In a surprising development, Bumblebee Malware (a popular malware downloader) has resurfaced with an approach that was believed to be long gone: VBA macro-enabled documents. This comes just four months after Europol dismantled various trick bots—including Bumblebee, IcedId, Pikabot, TrickBot and systemBC—during a crackdown called Operation Endgame.

In 2024, phishing threats have become more sophisticated, with cybercriminals leveraging new methods such as quishing and multi-channel attacks. The growing complexity is evident in recent data, with a rise in incidents reported to the ICO in the UK and a 10% increase in complaints, including phishing/spoofing, filed with the FBI's Internet Crime Complaint Center (IC3) in the US.

2024 was a special year for Tines. And a busy one! We introduced 177 (and counting) new product capabilities. We raised an additional $50M from existing investors. And most importantly, our builders – the users of the Tines platform – brought more workflows to life than ever before: solving problems for their teams, and often sharing their learnings with the broader Tines community.

As company priorities and processes evolve, testing and implementing changes in your workflows is essential, especially for those workflows with a major influence across your business. Should the team push the wrong change live, an alert’s remediation process could be potentially slowed down, or employee information could be revealed to the wrong team.

Threat actors impersonate HR in seasonal phishing campaign, Zloader receives new features and capabilities, and new details emerge about Secret Blizzard.

With the exponential expansion of AI, bad actors are frothing at the mouth. Advanced technology for automating social engineering techniques that previously required technical know-how is now within arm’s reach of anyone with a keyboard. Attempts to exploit and deceive are more common than ever, and they are emptying business’s pockets. In 2023, 800 businesses worldwide reported fraud losses totaling 6.5% of their revenue, amounting to $359 billion.

The rise of Non-Human Identities (NHIs) — think APIs, bots, service accounts, and machine identities — has expanded the attack surface in ways we’re only beginning to understand. NHIs now outnumber human identities in enterprise environments, often by a staggering ratio. While they streamline processes, enable scalability, and facilitate automation, these identities also present significant security risks.