Just as security professionals will tell you that layered defensive strategies are the best when it comes to staving off successful attacks, so attackers will often look to precisely the same when executing their cyber attacks.
Two-step phishing attacks have, in the words of security researchers from Perception Point, “become a cornerstone of modern cybercrime,” leveraging trusted platforms “to deliver malicious content in layers to evade detection.” Everything changes, but everything stays the same.
Read more…
Source: Forbes News
Related:
- Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
April 15, 2026
The Swedish government said Russian government-linked hackers attempted to disrupt the operations at one of the country’s thermal power plants last year. Sweden said that, while the hackers were unsuccessful, hybrid attacks that extend beyond cyberspace are becoming more dangerous. Sweden’s minister of civil defense, Carl-Oskar Bohlin, said during a press conference on Wednesday that the ...
- Omnistealer uses the blockchain to steal everything it can
April 14, 2026
A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users. It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download location, like Google docs, OneDrive, GitHub, npm, PyPI, and ...
- Patch Tuesday – April 2026
April 14, 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser ...
- Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
April 13, 2026
Crooks are exploiting four Microsoft vulnerabilities – one patched 14 years ago and another tied to ransomware activity – according to America’s lead cyber-defense agency, which on Monday gave federal agencies two weeks to patch them. The four vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on Monday are: CVE-2025-60710, a link-following vulnerability in Windows ...
- Booking.com confirms hackers accessed customers’ data
April 13, 2026
Booking.com confirmed Monday that hackers may have accessed customers’ personal data, including names, email addresses, phone numbers, and booking details. The global travel and hotel reservation giant notified customers this past week of the breach, according to several online posts. “We’re writing to inform you that unauthorized third parties may have been able to access certain ...
- JanelaRAT: A financial threat targeting users in Latin America
April 13, 2026
JanelaRAT is a malware family that takes its name from the Portuguese word “janela” which means “window”. JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has targeted users since June 2023. One of the key differences between ...