callback phishing
-
Unicode homoglyph phishing campaign uses Japanese character to spoof Booking.com, delivering MSI malware
Security researchers warn of a phishing campaign that uses the Japanese character ん to visually imitate Booking.com in order to redirect users to a lookalike domain and deliver MSI malware; a separate Lntuit/Intuit-themed campaign is also observed, underscoring the evolving use of homoglyphs in brand impersonation and malware delivery.
-
PhantomCard Android Trojan Uses NFC Relay to Enable Fraudulent Banking Transactions in Brazil
Authorities warn of PhantomCard, a new Android trojan that uses NFC relay technology to siphon card data and complete fraudulent banking transactions in Brazil. Distributed via fake card-protection apps on phishing pages, the threat is linked to a broader ecosystem of NFC fraud tools and a network of threat actors, underscoring rising global risk to…
-
Connex Credit Union Faces Data Breach Affecting Over 172,000 Members
Connex Credit Union has disclosed a data breach affecting over 172,000 members, revealing unauthorized access to personal and financial information, while warning members about potential phishing scams.
-
Pandora Confirms Customer Data Breach Amid Cyber Attack
Pandora has confirmed a cyber attack that compromised certain customer data via a third-party vendor. While no financial information was accessed, exposed details include names and email addresses. Experts warn of potential phishing scams targeting affected customers. The company has since reinforced its security measures and advised customers to remain vigilant against suspicious communications.
-
Mozilla Alerts Developers to Phishing Threats Targeting Add-On Accounts
Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its AMO repository, urging them to exercise caution and verify the authenticity of emails claiming to be from the organization.
-
Experts Warn of New Phishing Threats Exploiting Link Wrapping Services
Cybersecurity experts have identified a new phishing campaign that exploits link wrapping services from leading vendors to conceal malicious links, significantly raising the risk of successful attacks. The tactics involve sophisticated methods of masking URLs, allowing threat actors to redirect victims to fraudulent pages designed to capture sensitive information.
-
Supply Chain Attack Targets Popular npm Packages with Malware Injection
A supply chain attack has compromised several popular npm packages, with researchers warning that malicious code injected through phishing campaigns could exploit maintainers’ credentials, leading to potential remote code execution.
-
New Vulnerability Found in Google Gemini: Hidden Phishing Attacks Possible
A new vulnerability in Google Gemini could allow attackers to generate seemingly legitimate email summaries that contain hidden phishing instructions. Experts urge organizations to adopt enhanced security measures to counter this threat.
-
Security Flaw in Google’s Gemini Could Facilitate Phishing Attacks
A newly discovered security flaw in Google’s Gemini for Workspace may enable phishing attacks through deceptive email summaries. Researchers warn that invisible directives can be injected into emails, leading Gemini to generate misleading content. While Google is reinforcing its defenses, users are advised to remain cautious.
-
Massive Phishing Scam Targets Online Shoppers Worldwide with Fake E-commerce Sites
A significant phishing scam originating from China has created numerous fake e-commerce websites that impersonate well-known brands, aiming to steal sensitive financial information from online shoppers worldwide. Cybersecurity firm Silent Push exposes this operation, urging consumers to be cautious and aware of the ongoing threat.
