News

Google Apps Script abused to launch dangerous phishing attacks
Threat actors have been seen abusing Google Apps Script to launch convincing phishing attacks and steal people’s Microsoft ...
Threat actors abuse Google Apps Script in evasive phishing attacks
Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear ...
CSO Online4d
Warning: Threat actors now abusing Google Apps Script in phishing attacks
According to new research from Cofense, a new attack has been discovered where, if an employee clicks on a link in a phishing ...
That's a new one: Iranian hackers pretend to be a modelling agency to try and steal user details
Unit 42 found a website spoofing a known German modelling agency The site carries obfuscated JavaScript which exfiltrates ...
Security Boulevard13d
Scripting Outside the Box: API Client Security Risks (2/2)
Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript ...
The Hacker News3d
New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data
New Rust-based EDDIESTEALER spreads via fake CAPTCHA pages, stealing credentials and bypassing Chrome encryption.
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI ...
Security Boulevard13d
What a Binance CAPTCHA solver tells us about today’s bot threats
In this post, we analyze an open-source CAPTCHA solver designed to bypass a custom challenge deployed on Binance, one of the ...
Perplexity offers training wheels for building AI agents
Perplexity, an AI search biz, has launched Perplexity Labs, a project automation service capable of generating basic apps and ...
Spies hack high-value mail servers using an exploit from yesteryear
On Thursday, security firm ESET reported that Sednit, a Kremlin-backed hacking group also tracked as APT28, Fancy Bear, ...
Cyber Security Intelligence5d
Avoiding Low-Tech, Human-Centric Cyber Attacks
Latest research highlights that cybercriminals are finding more success in low-tech, high-impact, human-centric tactics.
Cryptopolitan on MSN3d
BitMEX thwarts Lazarus Group’s hack attempt, exposes hacker IPs and ops flaws
BitMEX has pulled the curtain back on a failed hack attempt by the Lazarus Group, exposing sloppy mistakes by a collective ...