Author: rongleblanc
-
Stay One Step Ahead
This week’s cybersecurity news highlights a growing trend: attackers are relying less on hacking passwords and more on tricking people, exploiting software vulnerabilities, and abusing legitimate services. Security researchers report that vulnerability exploitation has now surpassed stolen passwords as the leading cause of breaches, while ransomware continues to appear in nearly half of all major…
-
“Payroll Deposit Issue” Emails Used to Steal Employee Credentials
Threat Level: 🔴 HighThreat Type: Phishing / Financial Fraud What’s Happening Cybersecurity researchers are warning about a phishing campaign targeting employees with fake payroll and direct deposit issue emails. These messages claim there is a problem processing the recipient’s paycheck or direct deposit information. The email often includes urgent language such as “Payroll Failed” or…
-
Fake “Corporate VPN Update” Emails Used to Steal Employee Credentials
Threat Level: 🔴 HighThreat Type: Phishing / Workplace Security What’s Happening Cybersecurity researchers are warning about a phishing campaign targeting remote and hybrid workers with fake VPN update notifications. These emails claim that the company’s VPN or remote access system requires an urgent security update. The message typically includes a button such as “Update VPN”…
-
“Multi-Factor Authentication Reset” Emails Used to Hijack Accounts
Threat Level: 🔴 HighThreat Type: Phishing / Account Takeover What’s Happening Cybersecurity researchers are warning about a phishing campaign using fake multi-factor authentication (MFA) reset notifications to trick users into giving attackers access to their accounts. These emails claim that the recipient’s MFA settings are about to expire, have been disabled, or must be reconfigured…
-
“Package Delivery Failed” Emails Used to Install Malware
Threat Level: 🔴 HighThreat Type: Phishing / Malware What’s Happening Cybersecurity researchers are warning about a phishing campaign using fake package delivery failure emails to trick users into downloading malware. These emails claim that a package could not be delivered due to an address issue, unpaid customs fee, or missed delivery attempt. The message usually…
-
“Video Conference Recording” Emails Used to Deliver Malware
Threat Level: 🔴 HighThreat Type: Malware / Phishing What’s Happening Cybersecurity researchers are warning about a phishing campaign using fake video conference recording notifications to trick users into downloading malware. These emails claim that a recent Zoom, Microsoft Teams, or Google Meet session has been recorded and is now available for viewing. The message typically…
-
“Cloud Storage Expiring” Emails Used to Steal Credentials
Threat Level: 🔴 HighThreat Type: Phishing / Account Takeover What’s Happening Cybersecurity researchers are warning about a phishing campaign using fake cloud storage expiration notices targeting users of services such as Google Drive, OneDrive, Dropbox, and iCloud. These emails claim that the user’s cloud storage subscription is about to expire and that files may become…
-
Fake “Secure Message” Emails Used to Steal Email Credentials
Threat Level: 🔴 HighThreat Type: Phishing / Credential Theft What’s Happening Cybersecurity researchers are warning about a phishing campaign using fake “secure message” notifications to trick users into revealing their email credentials. These emails claim that the recipient has received a secure encrypted message from a coworker, financial institution, healthcare provider, or legal service. The…
-
Fake “Tax Refund” Emails Used to Steal Personal and Financial Information
Threat Level: 🔴 HighThreat Type: Phishing / Identity Theft What’s Happening Cybersecurity researchers are warning about a phishing campaign using fake tax refund notifications to trick users into revealing sensitive information. These emails claim that the recipient is eligible for a tax refund and must confirm their identity or banking details to receive the payment.…
-
Massive Education Data Breach Affecting Schools and Colleges
A major cyberattack targeting the Instructure Canvas learning management system is making headlines this week. Attackers linked to the ShinyHunters group claim to have stolen millions of student and staff records from schools and colleges worldwide. Reported data may include names, email addresses, student IDs, and private messages. For anyone working in education — especially…