For providers

From time to time, it can be instructive to look at generic phishing messages that are delivered to one&#x27s inbox or that are caught by basic spam filters. Although one usually doesn&#x27t find much of interest, sometimes these little excursions into what should be a run-of-the-mill collection of basic, commonly used phishing techniques can lead one to find something new and unusual. This was the case with one of the messages delivered to our handler inbox yesterday…

The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A Formula 1 pit crew demonstrates the basic principles of how modern security teams should work.

A unique take on the software update gambit has allowed "PlushDaemon" to evade attention as it mostly targets Chinese organizations.

Get ready to shop and save big on Cisco learning.

Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and phishing attacks.

Have you ever given two seconds of thought to a browser notification? No? That's what hackers bent on phishing are counting on.

Searchlight Cyber today released a blog detailing CVE-2025-61757, a vulnerability they reported to Oracle. Oracle released a patch for the vulnerability as part of its October Critical Patch Update, which was released on October 21st.

The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks.