Fake Websites Target Shoppers Ahead of Amazon Prime Day
As Amazon Prime Day approaches (July 8-11, 2025), cybercriminals are capitalizing on the shopping frenzy by unleashing a wave of fake websites designed to scam unsuspecting consumers. Recent research by cybersecurity experts at NordVPN has revealed the existence of over 120,000 fraudulent websites mimicking Amazon in just the past two months. What is Prime Day? Prime Day, one of the
Chainlink Phishing: Trusted Sites Become Dangerous Gateways
Cybercriminals are using an increasingly deceptive tactic known as chainlink phishing, where they build a chain of seemingly harmless links that ultimately leads to a phishing site. This method allows attackers to bypass security filters, abuse the reputation of major online services, and trick even cautious users into visiting malicious pages. What Is Chainlink Phishing? Chainlink phishing describes a chain
Hijacked Discord Invites Spawn Multi-Stage Malware Chains
A Discord invite you embedded in a blog post, social‑media thread, or product FAQ last year may no longer point to the community you intended. Because Discord allows boosted servers to re‑claim expired or deleted vanity codes, threat actors exploit hijacked abandoned Discord invites, attaching them to their own servers, and funnelling visitors into a slick, but malicious, “verification” flow.
Rare Werewolf Targets Russian Devices for Crypto Mining
A stealthy cyber campaign called Rare Werewolf is silently siphoning computing power, and sensitive data from hundreds of devices across Russia. First observed in December 2024, this ongoing operation is targeting industrial organizations and engineering schools, with victims also reported in Belarus and Kazakhstan. Unlike the flashy ransomware attacks that dominate headlines, Rare Werewolf keeps a low profile. By blending
Crypto Phishing Campaign Adds Fake Wallet Apps on Google Play
A new cyber threat is making waves in the crypto world. This time, it’s coming straight from the Google Play Store. Security researchers have uncovered a crypto phishing campaign involving dozens of fake crypto wallet apps that are targeting unsuspecting users. These lookalike apps mimic real crypto platforms and trick users into handing over their 12-word recovery phrases, giving attackers
Hackers Exploit Salesforce Tool in New Data Extortion Campaign
A new cyberattack campaign uncovered by Google's Threat Intelligence team reveals how attackers are increasingly blurring the lines between legitimate software tools and malicious intent. In this case, hackers exploit a Salesforce tool to infiltrate corporate environments, exfiltrate data, and launch extortion attempts against affected organizations. Voice Phishing Leads to Compromise The attackers, identified by Google as UNC6040, are using
Crocodilus Malware Adds Fake Contacts to Your Android Phone
The newly discovered Crocodilus malware raises serious concern among cybersecurity experts. Unlike typical trojans, this malware introduces a deceptive twist: it secretly adds fake contacts to your phone to impersonate trusted names like banks, family members, or service providers. This manipulation makes phishing attempts feel far more convincing, and far more dangerous. Here's what you need to know about how
Spear Phishing Campaign Targets CFOs and Abuses Legit Tools
A sophisticated spear phishing campaign that specifically targets CFOs (Chief Financial Officers) was recently uncovered by cybersecurity firm Trellix. This ongoing operation, first detected in mid-May 2025, has already affected organizations spanning Europe, Africa, Canada, the Middle East, and South Asia. The campaign’s method? A clever blend of social engineering and abuse of legitimate remote access software. Anatomy of the
Venom Spider Phishing Attack Targets HR Departments
In the evolving world of cybercrime, threat actors are continuously seeking new entry points into organizations. A new spear-phishing campaign has recently drawn attention for its clever targeting of an often-overlooked department: human resources. This phishing attack, orchestrated by the financially motivated group known as Venom Spider, leads to stolen credentials, remote access and more. A Deceptive Approach Venom Spider
