SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and
Cushman & Wakefield confirmed a vishing-enabled breach after ShinyHunters and Qilin ransomware listed the firm separately. ShinyHunters published a 50GB
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims’ WhatsApp
A malicious website impersonating Claude AI distributes a new, previously undocumented Windows backdoor named Beagle to users seeking to download
Australia’s Cyber Security Centre warned organizations about ClickFix social-engineering attacks using compromised WordPress sites to deliver Vidar Stealer via user-executed
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA
China-linked Silver Fox deployed a new ABCDoor backdoor through tax-themed phishing targeting both Indian and Russian filers simultaneously — a
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.