At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity’s most urgent realities: compromised credentials aren’t a possibility — they’re a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren’t “breaking in” anymore… they’re logging in. Michael...
Hackread reports that Microsoft 365 users have been subjected to a novel phishing campaign that exploits Discord CDN links to facilitate the distribution of the Atera and Splashtop remote monitoring management tools under the guise of a fake OneDrive attachment.
Hackread reports that threat actors have been exploiting Microsoft 365's Direct Send feature, which is originally meant to expedite fax and scan deliveries to email addresses, to facilitate a phishing campaign that involves malicious internal-looking emails.
Hackread reports that malicious actors have begun using malicious Windows shortcut files to distribute the Remcos RAT malware as part of a new attack campaign.
Users of the Python Package Index repository are being targeted by an ongoing phishing scheme redirecting to fraudulent PyPI sites that facilitate credential pilfering activities, The Hacker News reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.