Glitch-hosted Phishing Uses Telegram & Fake CAPTCHAs to Target Navy Federal Credit Union Customers

From January to April 2025, Netskope Threat Labs tracked a three-fold increase in traffic to phishing pages created on the Glitch platform. These phishing campaigns have affected more than 830 organizations and over 3,000 users since January 2025, primarily targeting Navy Federal Credit Union members and seeking sensitive information.

CrowdStrike and Microsoft Unite to Harmonize Cyber Threat Attribution

In cybersecurity, understanding an adversary’s identity, capabilities, and intent is critical to intelligent cyber defense. Attribution matters. Despite cyber threat intelligence tracking a multitude of threat actors for many decades, accurately attributing malicious activity continues to be difficult. Vendors and researchers often see different parts of the same puzzle — or entirely different puzzles — due to differences in telemetry.

French Users Targeted by Major Phishing Campaign

Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more convincing. IBM has observed seventeen waves of the campaign since March 2024, and at least 160,000 victims have clicked on the phishing link. “The phishing emails inform recipients that their Amazon Prime subscription will automatically renew at a cost of 480 Euros per year,” IBM explains.

Red Teaming Around the World (UK and Europe vs. US)

The differences between the US, the UK, and Europe are often minor but important regionally. Sometimes, we use different words to describe the same thing: French fries (US) vs. chips (UK) vs. pommes frites (France) are all fried potatoes. Sometimes, the same word can have different meanings, such as "football" and "football". Oddly, the same point holds true for Red Team testing.

SOC 2 Compliance and Vulnerability Scanning: A Complete Guide

With 5+ vulnerabilities being discovered every minute, a SOC 2 (System and Organization Controls 2) compliance certificate demonstrates to customers and partners that the organization is committed to security and adheres to industry best practices for safeguarding data. Apart from customer trust, it can help organizations find and fix security vulnerabilities before attackers can exploit them.

Beyond Credentials: When Every Data Point Becomes a Weapon

You know what's interesting about data breaches? Everyone focuses on credit card numbers and financial data, but the reality is that every piece of information has value to someone. The Legal Aid breach perfectly illustrates this point, with over two million pieces of information accessed including details about domestic abuse victims, family cases, and criminal proceedings.

Pen Testers Save the Day: Exposing Critical Vulnerabilities! #cybersecurity

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

June 2, 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers: MATLAB dev confirms ransomware attack behind service outage MathWorks, the developer of the popular MATLAB numeric computing platform and the Simulink simulation, has disclosed it suffered a ransomware attack beginning on May 18, 2025. The attack impacted online applications used by customers as well as internal staff systems.