Phishing

Research underscores that many systems remain unpatched and are vulnerable to bugs that were patched several years ago.

Four ways security teams can mitigate open redirect attacks.

Malicious emails purporting to be invoices that contain ZIP attachments have been delivered to facilitate the execution of a WebDAV-retrieved DLL that loads the updated Strela Stealer variant.

The U.S. Department of Justice announced that Nigerian hacker Kolade Akinwale Ojelade has been sentenced to more than 26 years imprisonment for his involvement in a massive phishing scam against real estate businesses that resulted in the theft of $12 million.

Most recent evidence of ramping EDR exploitation was a posting of "high-quality" .gov emails, including U.S. credentials, on a hacking forum in August, with the known threat actor offering guidance on EDRs and the sale of legitimate subpoena documents to impersonate law enforcement.

Researchers say they’ve seen continued reports of these automated email campaigns on the DocuSign community forums for the past five months.

Using the 'topmarinelogistics.com' domain, threat actors spoofing OpenAI Payments sent more than 1,000 phishing emails warning of unsuccessful ChatGPT subscription payments that lured targets into clicking a link for updating payment details, which redirected to a fraudulent OpenAI login page on the 'fnjrolpa.com' domain, which has since been taken offline.