Microsoft Teams Calls Exploited in Sophisticated DarkGate Malware Campaign
Cybercriminals are leveraging Microsoft Teams and AnyDesk in a complex social engineering attack to distribute DarkGate malware. The campaign combines email phishing, vishing through Teams calls, and remote access tools to compromise systems and steal sensitive data.
Massive Malvertising Campaign Spreads Lumma Malware Through Fake CAPTCHA Scam
Cybercriminals have launched a sophisticated attack reaching millions of users through compromised ad networks, using fake CAPTCHA verification pages to distribute the Lumma information stealer. The campaign generates over 1 million daily ad impressions across 3,000+ websites, targeting sensitive data like banking credentials and personal files.
AI Granny Bot Outsmarts Phone Scammers with Tales of Her Cat
British telecom O2 deploys Daisy, an AI system posing as a chatty grandmother, to waste scammers' time with endless stories and circular conversations. Working with scam-hunter Jim Browning, the initiative aims to disrupt fraudsters while raising awareness about telephone scams.
Cybercriminals Exploit Corrupted Files to Bypass Security in Sophisticated Phishing Campaign
A new phishing campaign discovered by ANY.RUN researchers uses deliberately damaged Office documents and ZIP files to evade antivirus detection. The attack leverages built-in file recovery features to deliver malicious QR codes while remaining undetectable to security tools.
Rockstar 2FA: The New Phishing Toolkit Bypassing Microsoft 365 Security
A sophisticated phishing toolkit called Rockstar 2FA is enabling cybercriminals to bypass Microsoft 365's multi-factor authentication through adversary-in-the-middle attacks. Available for just $200, this accessible platform provides advanced features like cookie harvesting and customizable login pages that pose a significant threat to organizations.
Microsoft Takes Down Global Phishing Network in Major Cybersecurity Operation
Microsoft's Digital Crimes Unit has dismantled a sophisticated Egyptian-run phishing operation that sold criminal toolkits targeting financial institutions. The takedown of over 240 websites comes as Microsoft reports a 146% increase in advanced phishing attacks, highlighting escalating efforts to combat cybercrime.
Malicious GitHub Commits Target Security Researcher in Identity Fraud Attack
Multiple open-source projects on GitHub were compromised by unauthorized code commits falsely attributed to security researcher Stephen Lacy. The attack exploited commit verification weaknesses to damage the researcher's reputation, prompting GitHub to investigate and the community to implement stricter authentication measures.
T-Mobile Hit by Data Breach in Latest Attack on Telecom Giants
T-Mobile confirms unauthorized access to its systems in a recent cybersecurity incident, marking the latest in a series of attacks targeting major telecommunications providers. The company is working with security experts and law enforcement while advising customers to change passwords and enable two-factor authentication.
Massive Data Breach at Set Forth Exposes 1.5 Million Customers' Personal Information
Set Forth, a major American debt services firm, suffered a significant data breach compromising sensitive data of 1.5 million customers and their families. The company discovered unauthorized system access in May 2024, leading to the theft of personal information including social security numbers.
Major Cyberattack Paralyzes Payment Systems Across Israel
A widespread cyberattack disrupted payment processing networks throughout Israel, forcing businesses to halt card transactions and accept only cash. The incident exposed vulnerabilities in critical payment infrastructure while cybersecurity teams worked to restore services and implement additional protections.