digitalcourage.social

BeyondMachines :verified:North Korean hackers deploy malware during technical job interview via malicious software packagesNorth Korean state-sponsored threat actors are using malicious npm packages to deploy malware through the "Contagious Interview" campaign, which poses as fake job opportunities on LinkedIn to target developers and cryptocurrency holders. The malicious packages steal cryptocurrency wallets, browser data, and install backdoors.**Never install "interview tools" or npm packages directly on your main computer - always use a virtual machine or isolated environment for any software a potential employer asks you to test. Before installing anything, verify the hiring organization by independently checking their website and public media, cross-reference to google maps and ask for other experiences on Reddit.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/north-korean-hackers-deploy-malware-during-technical-job-interview-via-malicious-software-packages-x-r-l-4-t/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/north-korean-hackers-deploy-malware-during-technical-job-interview-via-malicious-software-packages-x-r-l-4-t/gD2P6Ple2L</a>

BeyondMachines :verified:Threat group Educated Manticore targets academia and cybersecurity expertsCheckPoint reports that the Iranian state-sponsored threat group "Educated Manticore" has escalated cyber espionage operations since mid-June 2025, targeting Israeli academics, journalists, and cybersecurity professionals through social engineering campaigns via email and WhatsApp that exploit Iran-Israel tensions to create urgency. The attacks feature advanced phishing infrastructure with multi-factor authentication bypass capabilities and real-time keystroke logging via WebSocket connections.**Whatever the attack motivation or the initial social engineering, all these attacks end up with an insistence for you to click on something and enter credentials. Be extremely suspicious of unexpected emails or messages, and verify independently - all or email the organization through official contact channel on the official site. NEVER click on links or call numbers in the unexpected message.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/threat-group-educated-manticore-targets-academia-and-cybersecurity-experts-9-t-u-x-y/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/threat-group-educated-manticore-targets-academia-and-cybersecurity-experts-9-t-u-x-y/gD2P6Ple2L</a>

BeyondMachines :verified:State-sponsored attackers conduct complex Social Engineering campaign targeting App-Specific passwords to bypass MFAState-sponsored threat actors are conducting a sophisticated social engineering campaign by impersonating authorities like the U.S. State Department officials to trick victims into creating Google App-Specific Passwords that bypass multi-factor authentication protections. Google detected the attacks and recommends high-risk individuals enroll in Advanced Protection Program, which prevents ASP creation.**A very complex and systemic social engineering attack to bypass MFA protections by persuading the victim to give the attackers a password. Never create Google App-Specific Passwords based on unexpected email requests, even if they appear to come from legitimate government agencies with official-looking documents and CC'd email addresses. Be VERY careful about such unexpected emails, call and confirm independently.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/state-sponsored-attackers-conduct-comoplex-social-engineering-campaign-targeting-app-specific-passwords-to-bypass-mfa-n-c-7-x-y/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/state-sponsored-attackers-conduct-comoplex-social-engineering-campaign-targeting-app-specific-passwords-to-bypass-mfa-n-c-7-x-y/gD2P6Ple2L</a>

BeyondMachines :verified:Criminals use TikTok videos to promise pirated apps, scam users into loading malwareAn active social engineering campaign on TikTok uses AI-generated videos that trick users seeking free software into executing PowerShell commands that install information-stealing malware, which then exfiltrates sensitive data including passwords, cryptocurrency information, and credit card details.**There is no such thing as free lunch! Nor a secret to a "free" commercial software. Don't EVER execute commands on your computer that you have found on social media - unless you know exactly what the command does. And even then check the command with a vendor site, and these days even ask your favorite AI. Because commands on videos are very possibly scams or installers to malware.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/criminas-use-tiktok-videos-to-promise-pirated-apps-scam-users-into-loading-malware-5-t-4-s-8/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/criminas-use-tiktok-videos-to-promise-pirated-apps-scam-users-into-loading-malware-5-t-4-s-8/gD2P6Ple2L</a>

BeyondMachines :verified:Complex phishing campaign impersonating Macedonian Post, stealing personal and card dataA sophisticated phishing campaign is using SMS/iMessage notifications impersonating the North Macedonia Postal Service, using recently registered domains hosted on servers registered to a Chinese company that employ real-time data exfiltration techniques to steal personal information and credit card details even before victims complete form submission.**Never trust unexpected messages, and DON'T RUSH. Nothing is too urgent. Don't click on links, respond or call numbers in unexpected messages. Instead, call or visit the official website/phone of the claimed institution (manually entered site or phone number).** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/phishing-campaign-impersonating-macedonian-post-stealing-personal-and-card-data-s-0-0-p-d/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/phishing-campaign-impersonating-macedonian-post-stealing-personal-and-card-data-s-0-0-p-d/gD2P6Ple2L</a>

