Security firm uncovers 150-plus cloned law-firm websites used in coordinated recovery scams
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
Investigation Links ShinyHunters to Broad Vishing Campaign Targeting Over 100 Organizations
Researchers say a coordinated campaign combined telephone-based social engineering with browser-resident phishing toolkits to target more than 100 organisations across sectors, manipulating live authentication sessions to bypass MFA and SSO protections. A contemporaneous but separate infostealer disclosure — an unsecured cache of roughly 149 million credential pairs captured from endpoints — heightens the risk of credential-stuffing and targeted vishing, complicating response and containment.
Global crypto thefts jump to $370.3M in January as phishing and large scam dominate losses
January’s crypto losses reached about $370.3M, driven mainly by phishing and one outsized social‑engineering theft; contemporaneous reports — including a 149M‑credential infostealer cache and a TRM Labs review of 2025 flows — help explain why credential theft and sophisticated laundering continue to magnify single‑incident impact and frustrate trace-and-freeze responses.
Trust Undone: How AI Is Reforging Social Engineering into an Industrial-Scale Threat
Generative and agentic AI are enabling deception campaigns that scale personalized manipulation to millions, shifting the primary attack vector from technical flaws to exploited trust. Organizations and states face a widening threat that blends deepfakes, automated reconnaissance, and commoditized fraud tools, forcing a rethink of detection, workflow controls, and human-centered defenses.