What happens when a cybersecurity company gets phished?
A Sophos employee was phished, but we countered the threat with an end-to-end defense process
Similar Posts
Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks
Bys sCybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on
French agency Pajemploi reports data breach affecting 1.2M people
Bys sBill Toulas reports: Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals. The incident impacts registered professional caregivers working for private employers, typically parents using the Pajemploi service part of URSSAF – the French organization that collects social……
Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
Bys sRebecca Falconer reports: An Iran-linked cyberattack group that hacked President Trump’s 2024 campaign is threatening to release another trove of emails it has [allegedly] stolen from his associates, including White House chief of staff Susie Wiles and Roger Stone. The big picture: Reuters first reported the threat on Monday that the Cybersecurity and Infrastructure Security Agency on X called a “calculated smear…
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
Bys sThe threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also…
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Bys sCybersecurity researchers have discovered a new Android banking malware called Crocodilus that’s primarily designed to target users in Spain and Turkey. “Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility…
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities
Bys sInternet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution. “The…