Threat actors target GitHub users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. GitHub is warning of an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The company learned of the att

There’s been some smart phishing campaigns running over the last few weeks, and this one is particularly sneaky. Bleeping Computer reports that a phishing page is targeting Greek taxpayers with a tax refund scam. The added sting in the tail comes in the form of an embedded keylogger which grabs everything entered onto the page. An untimely tax refund T

In today’s online landscape, it is crucial for organizations to stay on top of the threats that put their enterprises at risk. Agari and PhishLabs have put together their Quarterly Threat Trends & Intelligence Report detailing their analysis of phishing and social media attacks this quarter. The report presents statistics regarding the volume of attacks,

Ride-hailing giant Uber is moving quickly to downplay the impact from a devastating security breach that included the theft of employee credentials, access to the HackerOne bug bounty dashboard and data from an internal invoicing tool.In a note published Monday, Uber confirmed that an external contractor had their account compromised by an attacker who used

American Airlines is informing some customers that their personal information may have been compromised after threat actors gained access to employee email accounts.The airline said a phishing campaign resulted in the mailboxes of a ‘limited number’ of employees getting accessed by hackers. The compromised email accounts contained the personal information of

Financial technology company Revolut has started informing some customers that it has been targeted in a cyberattack that resulted in their information getting compromised.Revolut described the attack as highly targeted and said the attacker only had access to customer information for a short period of time. The company claimed the attacker did not have acce

Threat actors are impersonating various US government departments in phishing attacks targeting the Microsoft 365 credentials of government contractors.Since at least mid-2019, the attackers have been observed sending phishing messages spoofing the US Departments of Commerce, Labor, or Transportation to target organizations in various sectors, with a focus o

Endpoint detection and response pioneer CrowdStrike is elbowing its way into new security markets with a planned acquisition of attack surface management startup Reposify and a strategic investment in API security vendor Salt Security.The Reposify transaction, which will be paid mostly in cash, gives CrowdStrike an entry point into the lucrative external att

Major airline American Airlines has fallen victim to a data breach after a threat actor got access to the email accounts of several employees via a phishing attack. According to a published notice of a security incident, the data breach was discovered in July 2022. How it happened American Airlines said the successful phishing attack led to the una

Security Operations Center (SOC) infrastructure start-up Cyrebro this week announced that it has banked $40 million in Series C funding, bringing the total raised by the company to $61 million.The new funding round was led by Koch Disruptive Technologies (KDT) and Elaia, with additional investment from existing investors Bank Mizrachi, InCapital Group, Mangr

Silicon Valley late-stage startup Fortanix has banked $90 million in new capital to boost its place in the confidential computing and data protection marketplace.Fortanix said the $90 million Series C round was led by Goldman Sachs Asset Management. GiantLeap Capital joined as a new investor alongside prior backers Foundation Capital, Intel Capital, Neotribe

The non-profit Rust Foundation has scored funding to build a dedicated security team to proactively identify and address security defects in the popular Rust programming language.The Foundation said the new team will be funded by investments from the OpenSSF’s Alpha-Omega Initiative and software supply chain security firm Jfrog and will immediately work on a

Threat actors are exploiting the death of Queen Elizabeth II as bait in phishing attacks to steal Microsoft account credentials from victims. Researchers from Proofpoint are warning of threat actors that are using the death of Queen Elizabeth II as bait in phishing attacks. The attackers aim at tricking recipients into visiting sites designed to steal

Just four months after emerging from stealth with $11 million in seed funding, Dig Security has banked an additional $34 million in venture capital funding as investors continue to flock to cloud data security startups.Dig Security said the $34 million Series A was led by Silicon Valley venture capital firm SignalFire, with participation from Felicis, Okta V

Mobile phishing protection startup novoShield has emerged from stealth mode with an enterprise-grade iPhone protection application.The new solution, novoShield says, was designed to protect both end-users and businesses from the increasing number of phishing attacks.The migration to remote work due to the Covid-19 pandemic has led to a significant increase i