Advertisement
ChatGPT ChatGPhish Vulnerability: Web Summaries Lead to Phishing
A newly disclosed ChatGPhish vulnerability allows attackers to leverage ChatGPT's Markdown trust for prompt injections and sophisticated phishing campaigns.
FBI Warning: Fake FIFA World Cup Sites Target Fans with Fraud
FBI warns of fraudulent websites impersonating FIFA for the 2026 World Cup, engaging in data theft, fake ticket sales, and hospitality scams.
ACR Stealer Distributed via Fake Claude AI Desktop Site
Threat actors are distributing ACR Stealer malware through a fraudulent Claude AI desktop application site, targeting browser credentials and crypto wallets.
Analyzing Microsoft Access VBA Macros for Malware Detection
Learn how threat actors use Microsoft Access .accdb files to execute malicious VBA code and how to analyze these OLE streams for incident response.
Ghostwriter Targets Ukraine Government with Prometheus Phishing
Belarus-aligned Ghostwriter (UAC-0057) targets Ukrainian government entities with Prometheus-themed phishing emails to deploy sophisticated malware. Learn detection and
Interpol Operation Ramz: Strengthening MENA Region Cyber Defense
Interpol's Operation Ramz highlights increased law enforcement collaboration in the Middle East to dismantle phishing and ransomware infrastructure.
SHub Reaper Stealer Backdoors macOS via Spoofed Apps
SHub Reaper stealer targets macOS, using fake Google, Microsoft, Apple, WeChat, and Miro installers for Apple script-based execution and backdooring.
SHub macOS Infostealer Spoofs Apple Security Updates, Installs Backdoor
A new SHub macOS infostealer variant employs fake Apple security update prompts via AppleScript to install a backdoor, threatening user data and system integrity.
Ghostwriter Targets Ukraine with Geofenced PDF Phishing & Cobalt Strike
Ghostwriter (UAC-0057) leverages geofenced PDF phishing to deliver Cobalt Strike against Ukrainian government entities, combining espionage and influence.
Google Ads Phishing Campaign Targets GoDaddy ManageWP Users
A persistent phishing campaign leverages malicious Google Ads to steal GoDaddy ManageWP credentials, risking extensive WordPress site compromises.
Stealthy Phishing Abuses ConnectWise ScreenConnect, AnyDesk RMM
Attackers leverage legitimate RMM tools like ConnectWise ScreenConnect and AnyDesk in a sophisticated phishing campaign, impacting over 80 organizations and evading
Amazon SES Phishing Abuse: Evading Security Filters via AWS Infrastructure
Threat actors are increasingly exploiting Amazon Simple Email Service (SES) to bypass email security filters by leveraging high-reputation AWS domains.