Threat actors have been able to deploy stealthier QR code phishing campaigns by using HTML tables, instead of image attachments, for illicit QR code generation, reports Cybernews.
Microsoft leads phishing impersonation rankings in Q4 Microsoft has become the most spoofed brand in phishing intrusions during the last quarter of 2025, surpassing Facebook, which previously led the rankings, reports Cybernews.
Cyber Security News reports that WordPress administrators have been targeted with fraudulent domain renewal emails to facilitate the compromise of credit card data and two-factor authentication codes as part of a new phishing campaign.
The UAC-0184 group, also known as Hive0156, launched a campaign against Ukraine's Verkhovna Rada, exploiting sensitive themes such as changes to military personnel files and denied compensation for fallen soldiers.
Increasingly active phishing groups and escalating cybercrime-as-a-service operations have fueled cyber extortion, with Orange Cyberdefense noting that the number of victims has risen by 45% from October 2024 to September 2025, Infosecurity Magazine reports.
Over two dozen illicit npm packages power targeted spear-phishing campaign Manufacturing, industrial automation, healthcare, and plastics organizations in the U.S. and other Allied nations have had their sales and commercial personnel's credentials targeted in a spear-phishing campaign involving 27 malicious npm packages for at least five months, according to The Hacker News.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
