Vishing | Breaking Cybersecurity News | The Hacker News

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were disclosed in January 2025 to access the MSP's SimpleHelp deployment, according to an analysis from Sophos. The cybersecurity company said it was alerted to the incident following a suspicious installation of a SimpleHelp installer file, pushed via a legitimate SimpleHelp RMM instance that's hosted and operated by the MSP for their customers. The threat actors have also been found to leverage their access through the MSP's RMM instance to collect information from different customer environments about device names and configuration, users, and network connections. Altho...

Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash, firearm, as well as electronic devices, luxury watches, and jewelry have been seized. "Besides committing large-scale 'phishing' campaigns and trying to gain access to financial data by phone or online, the suspects also pretended to be police or banking staff and approached older victims at their doors," the agency said . The cybercrime operation involved sending phishing messages via email, SMS, and WhatsApp, urging recipients to click on a link that captured the credentials and other information. In other instances, victims were approached by the crimina...

Social networking sites and search engines are expected to face increased cybercriminal activity this holiday season. However, the FBI is also warning consumers about two other significant threats: "smishing" and "vishing" scams. Both smishing and vishing are forms of phishing. Smishing involves using SMS texts to initiate scams, while vishing uses automated phone calls. These scams have been reported since at least 2006. The FBI's Internet Crime Complaint Center (IC3) recently issued an advisory warning that these scams will be prevalent during the holiday season. In these attacks, users receive a text message or automated phone call stating there is a problem with their bank account. They are then given a phone number to call or a website to log onto to provide account credentials to resolve the issue. "While most cyberscams target your computer, smishing and vishing scams target your mobile phone, and they're becoming a growing threat as more American...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...