Phishing | Breaking Cybersecurity News | The Hacker News

Brand impersonation in e-commerce has evolved beyond isolated scam websites into a repeatable, industrialized fraud model operating at global scale . CTM360's latest threat intelligence research analyzes a coordinated campaign—referred to as FraudWear —that demonstrates how attackers are systematically exploiting consumer trust in well-known fashion brands through tens of thousands of fraudulent online stores. Unlike traditional phishing operations, these campaigns do not rely on simple deception or low-effort spoofing. Instead, they replicate the full structure and behavior of legitimate e-commerce platforms , including storefront design, product catalogs, checkout workflows, localized marketing, and payment processing. Each site functions as a disposable asset within a broader, resilient fraud ecosystem. Read the full report here: https://www.ctm360.com/reports/fraudwear-brand-impersonating-online-stores Scale and Targeting Patterns CTM360 identified more than 30,000 malicio...

CTM360 researchers have identified a large-scale fraud campaign involving thousands of fake banking websites that actively target users in the United States and the United Kingdom. Over the past year, more than 11,000 fraudulent bank domains were observed, with 8,000+ in the U.S. and 3,000+ in the UK, all operating without regulatory authorization or physical presence. These are not throwaway phishing pages. They are polished, SEO-optimized platforms that impersonate legitimate financial institutions, regulators, and lending services. Not Your Typical Phishing Fraud What sets this campaign apart is operational maturity. The fake banks offer services such as loans, mortgages, grants, and high-limit credit cards, often promising instant approval or no credit checks. Victims are funneled through simplified onboarding flows, fake KYC processes, and staged "approvals" designed to build trust before monetization. Once engaged, users are pressured to pay activation or processing fees ,...

Identity platforms are an organization's backbone of secure access. But what happens when you need to migrate from one identity provider to another? The stakes are high: downtime, broken integrations, compliance gaps, and user frustration. Yet, with the right strategy and preparation, these fears can be addressed head-on. Identity migration is intimidating If a migration is poorly planned and executed, it can mean lost productivity, frustrated customers, and a hit to your business' bottom line. Identity touches every corner of an organization, from HR systems to customer portals. Beyond downtime, migrations often expose brittle integrations, undocumented dependencies, and legacy technologies that no one wants to touch. Add compliance requirements (SOC2, HIPAA, DORA) and the pressure mounts. Even well-planned transitions can surface unexpected issues, edge cases, and broken processes. Why consider identity migration at all? Why migrate at all? Often, it's about cost savings, strea...

In a matter of months, AI became a tool relied on for daily critical tasks. Now, we are seeing it used just as easily to attack systems, deceive users, or even manipulate data. While full capabilities are still being explored, the most significant threats posed by AI are yet unknown. Even without knowing exactly what's coming, organizations can take meaningful steps now and develop identity security strategies to defend against AI-driven threats to avoid being an easy target. Suggestion 1: Start with the basics In the face of unknown AI-driven threats, one of the best places to start is with an identity security strategy that addresses the fundamentals.  When it comes to identity and access management, solutions that offer 'Preemptive Defense' (a term coined by Gartner) allow detection and protection before a user even authenticates to your systems. Think IP reputation checks, web application firewalls, machine learning-based risk scoring, user policies and app policies. Risky...

Artificial Intelligence (AI) has served as a great resource for cyber defenders by enabling real-time detection and response through advanced pattern recognition and predictive analysis that traditional methods weren't able to achieve. However, AI has recently become a dangerous and widely available enabler for attackers to leverage. CISOs now face adversaries who easily scale large-scale cyberattacks like spear-phishing and polymorphic malware at machine speed.  This article examines the rising AI-driven cyberthreat landscape and presents the browser, the enterprises' new endpoint, as the most strategic control plane for defense. By adopting a Secure Enterprise Browser (SEB) into the security stack, enterprises can reduce their attack surface, contain incidents at scale, and future-proof themselves against these advanced attacks.  Why Traditional Defenses Struggle Against AI  Most organizations have robust defense in place against cyberattacks, such as firewalls, EDR...

You're jolted awake by a 2:46 AM critical alert: ransomware in production. Customer data's compromised, systems are locked, and $1 million Bitcoin demand stares back at you. Your SIEM lit up. EDR flagged unusual file access. ITDR surfaced account anomalies. But it's too late. The attacker got in with stolen credentials, likely from a phishing email. Once authenticated, they slipped past your defenses, escalated privileges, and detonated ransomware. The post-incident report reveals what your tools missed: the initial login. If authentication had tapped real-time signals from your existing security stack — device compliance, threat intelligence, or login anomalies — the stolen credential could have been blocked at the login prompt, stopping the attack cold. Why Identity Is the New Perimeter Adversaries are increasingly focused on identities and credentials rather than fortified perimeters or servers. After all, why bother cracking a vault when you can stroll in with the keys?  ...

ShinyHunters is a notorious cybercrime group that has resurfaced with a new playbook of SaaS-focused attacks. Known for monetizing stolen data on underground forums since 2020, ShinyHunters has historically breached companies by stealing credentials and databases. Recently, however, they've shifted tactics to aggressive social engineering, mirroring the methodology of the Scattered Spider group. Instead of exploiting software vulnerabilities, ShinyHunters now exploits human trust, targeting the underbelly of third-party SaaS platforms through impersonation and phishing. In mid-2025, a wave of breaches struck companies like Google, Workday, Pandora, Cisco, Chanel, and others, all tied together by one common thread: the attackers leveraged access to these firms' Salesforce CRM or similar cloud systems. Below, we look at what happened in the Google and Workday breaches, examine techniques ShinyHunters used, and demonstrate how a dynamic SaaS security approach (like Reco's) could have...

Imagine joining a video call with your CEO, only to find out later the CEO participant was actually an AI-generated fake. Welcome to the new digital battlefield.  Adversarial AI and deepfakes have created an identity attack surface that is not just digital, but is also based on reality itself . These technologies are no longer science fiction or theoretical. They are actively being used to spoof identities, manipulate political perceptions, and circumvent even the best cybersecurity training initiatives. , and circumvent even the best cybersecurity training initiatives.  If your cybersecurity defenses rely solely on human perception, voice recognition, or even visual evidence, you are vulnerable to an attack.  From Cat and Mouse to Machine vs. Machine Cybersecurity has always been a game of cat and mouse. As defenders (mice), we have historically been able to adapt our defenses for phishing, malware , ransomware, and insider threats . Today, we're also strategizing ...

SaaS applications are the backbone of modern organizations, powering productivity and collaboration. However, they also introduce critical security risks—identity sprawl, misconfigurations, and an expanding attack surface. Identity providers have become a prime target for threat actors, prompting security teams to focus on protecting identities across multiple SaaS environments. To mitigate these risks, many organizations adopt SaaS Security Posture Management (SSPM) to harden configurations, enforce least-privilege access, and maintain visibility over human and non-human identities. SSPM is an essential preventive tool that improves cyber hygiene by reducing the attack surface. Yet prevention alone is not enough in today's evolving threat landscape. Identity Threat Detection and Response (ITDR) is crucial to bridge this gap and enable organizations to detect and respond fast to active threats targeting their identity infrastructure. The Growing Threat to SaaS Identities The rise i...

CTM360 has recently observed a sophisticated global scam campaign where victims are lured through fraudulent Google Play Store download pages. CTM360, a leading cybersecurity company for Digital Risk Protection, has identified over 6,000 instances of these fake pages, tricking users into downloading malicious apps. Once installed, the apps disguise themselves as legitimate software to deploy PlayPraetor (a malware named after the authoritative Roman praetor). It seizes control of infected devices to steal banking credentials, log keystrokes, and monitor clipboard activity. The operation's global reach and complexity highlight a highly coordinated effort to compromise users' data for malicious purposes. How the Scam Works Threat actors behind PlayPraetor execute a well-crafted deception strategy: Fake Play Store Pages – Cybercriminals create highly realistic clones of Google Play Store and other trusted sources to distribute Trojanized APKs. Malicious APKs Disguised as L...