Latest coverage for Phishing
Phishing uses deceptive messages to steal credentials or deliver malware, while user verification, MFA, and email filtering reduce the risk.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Phishing is deceptive communication—by email, text, phone, or a fake website—that impersonates a trusted person or service to make someone disclose credentials, approve a transaction, reveal sensitive information, or run harmful software. Attackers use it to bypass technical controls by persuading a legitimate user to perform an action, and may target employees, customers, administrators, or suppliers.
Its impact can include account takeover, unauthorized payments, exposure of personal or business data, and access to internal systems. The most effective control for stolen-password phishing is phishing-resistant multi-factor authentication, such as hardware-backed passkeys or security keys, which binds authentication to the legitimate site. Organizations should also filter and authenticate messaging where possible, use password managers, restrict risky actions, train users to verify unusual requests through a separate channel, and provide rapid reporting so suspected credentials or sessions can be revoked.
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing
Cybercriminals are selling access to the malicious GenAI chatbot via Telegram, providing rapid assistance for a range of nefarious activities, according to Abnormal Security
Supply chain attack hits Chrome extensions, could expose millions
Threat actor exploited phishing and OAuth abuse to inject malicious code Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already.…
Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA
Account Compromise and Phishing Top Healthcare Security Incidents
Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year
Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...]
Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks
A CloudSEK report revealed Zendesk's platform can be exploited for phishing and investment scams
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT
Phishing Attacks Are the Most Common Smartphone Security Issue for Consumers
New hands-on testing results show that most devices are unable to catch phishing emails, texts, or calls, leaving users at risk.
Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. [...]