administrative user being added. This person then linked their own MCC to many of our accounts. That's all we know. We have 2FA enabled on all accounts. No idea how this happened. Is there anyone who has dealt with this and can help?

Cybersecurity company Guardio is taking aim at a fresh market born amid this flux: finding malicious code written using AI tools. The company says it has found that with AI tools, malicious actors now find it easier than ever to build scam and phishing sites as well as the infrastructure needed to run them. Now, Guardio is leveraging its experience building browser extensions and apps that scan for malicious and phishing sites.

Caitlin Emma, a spokesperson for CBO, told TechCrunch on Friday that the agency is investigating the breach and "has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency's systems going forward." CBO is a nonpartisan agency that provides economic analysis and cost estimates to lawmakers during the federal budget process, including after legislative bills get approved at the committee level in the House and Senate.

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization's cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she's just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web marketplace, where they'll sell her credentials for about $15. Not much as a one-off, but a serious money-making operation when scaled up.

KnowBe4 summarizes the effort to do exactly that under the banner of Human Risk Management (HRM), with the main goal of generating workforce trust. What exactly does that mean? We discussed this shift from security awareness to HRM earlier this year. Awareness of cyber risks is not something that one instantly knows how to measure. Human risk, at least with respect to how KnowBe4 envisions it, should now appear on the radar with a defined score.

Among their discoveries can be OAuth tokens, which these digital assistants then pass on to malicious parties. Datadog uncovered how agents use Microsoft Copilot Studio to assist in phishing campaigns. Copilot Studio enables a pervasive form of automation. To increase their usability, users can share the workflows of these agents, which are called "topics." The Login topic can be configured in such a way that users are misled.

If a person dies, their immediate family may not know how to get into the deceased's password manager, and may contact the vendor asking for access. Scammers suspected of being part of the CryptoChameleon cyber criminal group are trying to take advantage of that by sending oddly-worded phishing messages to LastPass customers. The goal, presumably, is not only to get LastPass login credentials, but also to access the user's cryptocurrency wallet and drain its contents.

"I would say [I get them] two or three times a week. Sometimes I get multiple texts in one day. A lot of it is almost catfish, where they tell you you can work from home for x amount of money per week," said Sheree Delice.

"I started to create videos about cryptocurrency and launch my own exchange on cryptocurrency," the Durham, North Carolina, resident said.

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard Labs, said in a report shared with The Hacker News.

Members of Gen Z are often referred to as "digital natives." They were born and raised in the internet era and have been engaging with computers, tablets, smartphones, and other connected devices from an early age. In many ways, this gives Gen Z an advantage in today's increasingly digital working environments-but that isn't always the case. In fact, research has consistently shown that each generation has its own unique blind spots when it comes to safely navigating the digital realm.

"Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware configurations," McAfee Labs researchers Harshil Patel and Prabudh Chakravorty said in a report. "When law enforcement or security researchers shut down their C2 infrastructure, Astaroth simply pulls fresh configurations from GitHub and keeps running."

In a blog post, Redmond said a cybercrime crew it tracks as Storm-2657 has been targeting university employees since March 2025, hijacking salaries by breaking into HR software such as Workday. The attack is as audacious as it is simple: compromise HR and email accounts, quietly change payroll settings, and redirect pay packets into attacker-controlled bank accounts. Microsoft has dubbed the operation "payroll pirate," a nod to the way crooks plunder staff wages without touching the employer's systems directly.

"However, it's important to note that any SaaS systems storing HR or payment and bank account information could be easily targeted with the same technique," Microsoft researchers said. "These attacks don't represent any vulnerability in the Workday platform or products, but rather financially motivated threat actors using sophisticated social engineering tactics and taking advantage of the complete lack of multifactor authentication (MFA) or lack of phishing-resistant MFA to compromise accounts."

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front camera; and even send SMS messages or place calls directly from the victim's device," Zimperium researcher Vishnu Pratapagiri said in a report shared with The Hacker News.