Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency. […]
Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. […]
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helps
Meta Launches New Protection Tools as It Helps Disrupt Scam Centers
The social media giant has disabled more than 150,000 accounts powering scam centers in Asia.
The post Meta Launches New Protection Tools as It Helps Disrupt Scam Centers appeared first on SecurityWeek.
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.”
The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how
The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how
Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks
The issue allows attackers to inject SQL queries and extract sensitive information from the database.
The post Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks appeared first on SecurityWeek.
The Human IOC: Why Security Professionals Struggle with Social Vetting
Applying SOC-level rigor to the rumors, politics, and ‘human intel’ can make or break a security team.
The post The Human IOC: Why Security Professionals Struggle with Social Vetting appeared first on SecurityWeek.
Splunk, Zoom Patch Severe Vulnerabilities
Critical- and high-severity flaws could be exploited to execute arbitrary shell commands or elevate privileges.
The post Splunk, Zoom Patch Severe Vulnerabilities appeared first on SecurityWeek.
US charges another ransomware negotiator linked to BlackCat attacks
The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation. […]
Attackers Don’t Just Send Phishing Emails. They Weaponize Your SOC’s Workload
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach.
For years, the cybersecurity industry has focused on the front door of phishing defense: employee training, email gateways that
For years, the cybersecurity industry has focused on the front door of phishing defense: employee training, email gateways that