Security news aggregator

Latest coverage for Typosquatting

Typosquatting uses lookalike domains to redirect users, steal credentials, or deliver malware; domain monitoring and user verification reduce the risk.

32 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Typosquatting is the registration or use of a domain that resembles a legitimate one, often through misspellings, omitted or added characters, alternate top-level domains, or visually similar characters. An attacker may use the lookalike site for phishing, malware delivery, advertising, or impersonation. The technique works when users follow a mistyped address, a misleading search result, or a link that hides the actual domain.

The main risks are credential and payment-data theft, malware infection, and convincing impersonation of an organization or service. Security teams can reduce exposure by monitoring domain registrations, DNS changes, and certificate records for lookalikes; blocking confirmed malicious domains through web or DNS filtering; and maintaining clear, verified domains for customer communications. Password managers and user training to check the registered domain can also reduce successful visits. Suspected domains should be assessed quickly and, where appropriate, reported to the registrar or hosting provider.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 32
Microsoft Security Research 1 month, 2 weeks ago

Typosquatted npm packages used to steal cloud and CI/CD secrets

The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report details the attack chain, detection opportunities, and mitigation guidance to help organizations identify and disrupt related activity. The post Typosquatted npm packages used to steal cloud and CI/CD secrets appeared first on Microsoft Security Blog.

Bank Info Security 7 months, 2 weeks ago

Scattered Lapsus$ Hunters Tied to Targeting of Zendesk Users

Uncovered: Typosquatted Domains Linked to Suspected Ransomware Group CampaignContinuing its targeting of customer data, the cybercrime group Scattered Lapsus$ Hunters appears to be gearing up for large-scale attacks involving typosquatted domains that lead to phishing domains designed to steal Zendesk users' valid credentials, warn security researchers.

MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address.…

Bank Info Security 1 year, 8 months ago

Malicious Python Package Exfiltrates AWS Credentials

Developers' Credentials Stolen via Typosquatted ‘Fabric’ LibraryA malicious Python package that mimics a popular SSH automation library has been live on PyPi since 2021 and delivers payloads that steal credentials and create backdoors. The package steals AWS access and secret keys, sending them to a remote server operated through a VPN in Paris

Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of millions, to infect systems with info-stealing and snooping malware.…

Loading more headlines...