Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they use, and incorporating QR codes, which is becoming a new favorite way to deliver malicious content. This article describes some of the recently observed threat actor tactics as well as some tips for staying safe.
Read more…
Source: Water ISAC
Related:
- Fortinet Releases Security Updates for FortiOS and FortiGate
April 11, 2025
Fortinet has released security updates for FortiOS to mitigate novel post-exploitation activity observed against FortiGate devices. The disclosure details a new persistence technique used by an attacker, in conjunction with known vulnerabilities, to maintain read-only access to FortiGate devices through the use of symbolic links even after the initial access vector has been remediated. Fortinet has ...
- Patch Tuesday – April 2025
April 9, 2025
Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them ...
- Google fixes two actively exploited zero-day vulnerabilities in Android
April 8, 2025
Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published. The term reflects the amount of time that a vulnerable organization ...
- 2025 Ransomware: Business as Usual, Business is Booming
April 8, 2025
Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware. The data highlights ...
- QR codes sent in attachments are the new favorite for phishers
April 3, 2025
Recently Malwarebytes Labs researchers have been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercriminals might want ...
- Criminal Actors Steal US Taxpayer Identity to File False Tax Returns and Claim Refunds
April 2, 2025
The FBI is warning the public about criminal actors stealing US taxpayer identities to file false tax returns and fraudulently claim refunds. The FBI’s Internet Crime Complaint Center (IC3) has received over 1,000 complaints about identity theft in connection with tax returns within the past year representing a 26% increase from the previous year. Stolen ...