Hackread reports that Microsoft has been spoofed in 25% of all phishing intrusions between April and June, making it the most phished brand during the second quarter.
Russian-linked threat groups UTA0352 and UTA0355 have been abusing Microsoft 365's OAuth workflows to compromise non-profit organizations' Microsoft accounts as part of targeted phishing intrusions, according to Infosecurity Magazine.
Cyber Security News reports that weaponized .LNK files have been used to facilitate the distribution of the DeerStealer malware as part of a novel phishing campaign.
Five popular JavaScript libraries, including the 'eslint-config-prettier' npm package, have been compromised to become malware droppers following a supply chain intrusion stemming from the successful phishing of their maintainer JounQin, BleepingComputer reports.
Officials at Nebraska's Broken Bow Public Schools have reported the school district losing $1.8 million following a phishing intrusion that exploited an ongoing construction project, according to Cybernews.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
