Phishing

All that phishing training you have to go through barely moves the needle in making your organization safer, two researchers said at the Black Hat security conference.

The attackers gained unauthorized access through voice phishing, convincing employees to authorize a malicious connected application in Salesforce.

The report reveals a nine percent decrease in the global average cost of a data breach, attributed to faster containment through AI-powered defenses.

Cisco had its website's user data pilfered following the compromise of its third-party customer relationship management system stemming from a vishing attack against one of its representatives, according to SecurityWeek.

Massive US payment card compromise facilitated by Chinese smishing operations The U.S. had 12.7 million to 115 million payment cards compromised in Chinese smishing campaigns involving digital wallet tokenization exploits from July 2023 to October 2024, leading to financial losses in the billions of dollars, Infosecurity Magazine reports.

Hackread reports that Microsoft 365 users have been subjected to a novel phishing campaign that exploits Discord CDN links to facilitate the distribution of the Atera and Splashtop remote monitoring management tools under the guise of a fake OneDrive attachment.

More than 15,000 fraudulent websites impersonating TikTok Shop have been leveraged to facilitate the deployment of information- and cryptocurrency-stealing malware, as well as spyware, as part of the global ClickTok scam campaign, Cybernews reports.

Threat actors have been looking to compromise Mozilla Firefox developers as part of an active phishing campaign, The Register reports.