Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they use, and incorporating QR codes, which is becoming a new favorite way to deliver malicious content. This article describes some of the recently observed threat actor tactics as well as some tips for staying safe.
Read more…
Source: Water ISAC
Related:
- A critical Docker Desktop security flaw puts Windows hosts at risk of attack – patch now
August 26, 2025
Docker has patched a critical severity vulnerability in its Desktop app for Windows and macOS which could have allowed threat actors to fully take over vulnerable hosts, exfiltrate sensitive data, and more. The vulnerability is described as a server-side request forgery (SSRF) and, according to the NVD, it “allows local running Linux containers to access the ...
- All Apple users should update after company patches zero-day vulnerability in all platforms
August 21, 2025
Apple has released security updates for iPhones, iPads and Macs to fix a zero-day vulnerability (a vulnerability which Apple was previously unaware of) that is reportedly being used in targeted attacks. Apple has acknowledged reports that attackers may have already used this flaw in a highly sophisticated operation aimed at specific, high‑value targets. But history teaches ...
- Commvault Releases Security Updates to Address Multiple Vulnerabilities
August 21, 2025
Commvault has released security advisories to address 4 vulnerabilities in Commvault Windows and Linux. Security researchers have demonstrated the ability for these vulnerabilities to be chained together by an unauthenticated remote attacker to perform remote code execution on the Commvault server. CVE-2025-57788 – Unauthorized API Access Risk CVSSv4 6.9 CVE-2025-57789 – Vulnerability in Initial Administrator Login Process CVSSv4 ...
- Cisco warns of worrying major security flaw in firewall command center – patch now
August 18, 2025
Cisco recently fixed a maximum-severity vulnerability in its Secure Firewall Management Center (FMC) product, and urged users to apply either the patch, or the mitigation, as soon as possible. FMC is a centralized platform for configuring, monitoring, and analyzing Cisco Secure Firewalls, where users can manage policies, track threat intelligence, and monitor their deployments across endpoints. ...
- New trends in phishing and scams: How AI and social media are changing the game
August 13, 2025
Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events: anything to lure in their next victim. Since our last publication on phishing tactics, there ...
- FBI: Fictitious Law Firms Targeting Cryptocurrency Scam Victims Combine Multiple Exploitation Tactics While Offering to Recover Funds
August 13, 2025
This updated advisory provides additional red flag indicators and due diligence measures to help victims who have been in contact with fictitious law firms conducting this fraudulent activity. This scheme combines a number of exploitation tactics including targeting vulnerable populations, particularly the elderly; exploiting victims’ emotional state and financial need to recover funds from a previous ...