ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks
A sophisticated new threat vector has emerged that could undermine one of the most trusted authentication methods in cybersecurity. FIDO-based passkeys, long considered the gold standard for phishing-resistant authentica
New downgrade attack can bypass FIDO auth in Microsoft Entra ID
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. [...]
New Multi-Stage Tycoon2FA Phishing Attack Now Beats Top Security Systems
If you think phishing is just clicking a bad link and landing on a fake login page, Tycoon2FA will prove you wrong. This new wave of phishing-as-a-service isn’t playing the old game anymore; it’s running a 7-stage obstac
PoisonSeed Phishing Kit Bypasses MFA to Acquire Credentials from Individuals and Organizations
In recent months, a new phishing toolkit known as PoisonSeed has emerged, targeting both individual users and enterprise organizations with unprecedented sophistication. Unlike traditional phishing kits that harvest only
Bouygues Telecom Hacked – 6.4 Million Customers Data Exposed
In the early hours of August 6, 2025, Bouygues Telecom detected anomalous network traffic that signaled a sophisticated cyber intrusion. Initial forensic logs revealed that an advanced malware strain had breached perimet
UK work visa sponsors are target of phishing campaign
<p>Cyber criminals are exploiting Home Office branding in a newly identified <a href="https://www.techtarget.com/searchsecurity/definition/phishing" target="_blank" rel="noopener">phishing campaign</a> that targets holde
North Korean Kimsuky Hackers Data Breach – Insiders Published the Data Online
A massive leak of internal tooling, backdoors, and intelligence-gathering artifacts attributed to North Korea’s state-sponsored APT group Kimsuky has been published online by presumed insiders. The 34,000-page dump expo
Von der Spielerei zum Cyber-Betrug: Die neue Gefahr durch Deepfakes
Selbst technisch wenig versierte Täter können mithilfe generativer KI täuschend echte CEO-Anrufe, manipulierte Online-Meetings oder personalisierte Phishing-Kampagnen erstellen.
CastleLoader Malware Infected Over 400+ Devices Using Cloudflare-Themed ClickFix Phishing Attack
CastleLoader, a sophisticated malware loader that emerged in early 2025, has successfully compromised 469 devices out of 1,634 infection attempts since May 2025, achieving an alarming 28.7% infection rate. This versatile
SoupDealer Malware Bypasses Every Sandbox, AV’s and EDR/XDR in Real-World Incidents
In early August 2025, cybersecurity teams in Türkiye observed a new, highly evasive Java‐based loader that slipped past every public sandbox, antivirus solution, and even enterprise EDR/XDR platforms. This threat—codenam
The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks
Native phishing turns trusted tools into attack delivery systems. Varonis shows how attackers weaponize Microsoft 365 apps, like OneNote & OneDrive, to send convincing internal lures and how to spot them before they spre
ClickFix Malware Attacks macOS Users to Steal Login Credentials
In recent months, security researchers have observed a novel phishing campaign targeting macOS users under the guise of a CAPTCHA verification process. This attack, dubbed “ClickFix,” leverages a blend of social engineer
WinRAR 0-Day in Phishing Attacks to Deploy RomCom Malware
A critical zero-day vulnerability has been identified in WinRAR that cybercriminals are actively exploiting through sophisticated phishing campaigns to distribute RomCom malware. The flaw, designated as CVE-2025-8088, r
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom
WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware. The WinRAR flaw CVE-2025-8088, a directory traversal bug fixed in version 7.13, was exploited as a zer
New Windows-Based DarkCloud Stealer Attacking Computers to Steal Login Credentials and Financial Data
A sophisticated new variant of the DarkCloud information stealer has emerged in the cyberthreat landscape, targeting Windows users through carefully crafted phishing campaigns designed to harvest sensitive credentials an
WinRAR zero-day flaw exploited by RomCom hackers in phishing attacks
A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware. [...]
Hackers Weaponizing SVG Files With Malicious Embedded JavaScript to Execute Malware on Windows Systems
Cybercriminals have begun exploiting Scalable Vector Graphics (SVG) files as sophisticated attack vectors, transforming seemingly harmless image files into potent phishing weapons capable of executing malicious JavaScrip
Hacker Extradited to US for Stealing Over $2.5 Million in Tax Fraud Attacks
A sophisticated cybercriminal operation that targeted American tax preparation businesses through spearphishing campaigns has culminated in the extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to
Announcing public preview: Phishing triage agent in Microsoft Defender
The Phishing Triage Agent in Microsoft Defender is now available in Public Preview. It tackles one of the most repetitive tasks in the SOC: handling reports of user-submitted phish. The post Announcing public preview: P
Microsoft 365 Direct Send Weaponized to Bypass Email Security Defenses
Cybersecurity researchers have uncovered a sophisticated spear phishing campaign that weaponizes Microsoft 365’s Direct Send feature to bypass traditional email security defenses and conduct hyper-personalized credential