Multifactor authentication Security operations In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge.
Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank account attached to them, which can lessen scrutiny of their potentially suspicious use in some cases and present cybercriminals with a different type of payment card surface to study and exploit. Microsoft has seen an uptick in activity from threat actor group Storm-0539, also known as Atlas Lion, around the United States holidays, including Memorial Day, Labor Day, Thanksgiving, Black Friday, and Christmas.
Read more…
Source: Microsoft
Related:
- RondoDox botnet linked to large-scale exploit of critical HPE OneView bug
January 16, 2026
A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet. The security outfit says it has identified “large-scale exploitation” of CVE-2025-37164, a maximum-severity remote code execution bug in HPE’s data center management platform. Check Point has tied the activity to RondoDox, a Linux-based botnet ...
- German police add Black Basta boss to EU most-wanted list
January 16, 2026
German cops have added Russian national Oleg Evgenievich Nefekov to their list of most-wanted criminals for his services to ransomware. Nefekov, 35, is accused of spearheading the Black Basta ransomware operation, which suffered a similar fate as Conti last year – ceasing activity after a major internal leak. His name and face also now appear ...
- Cisco has finally patched a maximum-level security issue
January 16, 2026
A maximum-severity vulnerability in certain Cisco products has finally been addressed after allegedly being exploited by Chinese hackers for several weeks. In mid-December 2025, the networking giant disclosed a remote code execution (RCE) vulnerability in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. It tracked the flaw as CVE-2025-20393 ...
- DeadLock Ransomware: Smart Contracts for Malicious Purposes
January 15, 2026
DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of ...
- Microsoft disrupts global cybercrime subscription service responsible for millions in fraud losses
January 14, 2026
Today, Microsoft is announcing a coordinated legal action in the United States and, for the first time, the United Kingdom to disrupt RedVDS, a global cybercrime subscription service fueling millions in fraud losses. These efforts are part of a broader joint operation with international law enforcement, including German authorities and Europol, which has allowed Microsoft and ...
- Phishing scammers are posting fake “account restricted” comments on LinkedIn
January 14, 2026
Recently, fake LinkedIn profiles have started posting comment replies claiming that a user has “engaged in activities that are not in compliance” with LinkedIn’s policies and that their account has been “temporarily restricted” until they submit an appeal through a specified link in the comment. The accounts posting the comments all try to look like official ...