They can intercept user credentials while providing real-time context that helps attackers convince victims to approve MFA challenges during phone calls..

The post Okta Uncovers Custom Phishing Kits Built for Vishing Callers appeared first on TechRepublic.

They can intercept user credentials while providing real-time context that helps attackers convince victims to approve MFA challenges during phone calls..

The post Okta Uncovers Custom Phishing Kits Built for Vishing Callers appeared first on TechRepublic.

Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks.

The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek.

Let's get something out of the way: retrospectives can feel a bit like mandatory fun. Someone gathers up the year's events, packages them into neat categories, and delivers "key takeaways" that land somewhere between obvious and forgettable. This is not that.

The post The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work appeared first on Security Boulevard.

A widespread phishing campaign is targeting LinkedIn users by posting comments on users’ posts, BleepingComputer reports.

Threat actors are using bots to post the comments, which impersonate LinkedIn itself and inform the user that their account has been restricted due to policy violations. The comments contain links to supposedly allow the user to appeal the restriction.

That LinkedIn message pretending to be job offer could just be malwre.

A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the brand while leveraging free hosting services and Telegram bots to exfiltrate data in real time. […]

The post PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The campaign targets customers with urgent "maintenance" alerts designed to steal master passwords within hours.

The post LastPass Warns of Phishing Campaign Targeting Its Customers appeared first on TechRepublic.

The campaign targets customers with urgent "maintenance" alerts designed to steal master passwords within hours.

The post LastPass Warns of Phishing Campaign Targeting Its Customers appeared first on TechRepublic.

Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success.

The post LastPass Users Targeted With Backup-Themed Phishing Emails appeared first on SecurityWeek.

Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications.

Researchers have found a new spying campaign using news about Venezuela to trick US government officials. Learn how the LOTUSLITE virus sneaks into computers to steal secrets.

In a report a week before its Davos conference, the World Economic Foundation said 64% world business leaders are most worried about cyber fraud, replacing ransomware at their top concern. AI vulnerabilities also ranked high, as did threats fueled by geopolitics. The group argued that a coordinated approach to cybersecurity is needed.

The post Cyber Fraud, Not Ransomware, is Now Businesses’ Top Security Concern appeared first on Security Boulevard.

Hackread.com exclusive: Scammers are using verified PayPal invoices to launch callback phishing attacks. Learn how the "Alexzander" invoice bypasses Google filters.

A new Arcjet SDK lets Python teams embed bot protection, rate limiting, and abuse prevention directly into application code.

The post Arcjet Python SDK Sinks Teeth Into Application-Layer Security  appeared first on Security Boulevard.

A sophisticated phishing campaign impersonating WhatsApp Web uses fake meeting links and QR codes to hijack accounts and enable real-time surveillance.

The post This WhatsApp Link Can Hand Over Your Account in Seconds appeared first on TechRepublic.

A sophisticated phishing campaign impersonating WhatsApp Web uses fake meeting links and QR codes to hijack accounts and enable real-time surveillance.

The post This WhatsApp Link Can Hand Over Your Account in Seconds appeared first on TechRepublic.

Microsoft was the most commonly impersonated brand in phishing attacks during the fourth quarter of 2025, according to researchers at Guardio. Microsoft was followed by Facebook, Roblox, McAfee, Steam, AT&T, Amazon, Google, Yahoo, and Coinbase.

Researchers at RavenMail warn that a major phishing campaign targeted more than 3,000 organizations last month, primarily in the manufacturing industry.

Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations.