Topic: phishing attack

Sort by: Relevance | Date
  • Inside the PureRAT Attack: From Info Stealer to Full Control
    October 22, 2025
    90%

    Inside the PureRAT Attack: From Info Stealer to Full Control

    A sophisticated cyberattack begins with phishing emails using sideloading techniques to deploy malware, escalating from credential theft to deploying the full-featured PureRAT remote access trojan for complete system control. The campaign employs multiple layers of obfuscation, including custom c...

    Read More »
  • Fake npm 2FA Reset Email Used to Hijack Popular Code Packages
    September 11, 2025
    90%

    Fake npm 2FA Reset Email Used to Hijack Popular Code Packages

    A phishing campaign compromised at least 18 widely used JavaScript npm packages, injecting malicious code to hijack cryptocurrency transactions and highlighting supply chain vulnerabilities. The attack began when a developer fell for a convincing phishing email, allowing the threat actor to take ...

    Read More »
  • Russian Hackers Bypass Two-Factor Authentication in New Attack
    June 30, 2025
    90%

    Russian Hackers Bypass Two-Factor Authentication in New Attack

    Russian hackers bypassed two-factor authentication (2FA) using social engineering, exploiting legitimate account features like Gmail's "app password" to target high-profile individuals. A British researcher, Keir Giles, was tricked by hackers posing as U.S. officials, who used forged documents an...

    Read More »
  • FileFix Attack Evades Security with Cache Smuggling
    October 15, 2025
    85%

    FileFix Attack Evades Security with Cache Smuggling

    A new FileFix social engineering attack uses cache smuggling to deliver malware undetected by disguising itself as a Fortinet VPN Compliance Checker and tricking users into executing hidden PowerShell commands. The attack involves copying a text string that secretly contains a script to search br...

    Read More »
  • NPM Supply-Chain Attack Thwarted: Hackers Foiled
    September 12, 2025
    85%

    NPM Supply-Chain Attack Thwarted: Hackers Foiled

    A massive supply-chain attack on the NPM ecosystem was quickly neutralized, preventing a catastrophic security incident despite malicious updates reaching 10% of cloud environments. The attack began with a phishing compromise of a maintainer account, allowing tainted updates to widely used packag...

    Read More »
  • Popular NPM 'is' Package Infects 2.8M Weekly Users with Malware
    July 25, 2025
    80%

    Popular NPM 'is' Package Infects 2.8M Weekly Users with Malware

    A widely-used NPM package called 'is' was compromised in a supply chain attack, distributing malware-infected versions (3.3.1 to 5.0.0) with a backdoor enabling remote code execution. Attackers used phishing via a fake npmjs.com domain to hijack maintainer accounts, pushing malicious updates to m...

    Read More »

Related Topics

social engineering (71) supply chain (69) remote code execution (65) threat actors (37) security recommendations (37) cybersecurity research (21) command control (16) cryptocurrency theft (15)