-
Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New research from Zimperium reveals four active Android malware campaigns, RecruitRat, SaferRat, Astrinox, and Massiv, targeting over 800 banking apps globally.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple approved a fake Ledger Live app on its App Store, allowing scammers to steal $9.5 million from more than 50 users. Did you install this app?
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
UNC6783 hackers and extortionists impersonate support staff, using fake Okta login pages and social engineering to access corporate systems and steal sensitive data.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Netskope Threat Labs report a new ClickFix attack using fake CAPTCHAs to deploy Tor-backed NodeJS malware and drain crypto wallets on Windows.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
