Lucene search
K

93 matches found

The Hacker News
The Hacker News
added 2026/06/05 7:1 a.m.14 views

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that...

5.5AI score
Exploits0
HackRead
HackRead
added 2026/05/11 10:34 a.m.10 views

Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites

Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/16 12:33 p.m.6 views

“iCloud storage is full” scam is back, and now it wants your payment details

A few months ago, we reported on a fake cloud storage alert that triggered a redirect chain to an app that has since been delisted from the Apple Store. The threat of losing your photos is a powerful lure, so scammers are now using it to steal personal and financial details. The Guardian warns...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/19 12:43 p.m.8 views

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover DTO and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/22 1:53 p.m.11 views

Fake LastPass maintenance emails target users

The LastPass Threat Intelligence, Mitigation, and Escalation TIME team has published a warning about an active phishing campaign in which fake “maintenance” emails pressure users to back up their vaults within 24 hours. The emails lead to credential-stealing phishing sites rather than any...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/18 7:43 a.m.13 views

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics formerly CJ Korea Express. "The threat actor leveraged QR codes...

7.8CVSS7.2AI score0.27561EPSS
Exploits4
HackRead
HackRead
added 2025/12/05 3:21 p.m.6 views

New Variant of ClayRat Android Spyware Seize Full Device Control

The dangerous ClayRat Android spyware has evolved, gaining the ability to steal PINs, record screens, and disable security by abusing Accessibility Services. Users must beware of fake apps spreading through phishing sites and Dropbox...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-9305

Malware in sbrugna...

5.5CVSS4.8AI score0.00472EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2010-3291

Malware in sbrugna...

5.5CVSS5.5AI score0.00167EPSS
Exploits0References5
HackRead
HackRead
added 2025/09/16 6:30 p.m.1 views

Ongoing FileFix Attack Installs StealC Infostealer Via Fake Facebook Pages

Researchers spot FileFix phishing sites that deliver StealC Infostealer through fake Facebook warnings and hidden payloads in images...

7AI score
Exploits0
HackRead
HackRead
added 2025/08/21 4:33 p.m.2 views

AI Browsers Can Be Tricked Into Paying Fake Stores in PromptFix Attack

The PromptFix attack tricks AI browsers with fake CAPTCHAs, leading them to phishing sites and fake stores where…...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/20 1:1 p.m.10 views

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts

Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence GenAI model into carrying out unintended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. Described by Guardio La...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/02 5:48 a.m.11 views

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence AI tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by threat actors who have...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:26 a.m.7 views

CVE-2019-19696

A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to...

5.5CVSS6.6AI score0.00472EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/16 12:0 a.m.7 views

"Explain, Don'T Just Warn!" -- a Real-Time Framework for Generating Phishing Warnings with Contextual Cues

Anti-phishing tools typically display generic warnings that offer users limited explanation on why a website is considered malicious, which can prevent end-users from developing the mental models needed to recognize phishing cues on their own. This becomes especially problematic when these tools...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/15 3:48 p.m.9 views

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as possible by...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/08 6:9 p.m.3 views

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.4 views

Shonen Jump+ 安全漏洞

Shonen Jump+ is a manga reading app by Shueisha Japan. A security vulnerability exists in Shonen Jump+ versions prior to 4.0.0. The vulnerability originates from a remote attacker who can trick users into visiting arbitrary websites via a vulnerable app, resulting in users becoming victims of...

3.3CVSS4.4AI score0.00161EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/11/27 11:30 a.m.5 views

Latest Multi-Stage Attack Scenarios with Real-World Examples

Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/11/07 1:8 a.m.9 views

Large eBay malvertising campaign leads to scams

Tech support scammers are targeting eBay customers in the U.S. via fraudulent Google ads. In a few separate searches, we were able to identify multiple Sponsored results that were created from at least four different advertiser accounts. While most of those ads clearly looked fake, they appeared...

6.7AI score
Exploits0
Rows per page
Query Builder