Cybercriminals are leveraging LastPass's after-death account handover procedures to trick users into revealing their login credentials. The campaign, linked to the CryptoChameleon group, involves sending fake emails about legacy access requests that redirect victims to phishing sites.

Scammers are now using fake voicemail notifications to trick users into revealing their credentials. These phishing emails often appear legitimate, leading victims to fake login pages or triggering malware downloads.

The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

Cybercriminals are increasingly leveraging Clickfix social engineering tactics and AI in Business Email Compromise (BEC) scams, leading to a 500% surge in Clickfix attacks in early 2025. Mimecast's latest report reveals a shift in tactics that focus on the human element, making phishing and scams harder to detect.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

GlassWorm malware is exploiting the OpenVSX marketplace to target developers, highlighting the risks associated with third-party software repositories. Developers are urged to exercise caution when downloading extensions.

Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.

Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

A phishing campaign is impersonating well-known brands like KFC, Red Bull, and Ferrari to compromise Facebook login details. Malicious emails lead targets to a fake job posting site where they are prompted to enter their credentials.

The latest version of Vidar Stealer, known as Vidar 2.0, employs advanced memory injection techniques to bypass browser encryption and steal login credentials. This update marks a significant evolution in its capabilities, allowing it to efficiently extract sensitive information from multiple browsers.

A new strain of Rust-based malware, dubbed ChaosBot, exploits the Discord platform for its Command and Control operations, embedding malicious activity behind legitimate traffic. Its advanced evasion capabilities pose significant challenges for defenders.

A large-scale intrusion campaign, tracked as REF3927, is exploiting misconfigured Microsoft IIS servers that reuse publicly exposed ASP.NET machine keys. Attackers are deploying malicious modules and webshells to gain control over affected systems.

Cybercriminals are exploiting Microsoft 365's Direct Send feature to bypass security filters and conduct phishing campaigns. This legitimate feature, designed for enterprise convenience, has become a vector for business email compromise attacks, prompting security researchers to raise alarms.

Cybercriminals are evolving their email phishing tactics, utilizing legacy methods combined with advanced techniques to evade security measures. New strategies include the use of QR codes, password-protected attachments, and multi-stage verification chains to compromise victims.

A newly uncovered attack campaign, dubbed Jingle Thief, is targeting global retailers' gift card systems using phishing and smishing techniques. The attackers, believed to be based in Morocco, operate entirely in cloud environments without deploying traditional malware.

Researchers at Koi Security have identified a new cyber threat named GlassWorm that spreads through infected Visual Studio Code extensions. Utilizing invisible Unicode characters, this worm evades detection and employs the Solana blockchain for command-and-control operations.

A recent investigation revealed a critical loophole in Azure applications that allowed hackers to create malicious apps using reserved Microsoft names. This vulnerability enabled attackers to gain unauthorized access and escalate privileges within Microsoft 365 environments, posing significant risks to organizations.