SPAM Archives - Page 2 of 30 - Cybersecurity News Everyday

Microsoft: Exchange Online bug mistakenly quarantines user emails

Summary: Microsoft is investigating a bug in Exchange Online that is causing users’ emails to be mistakenly quarantined by the anti-spam systems. The issue started at 10:11 UTC and has been classified as a critical service issue. In addition, a separate incident is preventing access to the ‘Review’ page in the Security portal for users and admins.…

Cyber Security News

Large-Scale Malicious App Campaign Bypasses Android Security to Conduct Ad Fraud

March 19, 2025 Cyware

Summary: A large-scale ad fraud campaign has led to over 60 million downloads of malicious apps from the Google Play Store. These 331 apps bypass Android security restrictions, display unwanted ads, and attempt to steal user data through phishing tactics. The threat remains active, with ongoing modifications by attackers to evade detection.…

Threat Research

Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease

March 18, 2025 BitDefender

Bitdefender has uncovered a widespread ad fraud scheme utilizing over 331 malicious apps on the Google Play Store, which have amassed more than 60 million downloads. These apps display unwanted ads and attempt to extract user credentials and credit card information through phishing tactics. The campaign shows how criminals actively exploit vulnerabilities in app distribution platforms, emphasizing the need for enhanced mobile security measures.…

Cyber Security News

New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

March 18, 2025 CybersecurityNews

Summary: A large-scale ad fraud campaign, known as Vapor, has been identified, utilizing hundreds of malicious apps on the Google Play Store to deliver intrusive ads and launch phishing attacks. These apps masqueraded as legitimate applications, exploiting users into providing sensitive information, resulting in over 60 million downloads.…

Threat Research

Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malware

March 18, 2025March 18, 2025 microsoft

A phishing campaign impersonating Booking.com has been identified targeting organizations within the hospitality sector, particularly in relation to travel. Using the ClickFix social engineering technique, this campaign seeks to steal credentials and engage in financial fraud, affecting various regions including North America and Europe. Affected: hospitality industry, Booking.com…

Cyber Security News

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions

March 17, 2025 CybersecurityNews

Summary: Recent findings from Cisco Talos reveal that malicious actors are exploiting Cascading Style Sheets (CSS) to bypass spam filters and track user actions, raising security and privacy concerns. They leverage CSS properties to conceal content in emails and monitor user behavior, potentially leading to phishing attacks.…

Threat Research

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

March 16, 2025 Sucuri

The increasing sophistication of e-commerce malware has led to serious security threats for platforms such as WordPress WooCommerce. A recent case uncovered a coordinated attack involving a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script, aimed at stealing customer data and maintaining long-term access.…

Cyber Security News

Coinbase phishing email tricks users with fake wallet migration

March 15, 2025 BleepingComputer

Summary: A deceptive phishing campaign targeting Coinbase users tricks recipients into creating a new wallet by providing a recovery phrase controlled by attackers. The emails falsely present a mandatory wallet migration and bypass email security checks, making them seem legitimate. Coinbase warns users to be vigilant and never use recovery phrases provided by emails.…

Threat Research

Microsoft Research Reveals – Phishing Campaign Impersonates Booking(.)com, Delivers a Suite of Credential-Stealing Malware

March 14, 2025 admin

A phishing campaign identified by Microsoft Threat Intelligence targets the hospitality industry, impersonating Booking.com and utilizing the ClickFix social engineering technique to deliver credential-stealing malware. The campaign, ongoing since December 2024, aims at financial fraud by tricking users into executing malicious commands. Affected: hospitality organizations, Booking.com…

Cyber Security News

ClickFix Widely Adopted by Cybercriminals, APT Groups

March 14, 2025 CybersecurityNews

Summary: Since August 2024, state-sponsored hackers and cybercriminals have been using a technique called ClickFix to deploy information stealer malware. This method involves social engineering through malicious JavaScript that manipulates users into executing harmful commands. Group-IB reports an increase in this attack vector, particularly targeting users on various platforms that offer free content or software.…

Threat Research

Ramadan Scams on the Rise: Fake Giveaways, Crypto Traps & Fraudulent Donations | CloudSEK

March 13, 2025 CloudSek

This report highlights the rise of Ramadan-related cyber scams, particularly targeting charitable contributions and crypto investments. Cybercriminals are exploiting the goodwill associated with Ramadan to spread fraudulent schemes, often using social engineering tactics to deceive victims. Understanding these scams is essential for safeguarding against potential losses.…

Threat Research

Abusing with style: Leveraging cascading style sheets for evasion and tracking

March 13, 2025 Talos

Cisco Talos has identified the misuse of Cascading Style Sheets (CSS) by threat actors to evade spam filters and track user actions and preferences, posing security and privacy risks. The blog discusses various methods of CSS abuse, including hidden text and tracking capabilities that exploit the functionality of CSS in emails.…

Interesting Stuff

My Approach to Analyzing Malicious IP Addresses

March 8, 2025March 8, 2025 iocOne

This blog post discusses the analysis of a malicious IP address, exploring various tools for deeper investigation, including WHOIS, Shodan, AbuseIPDB, VirusTotal, and ThreatBook.io. The findings indicate that the IP address is associated with suspicious services and potential malware activity, emphasizing the importance of detailed analysis in cybersecurity efforts.…

Cyber Security News

Scammers Send Fake Texts From E-ZPass and Other Toll Services to Siphon Payments

March 7, 2025 Cyware

Summary: A new smishing scam is targeting individuals by masquerading as toll providers demanding payment for unpaid tolls through fraudulent text messages. The messages often threaten consequences for non-payment and include suspicious links designed to harvest personal information. Victims are urged to report and delete the messages, and to take protective measures for their sensitive data if they’ve interacted with the scammers.…

Threat Research

Phantom-Goblin: Covert Credential Theft and VSCode Tunnel Exploitation

March 6, 2025 Cyble

A newly identified malware operation, named “Phantom Goblin,” utilizes social engineering to deceive users into executing a malicious LNK file that triggers a PowerShell script to download and execute additional payloads. These payloads enable the malware to extract sensitive data, maintain unauthorized remote access via Visual Studio Code tunnels, and exfiltrate the stolen data to a Telegram bot.…

Cyber Attack

Google Introduces New AI-Powered Scam Detection Features for Android

March 6, 2025 Cyware

Summary: Google has introduced two AI-powered tools for Android to help detect conversational scams in messages and calls, enhancing user security against various types of scams. These features analyze communication patterns while prioritizing user privacy, aiming to prevent users from inadvertently sharing sensitive information or funds.…

Cyber Security News

Google expands Android AI scam detection to more Pixel devices

March 5, 2025 BleepingComputer

Summary: Google is expanding its AI-powered scam detection features for Android to combat increasingly sophisticated phone and text scams. These features aim to identify and protect users from conversational scams that manipulate victims into sharing sensitive information. The rollout includes enhancements for both Google Messages and phone call detection, prioritizing user privacy while providing real-time alerts for scam attempts.…

Threat Research

PayPal’s “no-code checkout” abused by scammers

February 28, 2025 Malwarebytes

This article highlights a new scam targeting PayPal customers through misleading Google ads that mimic official PayPal links. Scammers exploit Google’s advertisement policies to direct potential victims to fraudulent pay pages, leading to personal information theft. Affected: PayPal customers, Google search users.

Keypoints :

Scammers are creating fraudulent ads impersonating PayPal, using compromised advertiser accounts.…

Cyber Security News

Sites of Major Orgs Abused in Spam Campaign Exploiting Virtual Tour Software Flaw

February 27, 2025 CybersecurityNews

Summary: A significant spam campaign has exploited a vulnerability in Krpano, a widely used virtual tour software, leading to malicious redirects affecting numerous major organizations worldwide. The reflected XSS vulnerability allowed attackers to embed ads or redirect users to inappropriate sites. Despite a previous patch issued in 2020, the issue lingered, prompting renewed notifications and fixes from Krpano developers after the exploitation was reported.…

Threat Research

Fake WordPress Plugin Impacts SEO by Injecting Casino Spam

February 27, 2025 Sucuri

This article discusses the tactic of attackers using fake WordPress plugins to inject malware, particularly casino spam, into websites. By disguising malicious plugins as innocuous, attackers evade detection and compromise site integrity. The narrative follows an investigation into a client’s compromised site, examining the methods of detection and removal of the fake plugin, emphasizing the importance of website security.…

Tag: SPAM