Lucene search
+L

149 matches found

malwarebytes
malwarebytes
added 2026/06/08 3:2 p.m.28 views

Americans lost nearly $900 million to AI-powered scams, FBI says

The 2025 Federal Bureau of Investigation FBI Internet Crime Report shows that Americans reported $893,346,472 in AI‑related scam losses. Those losses stem from 22,364 AI-related complaints. And these figures represent only the reported losses, which may well be the proverbial tip of the iceberg...

5.6AI score
Exploits0
mssecure
mssecure
added 2026/04/30 3:0 p.m.7 views

Email threat landscape: Q1 2026 trends and insights

In this article 1. Tycoon2FA disruption impact 2. QR code phishing attacks 3. CAPTCHA tactics 4. Malicious payloads 5. Business email compromise 6. Defending against email threats 7. Microsoft Defender detections During the first quarter of 2026 January-March, Microsoft Threat Intelligence detect...

6.1AI score
Exploits0
mssecure
mssecure
added 2026/04/30 3:0 p.m.36 views

Email threat landscape: Q1 2026 trends and insights

In this article 1. Tycoon2FA disruption impact 2. QR code phishing attacks 3. CAPTCHA tactics 4. Malicious payloads 5. Business email compromise 6. Defending against email threats 7. Microsoft Defender detections During the first quarter of 2026 January-March, Microsoft Threat Intelligence detect...

5.8AI score
Exploits0
thn
thn
added 2026/04/13 2:46 p.m.5 views

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The U.S. Federal Bureau of Investigation FBI, in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims' account credentials and attempt more...

5.9AI score
Exploits0
talosblog
talosblog
added 2026/04/02 6:0 p.m.7 views

The democratisation of business email compromise fraud

Welcome to this week's edition of the Threat Source newsletter. Last weekend, I witnessed a crime. Not a notable crime that you might read about in the press, but an unremarkable fraud attempt that nevertheless illustrates how new threat actor capabilities are emerging. I imagine that most people...

10CVSS7.3AI score0.99562EPSS
Exploits376
mssecure
mssecure
added 2026/01/22 5:14 a.m.8 views

Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint

Microsoft Defender Researchers uncovered a multi‑stage adversary‑in‑the‑middle AiTM phishing and business email compromise BEC campaign targeting multiple organizations in the energy sector, resulting in the compromise of various user accounts. The campaign abused SharePoint file‑sharing services...

5.7AI score
Exploits0
mssecure
mssecure
added 2026/01/22 5:14 a.m.9 views

Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint

Microsoft Defender Researchers uncovered a multi‑stage adversary‑in‑the‑middle AiTM phishing and business email compromise BEC campaign targeting multiple organizations in the energy sector, resulting in the compromise of various user accounts. The campaign abused SharePoint file‑sharing services...

5.7AI score
Exploits0
mssecure
mssecure
added 2026/01/14 3:3 p.m.12 views

Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations

Over the past year, Microsoft Threat Intelligence observed the proliferation of RedVDS, a virtual dedicated server VDS provider used by multiple financially motivated threat actors to commit business email compromise BEC, mass phishing, account takeover, and financial fraud. Microsoft’s...

6AI score
Exploits0
mssecure
mssecure
added 2026/01/14 3:3 p.m.20 views

Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations

Over the past year, Microsoft Threat Intelligence observed the proliferation of RedVDS, a virtual dedicated server VDS provider used by multiple financially motivated threat actors to commit business email compromise BEC, mass phishing, account takeover, and financial fraud. Microsoft’s...

6.6AI score
Exploits0
thn
thn
added 2026/01/07 9:42 a.m.12 views

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged this vector to deliver a wide variety of...

6.8AI score
Exploits0
mssecure
mssecure
added 2026/01/06 6:0 p.m.9 views

Phishing actors exploit complex routing and misconfigurations to spoof domains

Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have been sent internally. Threat actors have leveraged this vector to deliver a wide variety of...

6.4AI score
Exploits0
mssecure
mssecure
added 2026/01/06 6:0 p.m.13 views

Phishing actors exploit complex routing and misconfigurations to spoof domains

Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have been sent internally. Threat actors have leveraged this vector to deliver a wide variety of...

6.4AI score
Exploits0
malwarebytes
malwarebytes
added 2025/12/17 1:38 p.m.7 views

Inside a purchase order PDF phishing campaign

A PDF named "NEW Purchase Order 52177236.pdf" turned out to be a phishing lure. So we analyzed the phishing script behind it. A customer contacted me when Malwarebytes blocked the link inside a “purchase order” email they had received. Malwarebytes blocked this ionoscloud.com subdomain When I...

6.7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/11/25 12:0 a.m.6 views

Semantic Superiority Vs. Forensic Efficiency: A Comparative Analysis of Deep Learning and Psycholinguistics for Business Email Compromise Detection

Business Email Compromise BEC is a sophisticated social engineering threat that manipulates organizational hierarchies and exploits psychological vulnerabilities, leading to significant financial damage. According to the 2024 FBI Internet Crime Report, BEC accounts for over $2.9 billion in annual...

6.8AI score
Exploits0
talosblog
talosblog
added 2025/10/21 10:0 a.m.10 views

Reducing abuse of Microsoft 365 Exchange Online’s Direct Send

Overview Microsoft 365 Exchange Online's Direct Send is designed to solve an enterprise-scale operational challenge: certain devices and legacy applications such as multifunction printers, scanners, building systems, and older line‑of‑business apps, need to send email into the tenant but lack the...

6.8AI score
Exploits0
redhatcve
redhatcve
added 2025/10/13 5:29 a.m.9 views

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

8.1CVSS7.2AI score0.01007EPSS
Exploits1References1
nvd
nvd
added 2025/10/10 3:16 p.m.8 views

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

8.1CVSS0.01007EPSS
Exploits1References1
osv
osv
added 2025/10/10 3:16 p.m.6 views

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

8.1CVSS5.9AI score0.01007EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/10/10 12:0 a.m.8 views

PT-2025-41567

Name of the Vulnerable Software and Affected Versions RISE Ultimate Project Manager & CRM affected versions not specified Description An issue exists in RISE Ultimate Project Manager & CRM that allows authenticated users to inject arbitrary HTML into invoices and messages. This injected content...

8.1CVSS7AI score0.01007EPSS
Exploits1References9
vulnrichment
vulnrichment
added 2025/10/10 12:0 a.m.7 views

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

6.8AI score0.01007EPSS
Exploits1References1
Rows per page
Query Builder