ShinyHunters flip the script on MFA in new data theft attacks
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in …
Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing …
The year ahead in cyber: What’s next for cybersecurity in 2026
In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst at Symantec, outlines the major cyber risks expected in 2026. He explains that attackers are …
Attackers fake IT support calls to steal Salesforce data
Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat …
Inside PlugValley: How this AI vishing-as-a-service group operates
In this Help Net Security video, Alexis Ober, Threat Intel Analyst at Fortra, discusses the threat actor group PlugValley, which is now offering AI-powered …
Black Basta target orgs with new social engineering campaign
Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access …
LastPass users targeted by vishing attackers
The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a …
Enterprises face significant losses from mobile fraud
A recent Enea survey highlights a worrying trend in enterprise security: Following ChatGPT’s launch, 76% of businesses are inadequately protected against rising …
How malicious email campaigns continue to slip through the cracks
In this Help Net Security video, Josh Bartolomie, VP of Global Threat Services at Cofense, discusses how email will remain a target as long as it remains the predominant form …
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT
76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT, according to Enea. …
Pre-pandemic techniques are fueling record fraud rates
Within the largest financial institutions, insurers, and retailers, the rise and adoption of AI, an impending recession, and the return of pre-pandemic fraud techniques are …
What can we learn from the latest Coinbase cyberattack?
Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies …
Featured news
Resources
Don't miss
- Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk
- Global Threat Map: Open-source real-time situational awareness platform
- How Secure by Design helps developers build secure software
- Why incident response breaks down when it matters most
- Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)