'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting
A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.
The Victims tag covers people and organizations harmed by cyberattacks, including breaches, scams, malware, identity theft, and data exposure.
Search across headline titles and summaries.
Background for this topic.
Victims are people, organizations, or public bodies that suffer harm from cyber-enabled activity, such as account compromise, fraud, unauthorized data access, malware, or service disruption. The term may describe both the directly compromised party and individuals whose information, devices, or accounts are affected through an incident involving another organization.
For security practitioners, victim impact guides triage and response: identify affected systems and data, contain access, preserve evidence, and restore trustworthy operations. Exposed personal or confidential information can create privacy and notification obligations, while compromised credentials or devices may enable further attacks against the victim or its contacts. Recording victim details in threat intelligence—such as the targeted sector, initial access method, and affected assets—can help identify campaigns and improve controls. Clear communication and support also matter, because victims need accurate guidance on credential resets, account monitoring, fraud reporting, and available remediation.
A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.
Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020
Latest victims of smishing attacks are UAE residents
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. [...]
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at least two attacks since the beginning of the year.…
Group-IB spots five new victims
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks. [...]
A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign
A new phishing technique called "file archiver in the browser" can be leveraged to "emulate" a file archiver software in a web browser when a victim visits a .ZIP domain