Security researchers have uncovered a sophisticated malware campaign where cybercriminals are exploiting Cloudflare's free-tier services and TryCloudflare tunneling domains to host malicious WebDAV servers, effectively concealing AsyncRAT attacks behind trusted infrastructure, according to Cyber Press.
The phishing campaign involves bot-like profiles creating comments that falsely claim users have violated LinkedIn's policies and that their accounts are temporarily restricted.
Infosecurity Magazine reports that cyber-enabled fraud has been named by business leaders as their primary cybersecurity concern this year, surpassing ransomware intrusions.
More threat actors have been exploiting the Browser-in-the-Browser attack technique to pilfer Facebook account credentials in phishing intrusions during the last six months, according to BleepingComputer.
The phishing campaign begins with emails impersonating management or HR, referencing October 2025 performance reviews and falsely suggesting potential layoffs.
