Phishing | Breaking Cybersecurity News | The Hacker News

As anticipation builds for the FIFA World Cup 2026, cybercriminals are rapidly scaling fraud operations designed to exploit global fan excitement, urgency, and trust in tournament-related content. CTM360 researchers identified more than 7,000 FIFA World Cup 2026-themed domains, including over 4,500 newly registered domains observed within the last five months alone . More than 1,000 malicious or fraudulent websites have already been activated, alongside over 1,000 social media impersonation accounts operating across major platforms. The activity highlights how threat actors increasingly treat major global sporting events as large-scale monetization opportunities, combining fake ticket sales, fraudulent streaming platforms, betting scams, malware delivery, and social engineering into coordinated fraud ecosystems. Unlike isolated phishing attempts, these campaigns operate through repeatable fraud lifecycles that mirror organized cybercrime operations. CTM360's Fraud Navigator ...

BEC accounted for over $3 billion in reported losses last year alone. Most organizations don't realize they're exposed until it's too late. Here's how to tell if your defenses have gaps. Business email compromise doesn't announce itself. There's no ransomware splash screen, no locked files, no dramatic system outage. Instead, a finance team member processes what looks like a routine vendor payment update. A controller wires funds based on what appears to be a CFO's direct request. By the time anyone notices, the money is gone. The FBI IC3's 2024 Internet Crime Report documented $55 billion in cumulative BEC losses over the past decade, with $3 billion in 2024 alone — making it the most financially destructive enterprise-targeted cyber threat in the country. The challenge with BEC is that it exploits trust, not technology. These attacks carry no malicious payload for a gateway to catch — just carefully crafted messages designed to manipulate human judgment. That makes traditional de...

Phishing emails have reached a point where they can fool both people and the tools designed to stop them. For anyone working through a packed inbox, it's easy to trust what looks familiar and click without a second thought. What's worrying is that phishing is rarely the end goal. It's usually the entry point for something much bigger: a ransomware attack. Once attackers gain access, they don't act immediately. They move through systems, map connections, and prepare the environment. By the time ransomware is deployed, it's the final step — not the first. To stay ahead, you need protection at two critical points. An advanced email security solution that catches even the most stealthy phishing attempts, and a strong BCDR strategy that lets you restore data quickly and avoid paying a ransom if something slips through. Why phishing remains so effective Phishing works because it plays on human behavior. Email may seem like a simple communication tool, but it functions as a decision-mak...

Government impersonation scams have evolved into a large, highly coordinated fraud ecosystem targeting citizens across the globe. CTM360 's latest threat intelligence research analyzes a widespread campaign, referred to as GovTrap, that demonstrates how attackers systematically exploit public trust in government institutions through thousands of fraudulent digital platforms. Unlike traditional phishing attacks that rely on simple deceptions, GovTrap campaigns replicate entire government service environments. These fraudulent platforms mimic official portals with high accuracy, including branding, language, workflows, and service structures. From tax portals and licensing systems to fine payment services, each fake site is designed to appear legitimate while functioning as part of a broader, scalable fraud operation. Read the full report here:  https://www.ctm360.com/reports/government-impersonation-phishing-govtrap-scams Scale and Targeting Patterns CTM360 identified mo...

The event that didn't exist At 2:14 p.m. on a Tuesday, an employee clicks a link. If you reconstruct the moment from your security stack, nothing happened. A browser process opened an HTTPS connection. The certificate was valid. The destination wasn't flagged. Traffic volume was unremarkable. No detections fired. Inside the browser session, a different story was unfolding. The page that loaded looked like a routine CAPTCHA with "verify you're human" framing, a prompt to complete a quick check to continue. The instructions told the user to press Windows+R, paste what had already been copied to their clipboard, and hit Enter. In the middle of a busy work day, they did. What they pasted was a shell script. It executed in the user's own context, with the user's own permissions, as a deliberate action the user performed with their own hands. Nothing about the browser session looked unusual. The page rendered normal web content. The clipboard write happene...

Most organizations believe they are prepared for ransomware, but they probably aren't. Sure, everything seems to be in place: backups and a plan for disaster recovery, plus recovery time objective (RTO) and recovery point objective (RPO) tracking.  But when a real attack happens, many fail to recover within acceptable timeframes, if at all.  Not because backups are missing but because they're not reliable or can't be retrieved quickly enough. Therein lies the gap between backup and true cyber resilience . Backup isn't worth much without fast and reliable recovery.  What actually happens when ransomware hits and recovery begins A realistic ransomware incident rarely looks like a sudden outage. It unfolds over time. Day 0 – Initial compromise Cybercriminals steal credentials through phishing or exposed services. Day 3 – Lateral movement Attackers move across endpoints and servers using legitimate tools. Day 7 – Privilege escalation Cyberattackers achieve domain a...

For security leaders, the inbox remains the front door for attackers. Here's why the smartest teams are adding adaptive, AI-driven protection to their cloud email security, not replacing them. Email is still the number-one attack vector for enterprises, and it is not even close. The FBI's Internet Crime Complaint Center reported that business email compromise alone generated $3 billion in losses in 2024 , with AI-enabled attacks accelerating the trend ( FBI IC3 Report ). The attacks that succeed today don't carry obvious malicious payloads. They rely on trust, tone, and timing; a spoofed vendor sending a "routine" invoice update, or a convincing impersonation of a CEO with an urgent request. No malware. No suspicious links. Just words, carefully chosen. Microsoft 365 is the backbone of productivity for most organizations, and Microsoft Defender and Exchange Online Protection do solid work catching known spam, malware, and co...

The conversation around AI in the SOC has mostly centered on efficiency: closing alerts faster, reducing queue backlog, and automating repetitive work that burns out L1 analysts. That framing is directionally right, and it matters because analyst fatigue is real. For teams dealing with high alert volume, analysts are often asked to make good decisions under a fragmented context and time pressure. But that framing is still incomplete. The bigger shift is not just workflow automation or orchestration of predefined playbooks. It is AI's ability to perform contextual, hypothesis-driven investigation across multiple telemetry sources, work that has traditionally depended on experienced L2 or L3 analysts and limited human time. When that capability can be applied consistently across every alert, it changes the operating model, not just the speed of the existing one. Two recent investigations at Prophet Security make that real. In both cases, the attacks were not obvious from signature-bas...

Here's what keeps me up at night. Not zero-days. Not sophisticated nation-state attacks. What worries me is the backlog. Every MSP has one. The list of security configurations that need fixing. The policies have been sitting in "report only" mode since last year. The E5 features that clients are paying for but nobody's turned on because it might break something. The app registrations with excessive permissions from three years ago that nobody's audited. The conditional access policies that need updating but keep getting pushed to next quarter. We all know this backlog exists. We tell ourselves we'll get to it. But quarters turn into years, and that backlog just grows. Meanwhile, AI attackers don't have a backlog. They have automation. Most breaches in Microsoft 365 won't start with a zero-day. They'll start with a setting that's been in "report only" for two years. Example tenant: critical Conditional Access policies exist but a...

Brand impersonation in e-commerce has evolved beyond isolated scam websites into a repeatable, industrialized fraud model operating at global scale . CTM360's latest threat intelligence research analyzes a coordinated campaign—referred to as FraudWear —that demonstrates how attackers are systematically exploiting consumer trust in well-known fashion brands through tens of thousands of fraudulent online stores. Unlike traditional phishing operations, these campaigns do not rely on simple deception or low-effort spoofing. Instead, they replicate the full structure and behavior of legitimate e-commerce platforms , including storefront design, product catalogs, checkout workflows, localized marketing, and payment processing. Each site functions as a disposable asset within a broader, resilient fraud ecosystem. Read the full report here: https://www.ctm360.com/reports/fraudwear-brand-impersonating-online-stores Scale and Targeting Patterns CTM360 identified more than 30,000 malicio...