Interpol has recently recommended discontinuing the use of the term "Pig Butchering" in cybercrime discussions, expressing concern that such terminology may discourage victims from reporting incidents due to feelings of shame or embarrassment. While some may question whether Interpol is over analysing the situation, it is prudent to consider the implications carefully. Modifying established cybersecurity terminology could potentially lead to public confusion.

An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports. “Apple iMessage automatically disables links in messages received from unknown senders, whether that be an email address or phone number,” BleepingComputer explains.

Threat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to, according to researchers at Abnormal Security. Users are more likely to trust links that end in Google’s “.goog” domain, and security filters are less likely to flag these URLs as malicious. “When you enter a URL into Google Translate, it generates a new link, redirecting the user through its platform to the requested page,” the researchers explain.

Ransomware groups claimed responsibility for 5,461 attacks in 2024, with 1,204 of these attacks being publicly confirmed by victim organizations, according to Comparitech’s latest Ransomware Roundup report. The average ransom demand was more than $3.5 million, and the average ransom paid was $9.5 million. Many of these attacks involved data theft extortion, leading to the breach of nearly 200 million records.

Social engineering and phishing are involved in 70% - 90% of data breaches. No other root cause of malicious hacking (e.g., unpatched software and firmware, eavesdropping, cryptography attacks, physical theft, etc.) comes close. In fact, if you add up all other causes for successful cyberattacks together, they do not come close to equaling the damage done by social engineering and phishing alone.

In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner Magic Quadrant for Email Security Platforms has signaled a shift in how we approach email protection. We believe this new Magic Quadrant encompasses a broader spectrum of email security providers to reflect the evolving threat landscape and the need for more integrated products.

Japan’s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.

The UK government decided to wage war on explicit deepfakes. About time, right? But before we start celebrating, let's take a closer look. The fact is that this isn’t about technology, it’s about human behaviour. The government is not trying to outright ban deepfakes, which would be impossible, to be honest. They're targeting the misuse of this tech for nefarious purposes.

Researchers at SlashNext warn that cybercriminals are using a WordPress plugin called “PhishWP” to spoof payment pages and steal financial information. The spoofed pages are designed to steal payment card numbers, expiration dates, CVVs, and billing addresses. The plugin can also intercept one-time passwords generated to secure the transactions. The stolen data is immediately sent to the crooks via Telegram as soon as the victim hits “enter” on the phishing page.

A phishing campaign is abusing Microsoft 365 test domains to send legitimate payment requests from PayPal, according to Fortinet’s CISO Dr. Carl Windsor. Windsor found that the threat actor registered a free MS365 test domain and used it to create a distribution list containing targets’ email addresses. The scammer then used this distribution list to send payment requests via PayPal’s web portal.