Vishing | Breaking Cybersecurity News | The Hacker News

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were disclosed in January 2025 to access the MSP's SimpleHelp deployment, according to an analysis from Sophos. The cybersecurity company said it was alerted to the incident following a suspicious installation of a SimpleHelp installer file, pushed via a legitimate SimpleHelp RMM instance that's hosted and operated by the MSP for their customers. The threat actors have also been found to leverage their access through the MSP's RMM instance to collect information from different customer environments about device names and configuration, users, and network connections. Altho...

Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash, firearm, as well as electronic devices, luxury watches, and jewelry have been seized. "Besides committing large-scale 'phishing' campaigns and trying to gain access to financial data by phone or online, the suspects also pretended to be police or banking staff and approached older victims at their doors," the agency said . The cybercrime operation involved sending phishing messages via email, SMS, and WhatsApp, urging recipients to click on a link that captured the credentials and other information. In other instances, victims were approached by the crimina...

Social networking sites and search engines are expected to face increased cybercriminal activity this holiday season. However, the FBI is also warning consumers about two other significant threats: "smishing" and "vishing" scams. Both smishing and vishing are forms of phishing. Smishing involves using SMS texts to initiate scams, while vishing uses automated phone calls. These scams have been reported since at least 2006. The FBI's Internet Crime Complaint Center (IC3) recently issued an advisory warning that these scams will be prevalent during the holiday season. In these attacks, users receive a text message or automated phone call stating there is a problem with their bank account. They are then given a phone number to call or a website to log onto to provide account credentials to resolve the issue. "While most cyberscams target your computer, smishing and vishing scams target your mobile phone, and they're becoming a growing threat as more American...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...