Welcome to the most prestigious event in the world of cyber trickery: the annual Avast Phishing Awards! Join us as we unveil the most noteworthy, side-eye-inducing, and downright dubious email headlines that made this such a year to remember.

A threat actor is abusing HubSpot’s Free Form Builder service to craft credential-harvesting phishing pages, according to Palo Alto Networks’ Unit 42. The campaign has targeted at least 20,000 users at European companies in the automotive, chemical, and industrial compound manufacturing sectors. The attacks are designed to steal credentials in order to compromise victims’ Microsoft Azure cloud services.

Find out how unpatched software can compromise your security and discover strategies to mitigate these risks effectively.

The term LLMjacking refers to attackers using stolen cloud credentials to gain unauthorized access to cloud-based large language models (LLMs), such as OpenAI’s GPT or Anthropic Claude. This blog shows how to strengthen LLMs with Sysdig. The attack works by criminals exploiting stolen credentials or cloud misconfigurations to gain access to expensive artificial intelligence (AI) models in the cloud. Once they gain access, they can run costly AI models at the victim’s expense.

The cloud has enabled faster, more reliable and more scalable software delivery for organizations. Alongside these improvements come greater complexity and security considerations, all of which have implications when preparing for cloud security audits. Like all security audits, cloud security audits help ensure that data is kept safe from unauthorized access and theft.

Configuration management tools like Ansible, Chef, and Puppet offer various methods for handling secrets, each with inherent trade-offs. The article explores these approaches alongside modern OIDC-based solutions that enable short-lived authentication tokens for automated processes.

An IoT denial of service attack overwhelms devices with traffic, making them unresponsive. This article explains these attacks and offers strategies to protect your devices.

No matter how businesses look at it, the importance of data protection and backup in IT strategies will grow in upcoming years. These aspects have become vital to every business venture and are driven by increasing cyber threats and stringent regulatory requirements. According to Gartner’s predictions, around 75% of enterprises will rely more on SaaS (Software-as-a-service) application backups. By 2028, they are expected to be a critical requirement for business ventures.

There is a type of scam where victims are contacted by someone fraudulently posing as a popular trusted entity (e.g., Amazon, U.S. Post Office, etc.), law enforcement, or an intelligence agency that initially claims to have evidence linking the victim to a global, spy-like scam. Initially, the victim is befuddled, clueless and scared. The caller then asks the victim to hold on as they are then passed to one or more purported national law enforcement agencies.

White-box fuzz testing has proven highly effective in finding critical bugs and vulnerabilities. Tech giants like Google and Microsoft uncover thousands of issues using this method. But why doesn’t every company adopt fuzz testing as part of their testing strategy? The main barrier is the high level of manual effort and the extensive time required to properly set it up and maintain it.