Topic
phishing
New LLM Framework Detects Phishing Emails with Over 90% Accuracy
A paper on arXiv introduces LLMPEA, a framework using GPT-4o, Claude Sonnet 4, and Grok-3 to detect phishing emails with over 90% accuracy. The study also reveals vulnerabilities to adversarial attacks, prompt injection, and multilingual attacks, emphasizing the need for hardening before deployment.
Technology FBI Dismantles AI-Powered Phishing Service That Used Over a Million URLs to Steal Credit Cards
The FBI dismantled a Chinese phishing-as-a-service operation called Outsider Enterprise, seizing servers, cryptocurrency, and a Telegram bot. The three-year-old service generated around 9,000 fake websites and over a million fraudulent URLs, resulting in theft of 3.8 million credit card records and $1.9 billion in losses. Google filed a civil lawsuit and reported that criminals sent 2.5 million fraudulent SMS messages in just two weeks.
Technology Why Your Help Desk Remains the Biggest Security Risk in Your Organization
TechRadar reports that help desk social engineering attacks, like those that hit MGM Resorts, Marks & Spencer, and Harrods, bypass most security controls. AI has amplified the threat, with phishing scams up 85% and average losses doubling to $2,060. Best practices include hardening identity operations and tying device enrollment to identity.
Technology Hackers Use TikTok Videos Promising Free Spotify Premium to Deploy Malware
A report from ReversingLabs reveals hackers are using TikTok and Instagram Reels videos offering fake free subscriptions to Spotify Premium, Windows, Office, and Adobe to trick victims into running malicious PowerShell commands. The attack installs the Vidar infostealer, which steals passwords, cookies, session tokens, and cryptocurrency wallet data. This marks a shift from email phishing to social engineering on short-form video platforms.
Technology Phishing campaign exploiting Google Cloud links reaches 12,000 servers worldwide
An investigation by Comparitech revealed a coordinated phishing and spam network spanning 12,704 servers across 55 countries. Attackers use Google Cloud Storage links to evade detection, with fake New York Times pages as decoys. 99.8% of servers run end-of-life software, and 89% had no prior abuse history, indicating a rapidly rotating infrastructure aimed at bypassing traditional security tools.
Technology OpenClaw AI Agent's Phishing Vulnerability Exposed
Varonis researchers demonstrated that the OpenClaw AI agent, Pinchy, can be tricked into phishing attacks, compromising user data. Despite blocking malicious links, the AI failed to verify identity in urgent requests.
Technology North Korean Phishing Scheme Targets Developers for Crypto Theft
A North Korean phishing campaign, led by the group UNK_DeadDrop, targets developers with fake job offers to steal cryptocurrency. This operation mirrors tactics used by Lazarus but employs email-based lures and new payloads.