Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phishing and malicious emails remained the primary vectors of infection during the second half of 2024, according to a new report from Acronis. “The number of email-based attacks detected in the second half of 2024 increased 197% compared to the second half of 2023, while the number of attacks per organization within the same time frame increased by 21%,” the report says.

Researchers at Cyble warn that a phishing kit is abusing the Open Graph (OG) protocol to target social media users. The Open Graph protocol, originally developed by Facebook in 2010, allows users to control the content preview that’s displayed when a link is posted on social media. The phishing kit, dubbed “OG Spoof,” abuses this feature to post malicious links that appear legitimate.

Cybercrooks are never short of seeking the next greatest opportunity to exploit unsuspecting victims, and it is no coincidence that the increasing interest in the R1 AI chatbot at DeepSeek offered them the best cover. With the emergence of fake DeepSeek websites, fraudulent sites have now been targeting personal information, logins, and even cryptocurrency wallet details from potential victims.

Several Russian threat actors, including the SVR’s Cozy Bear, are launching highly targeted spear phishing attacks against Microsoft 365 accounts, according to researchers at Volexity. The attackers are impersonating employees at the US State Department, the Ukrainian Ministry of Defence, the European Union Parliament, and well-known research institutions.

At KnowBe4, we constantly strive to stay ahead of emerging threats and create training content to warn users about the latest tactics used by cybercriminals. One of the ways we do this is through our internally produced demo video productions, which used to star the incredible Kevin Mitnick and his legendary hacking demos. In these modules we showcase real-world attack scenarios and provide actionable insights on how to defend against them. Last year my colleague Dr.

Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, health, and the energy sector.

Civil society organizations have always been at the forefront of humanitarian relief efforts, as well as safeguarding civil and human rights. These organizations play a large role in delivering services during crises, whether it is fighting climate change, support during natural disasters, providing health services to marginalized communities and more.

The true extent of ransomware’s global impact remains unclear due to several factors: What is clear, however, is that ransomware threats will only intensify and diversify in the future.

SentinelOne warns that a phishing campaign is targeting high-profile X accounts, including those belonging to US political figures, leading journalists, major technology companies, cryptocurrency organizations, and owners of coveted usernames. “SentinelLABS’ analysis links this activity to a similar operation from last year that successfully compromised multiple accounts to spread scam content with financial objectives,” the researchers write.