Cybercriminals are employing artificial intelligence to steal identities by infiltrating and examining victim networks and employing automated phishing attempts.

IconAds ad fraud operation disrupts 352 Android apps, impacting global users with hidden ads and obfuscation.

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk.

“These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox,” Koi Security researcher Yuval Ronen said.

The large-scale campaign is said to have been ongoing since at least April 2025, with new extensions uploaded to the Firefox Add-ons store as recently as last week.

SOCs face evolving cyber threats as 80% of attacks mimic user behavior. Discover how multi-layered NDR detection strategies enhance defense.

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors.

“A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing,” Cisco Talos researcher Omid Mirzaei said in a report shared with The Hacker News.

An analysis of phishing emails with PDF attachments between May 5 and June 5, 2025, has revealed Microsoft and Docusign to be the most impersonated brands. NortonLifeLock, PayPal, and Geek Squad are among the most impersonated brands in TOAD emails with PDF attachments.

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.

Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also known by the names CIGAR, Nebulous Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596, and Void Rabisu.

The company said it discovered UNK_GreenSec as part of its investigation into TA829, describing it as using an “unusual amount of similar infrastructure, delivery tactics, landing pages, and email lure themes.”

Trustwave links Blind Eagle cybercrime group to Proton66 hosting, targeting Colombian banks with VBS and RATs.

The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix.

The hackers have stolen data from Radix systems and later leaked it on the dark web, the Swiss government says.

The exposed data is being analyzed with the help of the country’s National Cyber Security Centre (NCSC) to determine which government agencies are impacted and to what effect.

Please see the latest issue of the Security & Tech Insights newsletter on the impact of artificial intelligence. Thanks!

Dear readers, please see the latest issue of the Security & Tech Insights newsletter. AI is impacting every aspect of our lives, and this issue provides a compendium of articles that address some of those topics, including cybersecurity. I believe it will be providing a useful resource for everyone interested in emerging tech and cybersecurity, and especially AI. Thanks, and stay safe! Best, Chuck Brooks.

(Kindly follow me on LinkedIn for regular posts on topics of emerging tech, cybersecurity, innovation, risk management, and govcon).

#artificialintelligence #cybersecurity #tech #innovation #future

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool.

“Recent campaigns in June 2025 demonstrate GIFTEDCROOK’s enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and browser secrets,” Arctic Wolf Labs said in a report published this week.

“This shift in functionality, combined with the content of its phishing lures, […] suggests a strategic focus on intelligence gathering from Ukrainian governmental and military entities.”