Skip to main content

Security News

Filter by:

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. [...]
Bleepingcomputer 16 Mar 2025 61 Views

ClickFix: How to Infect Your PC in Three Easy Steps

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft...
Krebs on Security 15 Mar 2025 43 Views

ClickFix attack delivers infostealers, RATs in fake Booking.com emails

Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. [...]
Bleepingcomputer 13 Mar 2025 279 Views

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant's threat intelligence team said...
The Hacker News 13 Mar 2025 85 Views

Apple patches 0-day exploited in “extremely sophisticated attack”

-day exploited by maliciously crafted Web content to break out of security sandbox.
Ars Technica 12 Mar 2025 229 Views

The Badbox botnet is back, powered by up to a million backdoored Androids

Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort Human Security’s Satori research team says it has found a new variant of the remote-controllable Badbox malware, and as...
The Register 8 Mar 2025 1502 Views

'EncryptHub' OPSEC Failures Reveal TTPs & Big Plans

Is EncryptHub the most prolific cybercriminal in recent history? Or, as new information suggests, a bumbling amateur?
Dark Reading 7 Mar 2025 4344 Views

Microsoft says malvertising campaign impacted 1 million PCs

​Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. [...]
Bleepingcomputer 7 Mar 2025 941 Views

Open-source tool 'Rayhunter' helps users detect Stingray attacks

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...]
Bleepingcomputer 6 Mar 2025 1209 Views

Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware

New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks.
Bleeping Computer 5 Mar 2025 1339 Views