These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection.

CISA, on Thursday urged organizations, internet service providers, and security firms to strengthen defenses against so-called fast flux attacks. Malicious cyber actors use fast flux to obfuscate the locations of malicious servers.

A large number of phishing campaigns emerged in the aftermath of the Bybit heist, designed to siphon cryptocurrency from its customers. There were instances of popular crypto keywords, and the use of free hosting and subdomain registration services.

A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the abuse of Cloudflare services and Telegram for malicious purposes.

Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically that the malware infection can also lead to ransomware attacks.

A new threat assessment by the Danish Social Security Agency warns that nation-state hackers have an extensive technical understanding of the telecommunications sector’s infrastructure and protocols in cyberattacks against the industry abroad.

As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.

U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.

A new open-source tool named 'Chirp' transmits data between computers (and smartphones) through different audio tones. Other microphone-equipped computers running Chirp may capture the sound and translate the message back into text.

US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day.