A threat actor named DarkHydrus that is relatively new to the scene relies on open-source tools for spear-phishing attacks designed to steal credentials from government and educational institutions in the Middle East.
Malware distributors, hackers, and phishing scammers are continuing to use the practice of hiding login forms for their web shells in fake HTTP error documents. These pages pretend to be HTTP errors such as 404 Not Found or Forbidden, while in reality they are login pages that allow an attacker to issues commands on the server.
Cyrillic (Russian alphabet) characters are the most common characters used in IDN homograph attacks, according to research published last month by Farsight Security.
A hacker has breached a Hola VPN developer account and has replaced the official Chrome extension with one that redirected users of the MyEtherWallet.com website to a phishing page controlled by the attacker.
The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend.
Cyber-criminals are currently using a trick that allows them to bypass Microsoft's security filters and deliver spam and phishing emails to Office 365 email accounts.
Despite their leader's arrest in Spain two months ago, the Cobalt hacker group that's specialized in stealing money from banks and financial institutions has remained active, even launching a new campaign.
There really is no honor among thieves. I recently found a phishing scheme that contains a list of names that are associated with other scams that the recipient should avoid.
Phishing threats are currently targeting your credentials for Apple, Facebook, Gmail, and more. In this roundup we detail some of the current Phishing threats active on the Internet.
Facebook has updated a phishing detection toolkit it developed two years ago. The update now allows webmasters who sign up for the tool to detect homograph (Unicode-based lookalike) domains created for their websites.
A new phishing email scam is under way that pretends to be from a company's human resources (HR) department and requests that the recipient read and acknowledge an attached "Rules of Conduct" document. This document, though, prompts you to login at a fake Office 365 login prompt, which is used to steal your credentials.
The group of Iranian hackers the US charged last week with hacking over 300 universities across the globe were actually master phishers astute at their craft, so much so that they used the same phishing lure for years without needing to change it.
Google rolled out today new security features for G Suite, its collection of enterprise, cloud computing, productivity, and collaboration tools.
Binance, one of the largest cryptocurrency exchanges on the Internet, said today that hackers and a well-executed phishing campaign are to blame for the Bitcoin sell-offs from yesterday's afternoon.
A new Android malware strain can phish Facebook user credentials and then log into accounts to harvest account details, and even search and collect results using the Facebook app's search functionality.
A Ukrainian cybercrime operation has made an estimated $50 million by using Google AdWords to lure users on Bitcoin phishing sites.
A clever hacker made off with nearly $4 million worth of IOTA cryptocurrency after patiently setting up an elaborate phishing site for almost half a year.
Facebook launched a new feature yesterday that will help account owners detect phishing attacks against their Facebook profile.
New research published yesterday reveals that putting your trust in Extended Validation ("EV") SSL certificates will not safeguard you from phishing sites and online fraud.
It was only natural that the Internet's cyber-criminal element would turn its gaze towards the Bitcoin ecosystem after the cryptocurrency's price has surged from $11,000 on Monday to almost $17,500 earlier today.