Attackers weaponize workplace communication to install remote access tools


An ongoing phishing campaign is targeting organizations across multiple industries, using
sophisticated social engineering tactics to convincingly impersonate well-known
videoconferencing platforms and deploy ConnectWise ScreenConnect for unauthorized remote
access.
The research from Abnormal Intelligence reveals that unlike traditional credential-harvesting attacks that steal login information, this campaign deceives targets into downloading legitimate remote monitoring and management (RMM) software, granting cybercriminals complete control over end-user devices.
Off-the-shelf tools make life easier for phishing attackers


New research from Fortinet’s FortiGuard Labs highlights a recently identified phishing campaign that uses carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.
These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter, malware that ultimately deploys various remote access tools (RATs).
Why effective exposure management is key to cybersecurity [Q&A]


Thanks to the rise of hybrid working and SaaS the traditional concept of ‘attack surface’ -- limited to hardware, software, and network infrastructure -- is dangerously outdated and no longer sufficient to ensure cybersecurity.
We spoke to Mike Riemer, senior vice president Network Security Group and field CISO at Ivanti, to find out how organizations need to adapt to keep their systems secure.
Cloud accounts come under attack as identity threats rise


The latest Threat Detection Report update from Red Canary shows a rise of almost 500 percent in detections associated with cloud accounts during the first half of 2025.
This significant rise stems primarily from Red Canary’s expanded identity detection coverage and the implementation of AI agents designed to identify unusual login patterns and suspicious user behaviors. This includes identifying logins from unusual devices, IP addresses, and virtual private networks (VPNs), which significantly increases the detection of risky behaviors.
Matanbuchus 3.0 is a serious malware threat spread via Microsoft Teams


The Matanbuchus malware loader is not new – it has been around for at least 4 years – but it has evolved into something incredibly dangerous.
Matanbuchus 3.0 has been found targeting victims as part of a ransomware attack. Described as being “highly targeted”, the cyberattack campaign uses Microsoft Teams as a delivery method for the latest version of the malware loader. The highly sophisticated attack employs a Microsoft Teams call impersonating an IT helpdesk.
Ransomware surges 63 percent in Q2


The second quarter of this year has seen a 63 percent increase in publicly disclosed ransomware attack volumes, with a total of 276 incidents compared to Q2 2024, according to the latest report from BlackFog.
This represents the highest number of attacks for this timeframe since the company began tracking ransomware volumes in 2020. All three months in the quarter set a new high compared with the same time period in previous years. June saw 113 percent increase with a total of 96 attacks. There was a 51 percent increase in April with a total of 89 attacks, and a 40 percent increase in May with 91 attacks.
Is business logic abuse a growing problem for APIs? [Q&A]


Tricking applications into altering their processes or surrendering information is a highly efficient way for attackers to carry out theft or fraud while minimizing the risk of detection.
We asked Mohammad Ismail, VP of EMEA at Cequence Security, to explain how this business logic abuse is carried out and why it’s becoming a growing problem.
Mobile becomes the preferred route for attacks on enterprises


Mobile threats are no longer an emerging issue, they're here, rapidly evolving, and targeting the devices organizations depend on every day.
As employees use smartphones, laptops, and tablets to access sensitive data and systems, a new report from Zimperium zLabs shows attackers are increasingly exploiting these endpoints through mobile-first strategies that bypass traditional security defenses.
1 in 5 SMBs could be put out of business by a cyberattack


Research from VikingCloud finds that a successful cyberattack would force nearly one in five small- and medium-sized businesses to close down.
For nearly a third of SMBs, a cyberattack with relatively small financial impact -- less than $10,000 -- would cause them to shut down, according to the report.
Gotcha CAPTCHAs being used to spread malware


We've all become used to completing tests to prove we're not robots, but a new report from HP Wolf Security highlights the rising use of fake CAPTCHA verification tests which allow threat actors to trick users into infecting themselves.
The technique shows attackers are capitalizing on people's increasing familiarity with completing multiple authentication steps online -- a trend HP describes as 'click tolerance'.
Non-profit sector sees increasing wave of email attacks


Advanced email attacks on non-profit organizations have surged 35 percent year-on-year according to a new report from Abnormal Security.
Credential phishing attacks on non-profit organizations have escalated by 50.4 percent over the past year too. By stealing login credentials, cybercriminals gain access to internal communications, donor databases, and financial records, allowing them to launch further attacks or sell sensitive information on the dark web.
99 percent of organizations experience API security issues


A surge in API adoption, driven by the need for organizations to modernize infrastructures and unlock new revenue streams, is contributing to the rise in API security risk according to a new report.
The study from Salt Security finds 99 percent of respondents encountered API security issues within the past 12 months and 55 percent slowed the rollout of a new application due to API security concerns.
Perilous as a picture -- attackers sneak malware into website images


A new report from HP Wolf Security reveals that attackers are hiding malicious code in images on file hosting websites like archive.org, as well as using the same loader to install the final payload.
These techniques help attackers avoid detection, as image files appear benign when downloaded from well-known websites, bypassing network security like web proxies that rely on reputation.
Newly launched APIs found by attackers in under 30 seconds


Organizations rely on APIs to make their systems easily accessible across platforms. However, new APIs are typically less protected and less secure. New research from Wallarm shows the average time for a new API to be found by attackers is just 29 seconds.
The research used a honeypot to look at API activity and in its first 20 days in November the lngest time taken for a new API to be discovered was 34 seconds.
The five email attacks to watch for in 2025


Despite the rise of other means of communication email remains the most commonly used. This makes it attractive to cybercriminals as it offers an entry point to businesses and the gateway that employees rely on to do their jobs.
A new report from Abnormal Security highlights the attacks that we’re likely to see in the next year and shows the need for improved defenses, including the use of AI.
Recent Headlines
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
Regional iGaming Content
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.