These convincing copyright notices are designed to steal Google logins

A new scam is targeting people who publish Chrome extensions. The scam arrives as an official-looking "copyright removal request" claiming your extension is about to be removed from the Chrome Web Store and that you have 48 hours to appeal. It even looks personalized. After you enter your...

New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords

Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry...

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re...

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Agentic web browsers that leverage artificial intelligence AI capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to...

HackOnChat: Unmasking the WhatsApp Hacking Scam

CTM360 has discovered a large-scale malicious campaign targeting WhatsApp users worldwide. This scam is designed to hijack WhatsApp accounts through deceptive phishing schemes that exploit user trust in the WhatsApp brand. Threat actors behind this campaign create fraudulent websites that closely...

Stolen iPhones are locked tight, until scammers phish your Apple ID credentials

One of the reassuring things about owning an iPhone was knowing you could lock it if it got lost or stolen. Without your passcode, fingerprint or face to unlock it, it would be useless to anyone else. Now, though, some phone thieves have found a workaround, not by breaking Apple's security, but b...

New Phishing Emails Pretend to Offer Jobs to Steal Facebook Logins

Sublime Security warns of a massive credential phishing scam using fake job offers from brands like KFC and Red Bull to steal Facebook login details. Don't fall for the trap...

Scammers are still sending us their fake Robinhood security alerts

A short while ago, our friends at Malwaretips wrote about a text scam impersonating Robinhood, a popular US-based investment app that lets people trade stocks and cryptocurrencies. The scam warns users about supposed “suspicious activity” on their accounts. As if to demonstrate that this phishing...

Don’t connect your wallet: Best Wallet cryptocurrency scam is making the rounds

Phishers and scammers can’t get enough of sending their feeble attempts to Malwarebytes’ employees. For which we can’t thank them enough because it means we can warn you, our readers. This time the scammers tried to impersonate Best Wallet—an app that lets people store, send, and receive...

EUVD-2022-27940

Malicious code in bioql PyPI...

EUVD-2024-48781

Malicious code in bioql PyPI...

Vietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer

New Lone None Stealer uses Telegram C2 and DLL side-loading to grab passwords, credit cards, and crypto. Find out how to spot this highly evasive phishing scam...

New Google AppSheet Phishing Scam Deliver Fake Trademark Notices

A phishing scam is exploiting Google's trusted AppSheet platform to bypass email filters. Learn how hackers are using…...

Netflix Job Phishing Scam Steals Facebook Login Data

Beware of fake Netflix job offers! A new phishing campaign is targeting job seekers, using fraudulent interviews to…...

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence AI-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivat...

Amazon warns 200 million Prime customers that scammers are after their login info

Amazon has sent out an alert to its 200 million customers, warning them that scammers are impersonating Amazon in a Prime membership scam. In the email, sent earlier this month, Amazon said it had noticed an increase in reports about fake Amazon emails: What 's happening: Scammers are sending fak...

14 Arrested in Romania for £47 Million UK Tax Phishing Scam

14 arrested in major HMRC phishing scam raids across UK & Romania. Learn about the multi-million-pound tax fraud operation...

New Fake Marketplace From China Mimics Top Retail Brands for Fraud

Silent Push exposes thousands of fake e-commerce websites spoofing major brands like Apple and Michael Kors. Learn how this Chinese phishing scam targets shoppers and steals financial data, impacting global consumers...

CVE-2024-9329

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal...

CVE-2024-7941

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials...