Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they use, and incorporating QR codes, which is becoming a new favorite way to deliver malicious content. This article describes some of the recently observed threat actor tactics as well as some tips for staying safe.
Read more…
Source: Water ISAC
Related:
- Tens of thousands more ASUS routers pwned by suspected, evolving China operation
November 19, 2025
Around 50,000 ASUS routers have been compromised in a sophisticated attack that researchers believe may be linked to China, according to findings released today by SecurityScorecard’s STRIKE team. Dubbed “Operation WrtHug”, the campaign exclusively targets end-of-life ASUS WRT routers, exploiting multiple known vulnerabilities – some dating back to 2023. The affected routers are primarily concentrated in ...
- Cloudflare outage impacts thousands, disrupts transit systems, ChatGPT, X and more
November 18, 2025
A widely used Internet infrastructure company said that it has resolved an issue that led to outages impacting users of everything from ChatGPT and the online game, “League of Legends,” to the New Jersey Transit system early Tuesday. Around 10 a.m. ET, Cloudflare said it was “continuing to monitor for errors to ensure all services are ...
- Google Releases Security Update for Chrome
November 18, 2025
Google has released security updates for Chrome to address two high severity vulnerabilities in the V8 JavaScript engine. CVE-2025-13223 – Type Confusion in V8 – High severity – Google is aware an exploit exists in the wild. CVE-2025-13224 – Type Confusion in V8 – High severity Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest ...
- Five major changes to the regulation of cybersecurity in the UK under the Cyber Security and Resilience Bill
November 16, 2025
As the UK Government has recognized, cyber incidents—such as Jaguar Land Rover, Marks and Spencer, Royal Mail and the British Library—are costing UK businesses billions annually and causing severe disruption. The Government recognizes that cybersecurity is a critical enabler of economic growth (“we cannot have growth without stability”), and that the current laws have “fallen out ...
- Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
November 14, 2025
CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated ...
- Threat Landscape of the Building and Construction Sector Part Two: Ransomware
November 14, 2025
The construction sector is increasingly vulnerable to ransomware attacks in 2025 due to its complex ecosystem and distinctive operational challenges. Construction projects typically involve a web of contractors, subcontractors, suppliers, and consultants, collaborating through shared digital platforms and exchanging sensitive documents such as blueprints, contracts, and timelines. While essential for project delivery, this interconnectedness creates numerous ...