ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
APT-C-60 Attacking Job Seekers to Download Weaponized VHDX File from Google Drive to Steal Sensitive Data
A sophisticated espionage campaign targeting recruitment professionals has emerged, with the APT-C-60 threat group weaponizing VHDX files to compromise organizations. The threat actors impersonate job seekers in spear-ph
October Sees Rise in Phishing and Ransomware Attacks, Including TyKit and Google Careers Scams
October 2025 marked a notable escalation in cyber threats, with phishing campaigns and ransomware variants exploiting trusted cloud services to target corporate credentials and critical infrastructure. Attackers increasi
Attack Techniques of Tycoon 2FA Phishing Kit Targeting Microsoft 365 and Gmail Accounts Detailed
The Tycoon 2FA phishing kit has emerged as one of the most sophisticated Phishing-as-a-Service platforms since its debut in August 2023, specifically engineered to circumvent two-factor authentication and multi-factor au
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs,
OAuth Device Code Phishing: Azure vs. Google Compared
Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive tactics, and get an
Beware of New Phishing Attack that Abuses Cloudflare and ZenDesk Pages to Steal Logins
A sophisticated phishing campaign has emerged, exploiting the trust placed in legitimate cloud hosting services. Threat actors are leveraging Cloudflare Pages and ZenDesk platforms to conduct large-scale credential theft
New Business Email Protection Technique Blocks the Phishing Email Behind NPM Breach
Supply chain attacks targeting the JavaScript ecosystem have evolved into sophisticated operations combining domain manipulation with social engineering. On September 8, 2025, threat actors launched a coordinated phishin
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital,
KnowBe4 Threat Lab warnt vor Missbrauch von Webformularen als Phishing-Einfallstor
Die Taktik zeigt einen klaren Trend: Cyberkriminelle kapern zunehmend legitime Systeme, um von deren Domain-Autorität und Markenvertrauen zu profitieren. Damit verlieren klassische Authentifizierungsverfahren ihre Schutz
Phishing scam uses fake death notices to trick LastPass users
LastPass is warning that phishers are exploiting the digital will feature to trick people into handing over their master passwords.
Why layered resilience is the only true safeguard for SMEs
<p>Generative AI is <a href="https://www.computerweekly.com/opinion/How-CISOs-can-adapt-cyber-strategies-for-the-age-of-AI" target="_blank" rel="noopener">transforming the cyber threat landscape</a>, making phishing emai
New Phishing Attack Bypasses Using UUIDs Unique to Bypass Secure Email Gateways
A sophisticated phishing campaign leveraging randomly generated Universal Unique Identifiers (UUIDs) has emerged, successfully bypassing Secure Email Gateways (SEGs) and evading perimeter defenses. The attack employs an
New CoPhish attack steals OAuth tokens via Copilot Studio agents
A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. [...]
New Text Message Based Phishing Attack from China Targeting Users Around the Globe
A sophisticated text message phishing campaign originating from China has emerged as one of the most extensive cybersecurity threats targeting users worldwide. The operation, attributed to a threat collective known as th
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new
MuddyWater Using New Malware Toolkit to Deliver Phoenix Backdoor Malware to International Organizations
The Advanced Persistent Threat group MuddyWater, widely recognized as an Iran-linked espionage actor, has orchestrated a sophisticated phishing campaign targeting more than 100 government entities and international organ
Fake LastPass death claims used to breach password vaults
LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. [...]
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and Sep
Arsen Launches Smishing Simulation to Help Companies Defend Against Mobile Phishing Threats
Paris, France, October 24th, 2025, CyberNewsWire Arsen, the cybersecurity company dedicated to helping organizations defend against social engineering, today introduced its new Smishing Simulation module: a feature desig
Mimecast veröffentlicht seinen Global Threat Intelligence Report 2025
Die Auswertungen zeigen einen signifikanten Anstieg von Social-Engineering-Angriffen – einschließlich Kampagnen wie ClickFix, KI-unterstütztem Phishing und Business Email Compromise (BEC)