SlashNext threat researchers have identified a new #phishing kit called Astaroth that bypasses 2FA through session hijacking and real-time credential interception. Read more details on the blog:

The shut down of 39 cybercrime domains linked to #HeartSender is a win worth celebrating – but we know this is a game of Whac-a-Mole. In #cybercrime today, even non-technical criminals can easily purchase and deploy advanced phishing tools.

The release of #DeepSeek has raised questions around #AI security, including how platforms like this are protected against targeted attacks and how these they can be exploited to aid #cyberattacks. @JaytheletterJ shares more insights with @dicedotcom:

AppLite Banker, a sophisticated mobile-targeted #phishing campaign leveraging a #trojan app to steal banking credentials, was the latest major #scam impersonating recruiters to trick people into sharing personal information. Learn more from Security Buzz:

DeepSeek #AI dominated last week’s headlines after experiencing large-scale #cyberattacks. @Cyberscoop highlighted @JaytheletterJ's insight about why the rollout of DeepSeek’s R1 model made the company an attractive target for attackers.

A new #mobile #phishing campaign impersonating the US Postal Service was uncovered last week, highlighting an unprecedented #obfuscation tactic that was used to deliver malicious PDF files that steal credentials and compromise sensitive data. @SecurityMag

As the growing adoption of #AI furthers #security risks, it is easier than ever to successfully execute #3Dphishing scams. CEO @Patrickharr explores the weaponization of AI in his latest @Forbes article:

Last week, SlashNext published #research on Devil-Traff, a new bulk SMS platform driving #phishing campaigns that facilitate large-scale #cyberattacks at low cost. @Tfinitive's Davey Winder reported on the findings here: @happygeek

Did you know employees are entering sensitive security information and code in #GenAI platforms? This practice – while less common than other types of sensitive info pasted into these platforms – puts your security strategy at risk. @DarkReading has more:

The latest adversary-in-the-middle attack you need to know about and how it bypasses 2FA protections to steal M365 credentials. @happygeek shares the details in @forbes:

Our threat researchers expose a new bulk SMS platform called Devil-Traff that is enabling #cyberattackers to send thousands of automated #phishing messages within minutes. Here’s what you need to know:

Field CTO @JaytheletterJ was featured in @CIOInfluence sharing an overview of six unique and sophisticated phishing exploits our researchers discovered in the wild over the last few months. Study up on the latest #phishing techniques employed by attackers:

We must fight #AI with AI. But that doesn’t mean we shouldn’t exercise caution when implementing new AI-based tools and maintaining a careful inventory of what AI tools exist in our organizations. Experts discuss in @TechNewsWorld:

Last week, our #threatresearch team published new findings about #cybercriminals leveraging tactics similar to the #BlackBasta #ransomware gang, targeting 22 user inboxes with nearly 1200 malicious emails in under 90 minutes. Learn more from @Hackread:

Before the presidential term ended, the Biden-Harris Administration introduced a rule to enhance #nationalsecurity and prevent the misuse of advanced #technology like #AI by countries that pose concern to the US. Learn more from @InfosecurityMag here:

Today, SlashNext Researchers published information about a #credentialharvesting tactic targeting #ProtonMail, highlighting how cybercriminals are continuing to expand their reach to exploit a variety of #cloud #applications like #Gravatar. Learn more:

A new #phishing attack utilizing a legitimate PayPal feature highlights how these types of #scams are becoming more clever and sophisticated. @happygeek included @JaytheletterJ's insight about these trends in a recent @Forbes article:

Attackers are using increasingly evasive techniques in #phishing, as evident in the recent account takeover campaign aimed at PayPal users. AI-based security tools can help detect unusual user behaviors and patterns in these messages that other tools miss.

Think before you click! @happygeek reports in @Forbes how users are increasingly clicking on malicious links in emails and reminds us of several specific and immediate threats, including the WordPress plugin our researchers identified, PhishWP:

Unfortunately, incidents of malicious insiders are on the rise and organizations must be extremely diligent in the hiring process and beyond to thwart #InsiderThreats. @JaytheletterJ shares his recommendations with @SecurityWeek: