Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls.
The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek.
Russian Government Hackers Caught Buying Passwords from Cybercriminals
Microsoft flags a new Kremlin hacking team buying stolen usernames and passwords from infostealer markets for use in cyberespionage attacks.
The post Russian Government Hackers Caught Buying Passwords from Cybercriminals appeared first on SecurityWeek.
Coinbase Says Rogue Contractor Data Breach Affects 69,461 Users
A mandatory filing to the Maine Attorney General says 69,461 customers nationwide were affected and dates the breach back to last December.
The post Coinbase Says Rogue Contractor Data Breach Affects 69,461 Users appeared first on SecurityWeek.
AI-Powered Polymorphic Phishing Is Changing the Threat Landscape
Combined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates.
The post AI-Powered Polymorphic Phishing Is Changing the Threat Landscape appeared first on SecurityWeek.
Legacy Google Service Abused in Phishing Attacks
A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections.
The post Legacy Google Service Abused in Phishing Attacks appeared first on SecurityWeek.
Morphing Meerkat Phishing Kits Target Over 100 Brands
A threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages.
The post Morphing Meerkat Phishing Kits Target Over 100 Brands appeared first on SecurityWeek.
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Analysis reveals a 140% increase in browser phishing, including a 130% increase in zero-hour phishing attacks.
The post Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing appeared first on SecurityWeek.
Scareware Combined With Phishing in Attacks Targeting macOS Users
A long-running campaign phishing for credentials through scareware recently switched to targeting macOS users.
The post Scareware Combined With Phishing in Attacks Targeting macOS Users appeared first on SecurityWeek.
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns.
The post Microsoft 365 Targeted in New Phishing, Account Takeover Attacks appeared first on SecurityWeek.
Microsoft Warns of Hospitality Sector Attacks Involving ClickFix
A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering.
The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared first on SecurityWeek.