The United States Department of Justice has frozen $8.2 million in cryptocurrency tied to a romance baiting scam that defrauded dozens of Americans. In the scheme, scammers established a friendship or romance with the victim online. They then pushed them into making investments on counterfeit
A novel phishing campaign is targeting SEO experts by utilizing counterfeit Semrush Google Ads crafted with the aim of capturing Google login information. Cybercriminals are leveraging these advertisements in order to gain access to valuable Google Ads and analytics accounts. These could then be
Hackers are actively exploiting vulnerabilities in Fortinet firewalls to deploy ransomware, targeting organizations that have yet to patch their systems. The Mora_001 ransomware gang, which has ties to the notorious LockBit group, has been using two specific Fortinet flaws — CVE-2024-55591 and
A new phishing campaign has been targeting Coinbase users, tricking them into setting up a new wallet with a pre-generated recovery phrase that’s controlled by the attackers. The scam email masquerades as an official communication from Coinbase, instructing users to switch to self-custodial
A growing phishing scam is tricking US residents into paying fake parking fines. Since December 2024, scammers have been sending text messages stating that recipients have unpaid parking violations and face a $35 daily penalty unless they settle immediately. The scam is widespread, with
A ransomware attack targeting newspaper giant Lee Enterprises has disrupted its ability to process payments for its hired freelancers and contractors, leaving many without compensation. The cyberattack, which began on February 3, 2025, has caused ongoing operational issues, affecting print
An emerging ClickFix phishing scam is exploiting Microsoft SharePoint to lure victims into running PowerShell commands that install the Havoc post-exploitation framework. Uncovered by Fortinet’s FortiGuard Labs, the attack uses fraudulent OneDrive errors to deceive users into executing malicious
A new cybercrime campaign is preying on Web3 job seekers by using fake job interviews to spread "GrassCall" malware. The Russian-speaking cybercriminal group Crazy Evil orchestrated the scam by posting deceptive job listings and luring applicants into downloading a phony video conferencing app.
The breach notification service Have I Been Pwned (HIBP) has added 284 million compromised email accounts to its database after discovering them in a 1.5TB collection of stolen credentials named ALIEN TXTBASE. The data was shared on a Telegram channel and included passwords and email addresses
Cybercriminals are exploiting PayPal’s address confirmation emails to trick users into believing their accounts were hacked. By sending legitimate-looking notifications about an unauthorized purchase and addition of a new address, scammers create panic and lure victims into calling a fake support