A threat actor is abusing HubSpot’s Free Form Builder service to craft credential-harvesting phishing pages, according to Palo Alto Networks’ Unit 42. The campaign has targeted at least 20,000 users at European companies in the automotive, chemical, and industrial compound manufacturing sectors. The attacks are designed to steal credentials in order to compromise victims’ Microsoft Azure cloud services.

ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users. Threat actors are using Progressive Web Apps (PWAs) and WebAPKs to bypass mobile security measures, since these files don’t require users to grant permissions to install apps from unknown sources. “The initial phishing messages were delivered through various methods, including SMS, automated voice calls, and social media malvertising,” ESET says.

Phishing remains one of the most dangerous and persistent cyber threats for individuals and organizations. Modern attacks use a growing arsenal of deceptive techniques that bypass traditional secure email gateways (SEGs) and email authentication measures, targeting organizations, employees, and vendors.

Fact: An organization of any size has employees that receive email. Fact: Threat actors, with the help of apps like ChatGPT, are becoming more efficient at creating compelling phishing emails. Fact: The law of averages mandates an attack will succeed when a staffer is fooled and opens a malicious email or clicks on the wrong link. Fact: A robust email security strategy, which includes a Secure Email Gateway, is a must to protect against email-borne attacks.

In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner Magic Quadrant for Email Security Platforms has signaled a shift in how we approach email protection. We believe this new Magic Quadrant encompasses a broader spectrum of email security providers to reflect the evolving threat landscape and the need for more integrated solutions.

Spear phishing plays a significant role in causing data breaches and cyberattacks. It costs businesses and individuals millions of dollars each year. Spear phishing is different from traditional phishing, which covers a broad spectrum. It targets specific individuals or organizations and uses tricks to make the victim reveal some sensitive information. This article explores spear phishing. It covers its unique traits and offers expert tips to identify and stop such attacks.

In this post, we’ll explore what cloud email filtering is, how it works, its key features, benefits, and the top providers in the market.

In 2024, phishing threats have become more sophisticated, with cybercriminals leveraging new methods such as quishing and multi-channel attacks. The growing complexity is evident in recent data, with a rise in incidents reported to the ICO in the UK and a 10% increase in complaints, including phishing/spoofing, filed with the FBI's Internet Crime Complaint Center (IC3) in the US.

Over the last few months, the topic of email bombing has been brought to our attention multiple times, mostly queries from customers that go something like this: “I have a few users experiencing some sort of spam attack, where they are receiving thousands of random registration or subscription emails. What do I do, and why is it occurring? Help!” This scenario is known as email or subscription bombing.

An email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The emails contain OneDrive links designed to trick users into installing malware. “The malware is hidden within attachments such as Word documents, PDFs, or Excel files, often masquerading as promotional materials, contracts, or business proposals,” the researchers explain.