Phishing

Campaigns lure victims with rewards in exchange for handing over their personal information.

The malicious service is advertised to evade detection and closely mimic a real login page.

Generative artificial intelligence has been added to the Darcula phishing-as-a-service toolkit to enable the creation of phishing forms in several languages just months after the PhaaS platform was updated to facilitate website cloning without much difficulty, The Hacker News reports.

Brains, Scams, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet, and more on the Security Weekly News.

In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story a...

BleepingComputer reports that Google was discovered by Ethereum Name Service lead developer Nick Johnson to have had an OAuth vulnerability leveraged to facilitate the delivery of a bogus email purporting to be a security alert from the company with a valid DomainKeys Identified Mail authentication key as part of a DKIM replay phishing intrusion.

Massive ongoing US toll fraud underpinned by Chinese smishing kit Numerous threat actors have been leveraging an SMS phishing kit developed by Chinese threat actor "Wang Duo Yu" to conduct a widespread smishing attack campaign against toll road users across several U.S. states that has been underway since October, The Hacker News reports.

The FBI has warned that cybercriminals have been masquerading as Internet Crime Complaint Center employees assisting in the recovery of pilfered funds to compromise financial details from victims of fraud as part of an ongoing scam campaign, Cybernews reports.