Stay informed on spoofing attacks with the latest news, expert insights, and prevention tips in information security. Protect your online identity now.
Search across headline titles and summaries.
Background for this topic.
Spoofing is a deceptive practice where an individual or program masquerades as a legitimate entity within a communication system. In the realm of information security, spoofing is a significant issue, because attackers often use it to gain unauthorized access to systems and networks.
There are various types of spoofing attacks, including but not limited to email spoofing, caller ID spoofing, IP address spoofing, and website spoofing. In each case, the attacker forges the header or address information to appear as a trusted source, thereby tricking users, systems, or networks into divulging sensitive information, granting access, or redirecting traffic. This can lead to data breaches, financial theft, and the spread of malware.
For instance, email spoofing might involve an attacker sending messages that appear to come from a known contact, enticing the recipient to reveal personal details or click on malicious links. Similarly, IP spoofing involves the creation of internet packets with a forged IP address to disguise the attacker's identity or to impersonate another computing system.
Mitigating spoofing attacks typically involves the use of authentication protocols, encryption, and network security tools that can detect and prevent unauthorized access. Users are also encouraged to be vigilant and to verify the authenticity of communications, especially when sensitive information is involved.
Weekly headline count for the current query.
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026
While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild
As fake identity fraud is projected to cause $40 billion in losses next year, leaders must abandon static security in favor of rapid-iteration, AI-enabled defenses that adapt in days, not months. The post Weaponized AI: The new frontier of fraud and identity spoofing appeared first on CyberScoop.
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)
ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength GPS spoofing, which sends fake satellite-like signals, and GPS jamming, which drowns receivers in noise, are increasingly serious problems. Researchers at Oak Ridge National Laboratory in Tennessee have created what they say is the most effective system yet for detecting GPS interference, which could help blunt such attacks.…
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. [...]
Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer's identity.…
One CVE under attack, one already disclosed by angry bug hunter, and 163 more Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's mega Patch Tuesday.…
Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. [...]
Digital Skimming Attacks Spoof Stripe Payment Forms to Steal Payment Card DataMagecart-style digital skimming attacks targeting payment card data continue, with researchers detailing an active campaign targeting the popular WooCommerce platform and Stripe. Separately, widely used ConnectPOS exposing its code repository for years, posing a supply-chain risk for customers.
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater
Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.
Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally
Also: macOS Naughty or Nice, Cybercrime Karma, Spoofing Legacy Rail InfrastructureLondon in December: Early to dark, quick to rain but also festive - and a mecca for cybersecurity researchers there for the annual Black Hat Europe conference. This year's event featured nearly 50 briefings that touched on everything from hardware hacking to combing infostealer logs for hidden gems.
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks
Extra infosec investments are taxiing towards the runway India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports.…
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. [...]