BeyondMachines :verified:Netflix payment phishing campaign stealing a lot of personal dataA phishing campaign is targeting Netflix users with spoofed emails claiming payment issues, employing a complex chain of redirects through multiple legitimate services (including Yahoo Mail and Scribd) to evade detection before leading victims to a fake Netflix site that collects extensive personal, financial, and identity information.**Be very suspicious of unexpected messages about failed subscriptions. Most are scams. Don't rush, a provider will not delete your data - if they do, they can't charge you for another year! Consult with technical people, NEVER click links or files in such emails or call numbers from the email. Manually navigate to the official website the email is claiming to be from and check your account status there.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/netflix-payment-phishing-campaign-stealing-a-lot-of-personal-data-1-5-1-f-d/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/netflix-payment-phishing-campaign-stealing-a-lot-of-personal-data-1-5-1-f-d/gD2P6Ple2L</a>

BeyondMachines :verified:Email reconnaissance tactics in phishing - "Are you reading this?""Recon emails" are reconnaissance tools deployed by cybercriminals that appear harmless but are aimed to confirm that the email is read by a human, trigger initial response or track the user with invisible tracking pixels.**Be very careful with unexpected emails with vague business opportunities or odd requests. They are often a check whether you are there and can contain invisible tracking pixels that report back when you've viewed them. Don't reply! Disable automatic image loading in your email settings (to block trackers). Verify any unexpected communication with your cybersecurity team.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/email-reconnaissance-tactics-in-phishing-are-you-reading-this-3-m-d-t-4/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/email-reconnaissance-tactics-in-phishing-are-you-reading-this-3-m-d-t-4/gD2P6Ple2L</a>

BeyondMachines :verified:Cloud storage "payment failed" phishing attackAn active phishing email campaign masquerades as a cloud storage payment failure notification to create urgency. The email is using multiple technical deception elements to pass through the spam and phishing filters to steal credentials, payment information, and potentially install malware.**Unexpected "past deadline" payment requests are a very common phishing vector, since they imply urgency. Don't rush, a provider will not delete your data - if they do, they can't charge you for another year! Consult with technical people, NEVER click links or files in such emails. If you are concerned about your cloud storage account, manually navigate to the official website of your hosting by typing the URL directly in your browser and check your account status there.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/cloud-storage-payment-failed-phishing-attack-g-q-e-e-i/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/cloud-storage-payment-failed-phishing-attack-g-q-e-e-i/gD2P6Ple2L</a>

BeyondMachines :verified:Fake bank payment phishing attack via compromised emailA phishing attack is using a compromised legitimate Austrian hotel domain (mostwastl.com) to send fake payment notification emails that pass through typical email security checks by leveraging the legitimate email domain. Then the attack uses Microsoft Forms as a trusted intermediary before redirecting victims to a fake Google login page designed to steal credentials that could grant access to all services where Google authentication is used.**Vague unexpected emails are VERY suspicious. ALWAYS ask yourself - why am I receiving this, and don't rush. Consult with technical people, NEVER click links or files in such emails. Always check via independent channels - reach out to companies directly on the site/phone of the company.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/fake-bank-payment-phishing-attack-via-compromised-email-t-k-b-e-p/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/fake-bank-payment-phishing-attack-via-compromised-email-t-k-b-e-p/gD2P6Ple2L</a>

BeyondMachines :verified:Phishing Attack faking link to signed contract and very advanced scam siteAn active phishing campaign is targeting corporate employees by impersonating Google Drive sharing notifications. The attack is abusing emails created with the Japanese ISP nifty.com to bypass spam filters and a dynamic proxy system that perfectly mimics Google's interface. The attack steals credentials, multi-factor authentication codes, and potentially gains access to multiple connected services.**Always verify the sender's email address before clicking anything and the actual URL in your browser's address bar before entering any credentials. Always check notifications claiming to be from a reputable companies directly on the site/phone of the company that you acess independently. Never through links or files in the unexpected email.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/phishing-attack-faking-link-to-signed-contract-and-very-advanced-scam-site-technology-r-3-6-r-r/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/phishing-attack-faking-link-to-signed-contract-and-very-advanced-scam-site-technology-r-3-6-r-r/gD2P6Ple2L</a>

BeyondMachines :verified:Phishing attack impersonating Coinbase <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a>/phishing <a href="https://infosec.exchange/tags/activephishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#activephishing</a> <a href="https://beyondmachines.net/event_details/phishing-attack-impersonating-coinbase-4-c-o-s-s/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank">https://beyondmachines.net/event_details/phishing-attack-impersonating-coinbase-4-c-o-s-s/gD2P6Ple2L</a>

Recent searches

Search options

Administered by:

Server stats:

#activephishing