Romance scammers received a hefty payout last year, with some 70,000 victims
losing a whopping $1.3 billion, according to the Federal Trade Commission’s
(FTC) latest report.

The median reported loss in 2022 reached $4,400 per victim, and FTC data shows
that 40% of the people who lost money began their ‘relationship’ with the
scammer on social media.

Besides unexpected private messages via social media, 19% of victims said they
met their romance scammer on dating platforms and apps. Once hooked

A “sophisticated and highly-targeted phishing attack” on Reddit caught an
employee off guard, leading to a hack of the giant discussion platform, the
company said in a notice
[https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/]
this week.

The attacker had built a “plausible-sounding” phishing lure guiding employees to
a clone of Reddit’s intranet – all crafted to trick staff into divulging their
access credentials and second-factor tokens.

All it t

The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group’s features and tactics.
APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea’s Ministry of State Security (MSS) unlike the Lazarus and

Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files from unknown sources, executing the first step in a cyber attack. 
This continues to happen whether the file is an EXE or a Microsoft Excel document. Far too often, end users have an illusion of security, masked by good faith efforts of other users and (

A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas.
Cisco Talos said it “observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389.”
The attacks, per the cybersecurity company,

In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other.
Agility and security are often at odds with each other— if a new feature is delivered quickly but contains security vulnerabilities, the SecOps team will need to scramble the release

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that’s designed to fly under the radar and drop additional payloads onto a compromised host.
“It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find,” Minerva Labs researcher Natalie Zargarov said.
“One such technique

Google announced on Tuesday that it’s officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13.
“The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don’t use identifiers that can track your activity across apps and websites,” the search and advertising giant said. “Apps that choose to participate in the Beta

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.
Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infect over 10,800 websites.
“The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation,” Sucuri researcher Ben Martin said in a report