Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they use, and incorporating QR codes, which is becoming a new favorite way to deliver malicious content. This article describes some of the recently observed threat actor tactics as well as some tips for staying safe.
Read more…
Source: Water ISAC
Related:
- Cisco Releases May 2025 IOS XE Software Security Advisory Bundled Publication
May 8, 2025
Cisco has released 20 security advisories that describe 26 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco IOS (internetwork operating system) is the operating system used on Networking devices. Cisco IOS XE is a modular version of that operating system, used on newer enterprise networking devices. Cisco has released software updates that ...
- Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
May 7, 2025
In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances (SMA 200, 210, 400, 410, 500v). These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities to make a sensitive system directory writable, ...
- Proof-of-Concept Released for SysAid On-Premise
May 7, 2025
In March 2025, SysAid released updates addressing XML (extensible markup language) external entity vulnerabilities and an OS command injection vulnerability in its on-premise platform. SysAid is an IT service management platform. Cyber Security firm watchTowr Labs has released proof-of-concept exploit code for four vulnerabilities, which were addressed in SysAid’s March 2025 release. The first two vulnerabilities, ...
- Android fixes 47 vulnerabilities, including one zero-day – update as soon as you can!
May 6, 2025
Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. The May updates are available for Android 13, 14, and 15. Android vendors are notified of ...
- MicroDicom Releases DICOM Viewer Software Update
May 6, 2025
The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability found in MicroDicom DICOM Viewer. DICOM Viewer is an application for primary processing and preservation of medical images in DICOM format. CVE-2025-35975 has a CVSSv3 base score of 8.8 and is an ‘out-of-bounds write’ vulnerability, which means ...
- Email Attacks Drive Record Cybercrime Losses in 2024
May 1, 2025
The FBI’s Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Report. And it has revealed a record-breaking surge in cybercrime losses across the United States. Last year, total losses reached $16.6 billion, which is a 33% increase from the previous year. Email continues to be the most exploited attack vector, with cybercriminals using ...