Major industrial enterprises across Russia have been subjected to phishing intrusions spreading the Batavia spyware as part of a cyberespionage campaign that has been ongoing since July 2024, with attacks escalating even further since March, Security Affairs reports.
Spain's top-level domain has become the third most prevalently used domain in phishing campaigns after intrusions originating from the .es TLD increasing by 19-fold between the last quarter of 2024 and the first quarter of 2025, reports The Register.
Attackers have also used Vercel's infrastructure for hosting logos of the spoofed companies and other resources, according to a report from Okta Threat Intelligence researchers.
Attacks part of the campaign, which was initially discovered by Mexican journalist Ignacio Gomez Villaseñor in May, involved malicious websites with fraudulent checkout pages and scraped product listings that facilitate the exfiltration of card data, a report from Silent Push showed.
Malicious QR code phishing emails with PDF attachments have been leveraged to trick victims into entering a phone call with the attacker purporting to be a customer service representative who coaxes sensitive information disclosures or malware installation, according to an analysis from Cisco Talos.
BleepingComputer reports that threat actors could facilitate covert malicious script execution by using a new variant of the FileFix attack technique, which entails the abuse of browsers' management of saved HTML pages.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.