Tag: social engineering
-
Microsoft Security Blog: Investigating targeted “payroll pirate” attacks affecting US universities
Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/ Source: Microsoft Security Blog Title: Investigating targeted “payroll pirate” attacks affecting US universities Feedly Summary: Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed…
-
Slashdot: Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach
Source URL: https://yro.slashdot.org/story/25/10/08/208202/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach Feedly Summary: AI Summary and Description: Yes Summary: Salesforce is facing an extortion demand from a crime syndicate that claims to have stolen approximately 1 billion records from various customers, highlighting vulnerabilities in user compliance and security…
-
Krebs on Security: ShinyHunters Wage Broad Corporate Extortion Spree
Source URL: https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ Source: Krebs on Security Title: ShinyHunters Wage Broad Corporate Extortion Spree Feedly Summary: A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they…
-
Slashdot: Are Software Registries Inherently Insecure?
Source URL: https://developers.slashdot.org/story/25/10/05/2318202/are-software-registries-inherently-insecure?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Are Software Registries Inherently Insecure? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the persistent issues related to software supply chain attacks, emphasizing weaknesses in the design of software registries like npm, PyPI, and Docker Hub. It highlights how inadequate safeguards allowed for multiple registry breaches…
-
The Register: Subpoena tracking platform blames outage on AWS social engineering attack
Source URL: https://www.theregister.com/2025/10/02/subpoena_tracking_platform_outage_blamed/ Source: The Register Title: Subpoena tracking platform blames outage on AWS social engineering attack Feedly Summary: Software maker Kodex said its domain registrar fell for a fraudulent legal order A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after…
-
Cloud Blog: Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations/ Source: Cloud Blog Title: Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations Feedly Summary: Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al Background Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing…
-
The Register: New string of phishing attacks targets Python developers
Source URL: https://www.theregister.com/2025/09/24/pypi_phishing_attacks/ Source: The Register Title: New string of phishing attacks targets Python developers Feedly Summary: If you recently got an email asking you to verify your credentials to a PyPI site, better change that password The Python Software Foundation warned users of a new string of phishing attacks using a phony Python Package…
-
Krebs on Security: Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
Source URL: https://krebsonsecurity.com/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/ Source: Krebs on Security Title: Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms Feedly Summary: U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom…
-
The Register: ‘FileFix’ attacks use fake Facebook security alerts to trick victims into running infostealers
Source URL: https://www.theregister.com/2025/09/16/filefix_attacks_facebook_security_alert/ Source: The Register Title: ‘FileFix’ attacks use fake Facebook security alerts to trick victims into running infostealers Feedly Summary: Tech evolved from PoC to global campaign in under two months An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.……
-
The Register: Nork snoops whip up fake South Korean military ID with help from ChatGPT
Source URL: https://www.theregister.com/2025/09/15/north_korea_chatgpt_fake_id/ Source: The Register Title: Nork snoops whip up fake South Korean military ID with help from ChatGPT Feedly Summary: Kimsuky gang proves that with the right wording, you can turn generative AI into a counterfeit factory North Korean spies used ChatGPT to generate a fake military ID for use in an espionage…