Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SentinelOne warns that a phishing campaign is targeting high-profile X accounts, including those belonging to US political figures, leading journalists, major technology companies, cryptocurrency organizations, and owners of coveted usernames. “SentinelLABS’ analysis links this activity to a similar operation from last year that successfully compromised multiple accounts to spread scam content with financial objectives,” the researchers write.

Check Point warns that a large-scale phishing campaign is targeting Facebook accounts with phony copyright infringement notices. The phishing emails have targeted more than 12,000 email addresses at hundreds of companies. Nearly all of the emails targeted individuals in the US, the EU, and Australia, though the researchers also observed some phishing templates written in Chinese and Arabic.

Dr. Martin J. Kraemer discusses learning from The Word Economics Forum Cybersecurity Outlook 2025 report Last year, the British multinational corporation Arup lost about 20 million pounds after falling victim to a deepfake scam. A finance worker in their Hong Kong office carried out 15 transactions to seven different bank accounts after joining an online meeting, during which urgent financial requirements were discussed among senior leadership.

2024 saw the highest-ever amount of ransomware attacks, according to a new report from NCC Group. There were 5,263 observed ransomware incidents last year, with the LockBit gang accounting for ten percent (526) of these attacks. RansomHub was the second most active group, accounting for 501 attacks. Notably, the industrial sector was the most commonly targeted, accounting for 27% of ransomware attacks in 2024 (a 15% increase from 2023).

In the bustling world of 1960s Madison Avenue, a young advertising executive named Lester Wunderman was about to revolutionize the industry. Wunderman, often called the father of direct marketing, had a simple yet profound insight: personalization was the key to capturing attention and driving action. Wunderman's breakthrough came when he created the Columbia Record Club, a mail-order service that tailored its offerings based on each member's past purchases and preferences. The results were staggering.

Scammers are taking advantage of the newfound popularity of the China-based AI app DeepSeek, according to researchers at ESET. DeepSeek released its generative AI tool last month, and it’s since overtaken ChatGPT as the top free app in Apple’s App Store. Users are now spotting lookalike domains designed to deliver malware or steal information. Other scams offer users the opportunity to buy phony stocks in DeepSeek.

The rise of agentic AI tools will transform the cybercrime landscape, according to a new report from Malwarebytes. Agentic AI—which is still under development—is a step above the generative AI tools that are currently available to the public, and will likely be widely released in 2025. While these tools will have many legitimate uses, they’ll also enable cybercriminals to scale their attacks.

A KnowBe4 Threat Lab publication Authors: Daniel Netto, Jeewan Singh Jalal, Anand Bodke, and Martin Kraemer Executive Summary Attackers exploit redirects that lack safeguarding mechanisms to borrow the domain reputation of the redirect service, obfuscate the actual destination and exploit trust in known sources. Whitelisting URLs, only allowing a predefined set of URLs to be rewritten, is an effective countermeasures against the vulnerability on the server side.

Nearly half (46%) of businesses observed an increase in deepfakes and generative AI-related fraud last year, a new report from AuthenticID has found. Additionally, phishing attempts increased by 76% in 2024, and more than 90% of cyberthreats were driven by social engineering. The report also noted a rise in workplace-related fraud, including employee impersonation and account takeover.

Recently, I started working with my children's school to enhance their online safety measures and develop a digital mindfulness course in collaboration with their digital literacy lead. This experience highlighted the fact that our schools are not only expected to provide safe places of learning but also extend that safety into the digital spaces.