Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Attackers are using a Japanese Unicode character to replace forward slashes in phishing URLs, BleepingComputer reports. The attacks impersonate Booking.com with phony emails that inform users of a new login to their account. “The attack, first spotted by security researcher JAMESWT, abuses the Japanese hiragana character “ん” (Unicode U+3093), which closely resembles the Latin letter sequence '/n' or '/~', at a quick glance in some fonts,” BleepingComputer explains.

Professional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The attackers use a technique called “ramp and dump” to profit from the scheme. “With ramp and dump, the scammers do not need to rely on ginning up interest in the targeted stock on social media,” Krebs explains.

In this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to trick your employees. Now, we’re going under the hood to answer the critical question: How do these attacks technically bypass security defenses?

We all trust HR - or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations with internal subject lines dominate the list of most-clicked templates in 2025. Out of the top 10 templates people interacted with between May 1 - June 30, 2025, an incredible 98.4% had subject lines relating to internal topics - with HR mentioned in 45.2%.

Phishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed an 120% surge in these attacks reported via our PhishER product versus the previous three months. These attacks have remained at elevated levels since peaking in February. (FYI in our previous post, we explored the psychology that makes these attacks so effective.

Modern Security Operations Centers (SOCs) face a persistent challenge: managing threats across multiple security tools while maintaining operational efficiency. While single-vendor approaches offer simplicity, they often leave gaps that sophisticated attackers are quick to exploit. The reality is that today's threat landscape demands a more nuanced approach—one that combines the best capabilities from multiple specialized vendors.

For any small- to medium-sized enterprise (SME), the cybersecurity landscape can be intimidating. You are informed of a variety of threats, reliable expertise is scarce, and there is limited (if any) budget available. To help with this, the European Union (EU) has funding available to help SME’s improve their cyber defences. But what does this funding actually entail, and how can it practically help your organisation? Let's break it down.

The Better Business Bureau (BBB) has warned that scammers are targeting high-profile employees and influencers with fake invitations to appear as a guest on popular celebrity podcasts. The scammer poses as the podcast’s production manager, offering the target $2,000 for the appearance. If the victim agrees, the attacker will ask them to hop into a virtual meeting to test their setup before the podcast.

In a world so full of digital online scams, it’s hard to remember that scammers abuse our postal mailing systems as well. Scams are as old as humanity. And most of the scams we see today on the internet have been occurring for decades or even centuries before the internet was the internet. Nigerian scams have been documented back to the 1700s.