Etiquetas: phishing

Malwarebytes is rolling out a new connector that integrates its threat‑intelligence engine directly into Anthropic's Claude. The add‑on lets users paste URLs, phone numbers or email addresses into a Claude chat and receive an instant verdict—safe, malicious, suspicious or unknown—along with remediation tips. The move comes as AI‑generated scams become increasingly convincing, with a recent Malwarebytes survey finding two‑thirds of respondents struggle to tell a fake from the real. The connector requires no Malwarebytes account and can be enabled in Claude’s settings. Leer más

Generative AI is reshaping cybercrime by drastically cutting the time and expertise needed to launch scams. Tasks that once required many hours can now be completed in minutes, enabling criminals to produce convincing phishing emails, deepfake voices, fake documents, and entire scam campaigns at scale. The rapid automation has turned fraud into an industrialized operation, allowing thousands of attacks to be deployed simultaneously and increasing global losses dramatically. Defenders are struggling to keep pace with the speed and sophistication of AI‑driven fraud. Leer más

Generative AI is rapidly increasing the volume and sophistication of online scams, pushing fraud ahead of ransomware as the top cyber risk for businesses and consumers. Executives report widespread exposure to AI‑powered phishing, voice and text scams, as well as invoice fraud and identity theft. Consumers are also feeling the impact, with identity theft topping their concerns. Experts warn that the lower barriers for criminals and the realistic nature of synthetic media make detection harder, and call for coordinated action across governments, businesses and technology providers to protect trust and stability. Leer más

A recent World Economic Forum report shows that nearly two‑thirds of organizations now evaluate AI risks before deployment, up from just over a third last year. While executives acknowledge rising AI‑related vulnerabilities, many are also turning to AI tools to bolster cybersecurity, especially for phishing detection, intrusion monitoring, and automated operations. Key barriers include skill shortages, the need for human validation, and lingering uncertainty about risks. The outlook highlights increasingly convincing phishing, deep‑fake scams and automated social engineering as the most pressing AI‑enabled threats. Leer más

Cybercriminals are leveraging artificial intelligence to target the weakest link in cloud‑based software: user identities. AI accelerates the gathering of employee data, sifts massive credential dumps for high‑value accounts, creates realistic synthetic personas, and powers fully automated attack frameworks. These capabilities let attackers bypass traditional defenses, infiltrate SaaS environments, and operate undetected. Experts warn that organizations must shift security focus to continuous identity verification, behavioral analytics, and AI‑enhanced defenses to counter the growing AI‑enabled identity threat. Leer más

Security researchers have uncovered a new method in which attackers use AI chatbots and search engines to deliver malicious commands. By prompting AI assistants to suggest terminal commands and then promoting those suggestions in search results, hackers can lure unsuspecting users into executing harmful code. Tests by Huntress showed the technique succeeded against both ChatGPT and Grok, allowing malware to be installed without traditional download or link clicks. The approach exploits user trust in familiar platforms and highlights the need for heightened caution when copying command‑line instructions from online sources. Leer más

Security researchers have identified a new phishing technique called CoPhish that weaponizes Microsoft Copilot Studio agents to steal OAuth tokens. By embedding fake login or consent flows in shared agents, attackers can trick users into granting access to their Microsoft accounts, allowing theft of email, chat, calendar, files and automation capabilities. Microsoft acknowledges the risk and says it will address the issue through product updates. Experts recommend immediate mitigations such as restricting third‑party app consent, enforcing conditional access and multi‑factor authentication, and closely monitoring unusual app registrations and token grants. Leer más

A new Mimecast report finds that cybercriminals are increasingly leveraging generative artificial intelligence to create more convincing phishing, business email compromise (BEC) and multichannel deception campaigns. Phishing now accounts for 77% of attacks, while ClickFix threats have risen fivefold and represent roughly 8% of incidents in the first half of 2025. The report highlights abuse of trusted tools such as DocuSign and Salesforce, and cites the Scattered Spider group as linked to over 900,000 detections. Mimecast recommends multi‑factor authentication, advanced email defenses with anomaly detection, and layered security training to counter the rising AI‑powered threat landscape. Leer más

Security researchers have uncovered a large‑scale smishing operation that leverages compromised networking routers to send fraudulent SMS messages. The attackers appear to exploit a router flaw known as CVE‑2023‑43261, which allowed them to retrieve encrypted administrator passwords and gain full control of devices. While some of the compromised routers ran firmware versions vulnerable to the flaw, others did not, suggesting additional attack vectors. The phishing sites use mobile‑only JavaScript defenses and log visitor activity through a Telegram bot operated by an actor called Gro_oza. The investigation highlights how inexpensive, overlooked hardware can fuel sophisticated phishing campaigns. Leer más

A recent NordVPN National Privacy Test reveals that the United Kingdom outperforms the United States in identifying phishing websites, with 31% of U.S. respondents unable to correctly spot such scams. While the UK ranks among the top English‑speaking nations for overall cybersecurity awareness, both countries lag in understanding AI‑related privacy issues, each scoring only 5% on that metric. The study also highlights gaps in password storage knowledge and the use of online privacy tools, underscoring areas where both nations could improve digital safety practices. Leer más

AegisAI, a new email security startup founded by former Google Safe Browsing and reCAPTCHA leaders Cy Khormaee and Ryan Luo, has emerged from stealth with a $13 million seed round co‑led by Accel and Foundation Capital. The company builds a network of autonomous AI agents that analyze every component of an email in real time to detect phishing, malware, and business‑email‑compromise threats. Early pilots in the United States and Europe have already added paying customers, and the team plans to expand its technical and go‑to‑market capabilities. Leer más

Hackers orchestrated what is likely the largest supply‑chain attack ever 2 billion weekly npm downloads, compromising nearly two dozen open‑source packages. The breach began with a phishing email that tricked maintainer "Qix" into revealing his two‑factor authentication credentials. Within an hour, malicious code was added to dozens of packages, enabling the theft of cryptocurrency by monitoring transactions and redirecting payments to attacker‑controlled wallets. Researchers say the targeted selection of foundational JavaScript libraries vastly expands the attack’s reach across the ecosystem. Leer más

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leer más