phishing
Microsoft Defender Research disclosed a sophisticated AiTM phishing campaign that hit 35,000+ users at 13,000+ organizations across 26 countries in just three days. 92% of targets were in the U.S. The lure was a fake employee disciplinary case. The reverse proxy stole session tokens — bypassing MFA in
Data Breaches
PIPC's record penalty cites an employee workstation hack, a 72-hour reporting delay, and nonexistent database security controls. SEOUL, South Korea — South Korea’s Personal Information Protection Commission (PIPC) has levied a record 1.21 billion KRW ($815,000) fine against Duo, the nation’s largest matchmaking service, following
Data Breaches
South Africa’s largest lender by assets is reeling from a major security incident after a threat actor publicly released a massive cache of sensitive banking data. JOHANNESBURG, SOUTH AFRICA — Standard Bank has confirmed it is managing a "data incident" following reports that a threat actor has successfully
Digital Identity
Following a coordinated global takedown of the Tycoon 2FA infrastructure, decentralized threat actors are abandoning traditional Adversary-in-the-Middle (AiTM) kits in favor of more resilient device code phishing tactics. LONDON, UK — The landscape of Multi-Factor Authentication (MFA) bypass is undergoing a rapid transformation. Just weeks after an international law enforcement operation
Artificial Intelligence (AI)
A sophisticated "Vishing-as-a-Service" (VaaS) platform named ATHR has surfaced, utilizing high-fidelity AI voice clones to automate large-scale credential theft and bank fraud. SAN FRANCISCO, CA — Security researchers have uncovered a potent new threat in the social engineering landscape: ATHR, a specialized vishing (voice phishing) platform that leverages generative
Cyber Crime
The Russia-linked exchange halts all operations after a high-precision attack empties its hot wallets, with leadership blaming Western intelligence services for the collapse. MOSCOW, RUSSIA — Grinex, a prominent cryptocurrency exchange previously blacklisted by international regulators for its alleged role in money laundering and sanctions evasion, has officially suspended all trading
Cyber Crime
The sentencing of Nathan Latka’s co-conspirator highlights the severe legal repercussions for "credential stuffing" and the lucrative black market for stolen digital identities. NEW YORK, NY — A second individual involved in the massive November 2022 cyberattack against the sports betting giant DraftKings has been sentenced to 30
Mobile Security
The theft of a high-profile artist's retirement fund highlights a persistent vulnerability in mobile app marketplaces and the rising sophistication of "brand impersonation" attacks. SAN FRANCISCO, CA — Garrett Dutton, better known as the alternative hip-hop musician G. Love, has gone public with the loss of his
Supply Chain Attack
A sophisticated supply chain attack exploits the ‘Shell Commands’ plugin for Obsidian, delivering the PhantomPulse Trojan to high-value targets in the finance and cryptocurrency sectors. RESEARCH TRIANGLE PARK, NC — Security researchers have uncovered an elaborate malware campaign targeting users of the popular note-taking app, Obsidian. The campaign, dubbed "Phantom
Identity Theft
A global surge in fraudulent Apple alerts is weaponizing the fear of losing personal photos to steal credit card details and Apple ID credentials. CUPERTINO, CA — Apple users worldwide are being urged to exercise extreme caution as a pervasive and highly effective phishing campaign resurfaces. The scam, which utilizes "
Cybersecurity 101
Introduction to Deepfake Technology A deepfake is a form of synthetic media where artificial intelligence is used to create highly realistic fake videos, fake images, or audio recordings that depict a real person doing or saying something they never did. A deepfake is an artificial image or video generated by