Cisco's Talos threat intelligence report found that attackers are increasingly using AI tools to boost their phishing attacks, which is the most common initial access method by hackers in the first quarter of 2026, reports Cybersecurity Dive.
North Korean threat operation HexagonalRodent, which is associated with the state-backed Famous Chollima, has exfiltrated up to $12 million worth of cryptocurrency from Web3 developers between January and March, according to The Record, a news site by cybersecurity firm Recorded Future.
Multiple web browsers, browser extensions, and cryptocurrency wallets could have their stored credentials and live session cookies compromised by a new AppleScript-based information-stealing malware spread in a macOS-targeted ClickFix campaign, reports The Register.
Threat actors have been exploiting Microsoft Teams and Quick Assist to remotely compromise systems as part of a new helpdesk impersonation campaign, Cyber Security News reports.
Organizations in multiple South American countries, Bosnia, Croatia, Greece, Slovenia, and Spain have had their Windows systems stealthily infected with the Formbook information-stealing malware in a pair of phishing campaigns, reports Infosecurity Magazine.
Last month's takedown of over 300 active domains used by the Tycoon 2FA phishing-as-a-service platform, which was once the most prolific PhaaS kit, has prompted threat actors to transfer to the Mamba 2FA, Sneaky 2FA, and EvilProxy platforms that have since integrated Tycoon 2FA's tools, according to SecurityWeek.
