Serverless Phishing Kit on GitHub Targets Mexican Banks
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching
Researchers Detail Prompt Injection, API and Redirect FlawsOasis Security researchers found three bugs in Claude that attackers can chain to steal user chat data without malware or phishing. The "Claudy Day" attack links hidden prompt injection, Anthropic's Files API and an open redirect. Anthropic has fixed the core flaw.
Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022
Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc
A new phishing campaign has been identified using Havoc to control infected systems, leveraging SharePoint and Microsoft Graph API
Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.
Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services
Robert Blumofe on DDoS Attacks, API Security, Zero Trust and FIDO2-MFARobert Blumofe, executive vice president and CTO at Akamai, expects social engineering, phishing, extortion and AI-driven attacks to dominate the threat landscape. He advised enterprises to use FIDO2-based MFA, zero trust, microsegmentation and API security to reduce risks.
Personal info and data safe, stolen code not critical, apparently Dropbox has said it was successfully phished, resulting in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials.…