Email And Password
-
Read moreMicrosoft's report shows AI boosting phishing success to 54% click-through—learn about ClickFix trends, nation-state AI use, and defenses like MFA to protect against evolving cyber attacks. -
Read moreLastPass warns of phishing emails with ZIP files dropping malware for keylogging and data theft—enable MFA, use antivirus, and verify sources to protect against these sneaky attacks. -
Read more2017 emails reveal IndusInd executives ignored Forex hedging red flags, leading to potential profit manipulation—RBI probes ongoing; experts urge stronger banking audits and governance to safeguard against accounting scandals. -
Read moreNew SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense. -
Read moreSophisticated phishing uses legit-looking Zoom Docs invites from "HR" to lure job hunters into fake Gmail login pages, exfiltrating credentials in real-time via WebSocket on overflow.qyrix.com.de. Discovered by Himanshu Anand—verify emails directly and use password managers to avoid account takeovers. -
Read moreVampire Bot spyware targets job seekers via deceptive ZIP attachments in recruiter emails, stealing screenshots and data. Linked to BatShadow hackers, it evades detection—stay safe by verifying offers and using EDR tools to avoid digital traps. -
Read moreA breach at Discord's third-party support vendor leaked personal info like names, emails, IP addresses, limited billing details, and scanned photo IDs for some users—no passwords or full cards affected. Discord is investigating and notifying victims; stay alert for phishing. -
Posted: September 29, 2025Views: 17Read moreA malicious update to the postmark-mcp server injects a hidden BCC to exfiltrate sensitive emails from thousands of organizations. Koi’s risk engine uncovered the attack, highlighting risks in AI-driven MCP tools. Remove version 1.0.16+ and audit MCP servers now. -
Read moreThe npm package "fezbox" (alias janedu) disguises as a JS/TS utility library but hides credential-stealing code in a Cloudinary QR image. Discovered by Socket Threat Research, it uses reversed strings and obfuscation to evade detection—learn risks and defenses like CI/CD scanning and zero-trust dependencies. -
Posted: September 22, 2025Views: 18Read moreTrend Micro warns of cybercriminals using AI to create fake CAPTCHA pages that trick users into revealing sensitive data, boosting phishing success rates and challenging cybersecurity defenses.
Recent Posts
