An ongoing phishing campaign targets Donald Trump supporters. It uses fake donation websites; however, the fact that it only accepts payments in crypto means its impact is limited.
Phishing RSS
File upload logic in GitHub's comments allows hackers to host malware on the service and abuse trusted developers and companies, such as Microsoft, to create legitimate-looking URLs.
Online scammers try to trick people into thinking that during crypto hype they registered on an online Bitcoin mining platform, then frighten them with the loss of their fictional funds.
In a rather atypical YouTube scamming scheme you can actually get paid by cybercriminals. However, earning a few extra bucks can get you into trouble, as the cheats hope you come back for more.
Google has outlined several measures taking senders of bulk emails to help cut down on spam. The company will be implementing the changes by February 2024 and users should see a difference.
Security experts have raised warnings about Google's new .zip and .mov top-level domains because they look like file extensions and could be used maliciously. They are already being used in the wild.
A new security blog post from Microsoft says that accounting and tax return firms are the targets of a phishing campaign designed to deliver a remote access trojan to their computers.
Google's YouTube is sounding the alarm about a recent email phishing scam that uses YouTube email addresses and asks people to click on a link about "changes in YouTube rules and policies."
YouTuber Linus Sebastian confirmed in a new video that his channels were taken over by hackers due to a session hijacking attack. This attack bypasses passwords and MFA to infiltrate an account.
A new report from the security firm Mandiant claims that a group based in North Korea is posting fake job listings on LinkedIn that eventually results in malware being downloaded to a user's PC.
Microsoft is set to introduce enhanced security to its OneNote program. This comes after threat actors started exploiting the note-taking app for their phishing campaigns to steal sensitive data.
Threat actors were recently seen advertising fake ChatGPT apps for Windows and Android. When downloaded, the apps will steal sensitive information or subscribe the victim to premium services.
The email account of domain registrar Namecheap was recently hacked, which allowed criminals to distribute phishing emails. The company has since rectified the issue after stopping all emails.
Reddit recently suffered a security breach that allowed cybercriminals to access some of its internal data and systems. The incident was a result of a successful phishing attack against the company.
Our latest edition of Microsoft Weekly unpacks news about Microsoft's declining revenues in consumer categories, some Windows 11 updates, bugs, and fixes, and a bunch of app enhancements.
According to new research by cybersecurity firm Check Point, Yahoo was the most impersonated brand by cybercriminals who sent phishing emails. Others who made the list include Google and DHL.
As we enter a new year, cybercriminals will develop more dangerous and sophisticated cyberthreats. Thankfully, there are many things you can do to mitigate the risk of falling victim to them.
Friendster, a defunct social media platform popular in the 2000s, was recently seen online again. However, it is not exactly known if the website is legitimate due to a few red flags.
Popular file hosting service Dropbox recently suffered a data breach that gave threat actors access to 130 of its code repositories. This was after Dropbox employees fell victim to a phishing scam.
Not long after Twitter's new CEO Elon Musk announced his plans to revamp the platform's verification process, cybercriminals are already exploiting the situation by sending out phishing emails.
A typosquatting campaign that steals sensitive data and infects Android and Windows devices with malware has recently been discovered. Many of the fake domains look very similar to the real ones.
A study by cybersecurity experts in Scotland found that passwords can be cracked by analyzing the traces of heat left by a person's fingertips when they enter their password on a keyboard or phone.
Meta has warned one million Facebook users who may have had their accounts compromised through a fraudulent iOS or Android app. The apps required users to sign in in order for the app to "work."
Samsung has launched Samsung Internet 19.0 beta that brings new features and enhancements to the previous ones. It is now available to download on the Google Play Store and Samsung Galaxy Store.
Signal has reported a recent phishing attack on its verification service provider, Twilio, which has exposed approximately 1,900 users registered to a Signal account. Twilio has shut down the attack.
Microsoft has warned about a phishing campaign called "SEABORGIUM". The threat actors of SEABORGIUM first build up rapport with the targets before duping them to rob their data, like credentials.
Provider of communications and two-factor authentication services, Twilio, has been targeted by a phishing attack, exposing what they say is a "limited number" of customer accounts.
Cloudflare has acquired Area 1 Security, an email anti-phishing firm, for $162 million. Cloudflare already made inroads into the email security domain and this purchase will boost those efforts.
Google Drive can now display warning banners to alert users of potentially malicious files. The new resource is available to all Google Workspace, G Suite Basic, and Business users.
A bug in Microsoft Outlook is tricking people into believing that phishing emails are from genuine contacts by using the Cyrillic alphabet which has letters similar to those in the Latin alphabet.
The ability to configure Safe Links policies for Microsoft Teams is now available for organizations which use Microsoft Defender for Office 365. It is utilized to protect against phishing attacks.
Google has announced a bunch of privacy- and security-focused improvements for Chrome 92. It has also stated that phishing detection is now 50 times faster and drains lower battery than before.
After another Nobelium cyberattack, Microsoft has emphasized the need to differentiate between "espionage as usual" acts and crippling attacks like SolarWinds. It has encouraged cloud adoption too.
The spurt in email and web phishing attempts by imitating Microsoft is to capitalize on large numbers of employees working remotely because of the pandemic, many for the first time ever.
Google has announced a new experiment for Chrome 86 users. It says the move will help cut down on the incidents of phishing but it could lead to a boost in Google Search traffic too.
Twitter has revealed what information hackers were able to access during the breach earlier this week. The firm has also clarified the actions it will take going forward to regain users' trust.
The social media website has responded to last night's hack stating that the attack was socially engineered and targeted some Twitter employees with access to internal tools and systems.
Twitter accounts of prominent personalities and Bitcoin exchange companies were compromised earlier today. The hackers linked to a phishing website that siphoned off close to $25,000 already.
A new phishing attack serves fake Zoom account suspension emails, aiming to steal users' Office 365 credentials. The email spoofs the official Zoom domain and has reportedly targeted 50,000 users.
Microsoft has taken legal action against scammers who are attacking users left vulnerable by COVID-19. These scammers are using BEC attacks to steal personal information to access Office 365 accounts.
