Anka Markovic Borak

Hackers are targeting Web3 professionals with malware disguised as video conferencing apps, in an effort to steal cryptocurrency and sensitive data. The campaign, active since September 2024, primarily affects users on Windows and macOS. The attack revolves around a fraudulent meeting platform

A new phishing-as-a-service (PhaaS) platform, known as Rockstar 2FA, is enabling adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials and bypass multifactor authentication (MFA). Specifically, AiTM phishing is a technique that uses specialized tools to allow a threat actor to

A North Korea-linked hacking group, Sapphire Sleet, has stolen more than $10 million in cryptocurrency over six months through LinkedIn scams and AI-driven malware. The group, active since 2020, exploits fake profiles to execute sophisticated social engineering campaigns targeting professionals

A severe vulnerability affecting the Really Simple Security WordPress plugin, previously Really Simple SSL, has put four million websites at risk of potential takeover. Discovered on November 6, 2024, by Wordfence researchers, the flaw allows attackers to bypass authentication and gain