Via #LLRX @psuPete Recommends Weekly highlights on #cybersecurity issues, 9/8/25 - 5 highlights from this week: States Have More #Data About You Than the Feds Do. #Trump Wants to See It; #Instagram Map lets your friends, possibly exes, track your every move; #Samsung phones can detect AI voice #phishing attacks w One UI 8; #Uber Gets Report of #Sexual #Misconduct Every 8 Min; #HomeDepot & #Lowes Share Data From Hundreds of #AI #Cameras w #Cops. #privacy #cybercrime https://www.llrx.com/2025/08/pete-recommends-weekly-highlights-on-cyber-security-issues-august-9-2025/
Administered by:
#phishing
35 posts27 participants0 posts today
WinRAR zero-day vulnerability (CVE-2025-8088) exploited by Russian-tied RomCom hackers in phishing attacks to plant malware via malicious archives! Extracted files auto-run from Startup folders, enabling remote code execution. Update to WinRAR 7.13 NOW to stay safe! 
#WinRAR #CyberSecurity #Malware #RomCom #Phishing #ZeroDay #InfoSec
#newz
#Phishing attacks exploit #WinRAR flaw CVE-2025-8088 to install #RomCom
https://securityaffairs.com/180967/hacking/phishing-attacks-exploit-winrar-flaw-cve-2025-8088-to-install-romcom.html
#securityaffairs #hacking #malware
Security Affairs · Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomComWinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware.
Po prostu dajemy się nabrać na łudząco podobne do naszej strony poczty elektronicznej.
Więcej informacji 
https://lttr.ai/AhOfl
Adult sites are stashing exploit code inside racy .svg files - Dozens of porn sites are turning to a familiar source to gen... - https://arstechnica.com/security/2025/08/adult-sites-use-malicious-svg-files-to-rack-up-likes-on-facebook/ #javascript #security #exploits #phishing #biz #scams
Ars Technica · Adult sites are stashing exploit code inside racy .svg files
GenAI Used to Impersonate Brazil's Government Websites
Threat actors are leveraging generative AI tools like DeepSite AI and BlackBox AI to create phishing templates that closely mimic official Brazilian government websites, such as the State Department of Traffic and Ministry of Education. These malicious replicas are boosted in search results using SEO poisoning techniques. The phishing pages collect sensitive personal data, including CPF numbers and addresses, validating the information through APIs to build credibility. The ultimate goal is to trick victims into making payments via Pix, Brazil's instant payment system. Technical analysis reveals AI-generated source code signatures, including TailwindCSS styling, explanatory comments, and non-functional elements. The campaign demonstrates the evolving sophistication of phishing attacks empowered by generative AI tools.
Pulse ID: 6896279970e62c2bef3c1a32
Pulse Link: https://otx.alienvault.com/pulse/6896279970e62c2bef3c1a32
Pulse Author: AlienVault
Created: 2025-08-08 16:36:41
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Phishing: Klickt NIEMALS auf angebliche #Bank- Links in Mails, sondern geht selbst auf die Seite Eurer Bank und loggt Euch dort ein. Sonst kann es teuer werden: https://www.lto.de/recht/nachrichten/n/8u10323-olg-oldenburg-phishing-betrug-grobe-fahrlaessigkeit-haftung-bank?utm_source=Eloqua&utm_content=WKDE_LEG_NSL_LTO-Daily_DesignEditor_EM&utm_campaign=wkde_leg_mp_lto_daily_ab13.05.2019&utm_econtactid=CWOLT000039862474&utm_medium=email_newsletter&utm_crmid=
Legal Tribune OnlineOLG: Phishing-Opfer bekommt 41.000 Euro nicht zurückEine Frau, die auf eine zwielichtige E-Mail hin die Zugangsdaten für ihr Online-Banking preisgab, bekommt das Geld nicht von ihrer Bank zurück, so das OLG.
Reading comprehension assistance needed, please. I don't understand this paragraph below:
"On June 10, 2025, Precision Endodontics of Raleigh discovered that its email account had been accessed by an unknown entity and that phishing emails were sent out to a small part of its prior contact list. In addition, its contact list of names and email addresses were compromised by the unknown entity. No evidence exits (sic) to suggest that there has been any attempt to misuse any of the information."
Isn't the last sentence contradicted by the prior statement that phishing emails were sent out? Isn't that an attempt to misuse any of the information?
PHISHING ALERT!
We have identified a phishing campaign targeting Mastodon users.
The attackers' goal is to convince users to click on a link, take them to a fake payment page, and steal their credit card details.
Watch the video and avoid falling into the trap! 
G◍M◍◍T 
WhatsApp: nuove funzioni contro truffe e messaggi sospetti
https://gomoot.com/whatsapp-nuove-funzioni-contro-truffe-e-messaggi-sospetti/
Gomoot : tecnologia e lifestyle Scopri le ultime novità in fatto di hardware, tecnologia IA e altro · WhatsApp: nuove funzioni contro truffe e messaggi sospettiWhatsApp introduce nuove funzioni di sicurezza per bloccare truffe nei gruppi e messaggi privati con l'aiuto di IA, metadati e avvisi in tempo reale
Google confirms a data breach via its Salesforce system, attributing the attack to hacker group ShinyHunters 
Stolen info includes SMB contact details—no sensitive data reported.
Attackers used voice phishing to access cloud databases 
Part of a wider pattern of Salesforce-targeted breaches.
@zackwhittaker
@Techcrunch@flipboard.com
@techcrunch@threads.net
TechCrunch · Google says hackers stole its customers' data by breaching its Salesforce database | TechCrunchGoogle confirmed that one of its cloud-stored Salesforce databases was breached, exposing its customer data. Google attributed the breach to a hacking group, ShinyHunters, known for breaking into Salesforce databases.
Ars Technica · Here’s how deepfake vishing attacks work, and why they can be hard to detect
My first phishing text message that looked convincing, targeting my pension account, "verify your address." Of course I didn't click on the link, oh hell no! I traced the number to spammer fraud web pages. When I get home, I'll see who their hosting provider is, etc.
That link could have wiped out my retirement. With the fraud safety government offices closed, this is going to be one of many attempts to remove our last strings of survival...
[
BEWARE] Mozilla warns of Phishing Attacks targeting Add-On Developers.
According to Mozilla's advisory, these phishing emails are impersonating the AMO [addons-mozilla-org] team and claim that the targeted developer accounts require updates to maintain access to development features.
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
Cybercriminals are getting personal, and it’s working https://www.helpnetsecurity.com/2025/08/07/email-attacks-q2-2025/ #cybercriminals #emailsecurity #VIPRESecurity #BECscams #phishing #News
Help Net Security · Cybercriminals are getting personal, and it's working - Help Net SecurityEmail attacks surged in Q2 2025 as phishing kits and AI-powered BEC scams targeted manufacturers and execs across key sectors.
Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign – Source:hackread.com https://ciso2ciso.com/chinese-groups-stole-115-million-us-cards-in-16-month-smishing-campaign-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #PhishingScam #CyberAttack #CyberCrime #Hackread #Phishing #security #Smishing #Telegram #China #Fraud #Meta #Scam
CISO2CISO.COM & CYBER SECURITY GROUP · Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign – Source:hackread.comSource: hackread.com - Author: Deeba Ahmed. A new report from cybersecurity firm SecAlliance has revealed a highly organized criminal operation run by
Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign https://hackread.com/chinese-stole-115-million-us-cards-smishing-campaign/ #Cybersecurity #PhishingScam #CyberAttack #CyberCrime #Security #Phishing #Smishing #Telegram #China #Fraud #Meta #Scam
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · Chinese Groups Stole 115 Million US Cards in 16-Month Smishing CampaignFollow us on Blue Sky, Mastodon Twitter, Facebook and LinkedIn @Hackread
I got a very weird mail…
According to headers (and DKIM!) it came from Google, specifically "no-reply@accounts.google.com",
but not to my gmail address, but my private one (that is the backup address for the google account).
The text is (in German) that I've not logged in to my account in 8 months and accounts get deleted after 2 years of inactivity.
All links (in the HTML even!) go to accounts.google.com
The only outliner is an image loaded from lh3.googleusercontent.com
WTF?! #phishing
Threat Actors Use GenAI to Launch Phishing Attacks Mimicking Government Websites https://gbhackers.com/threat-actors-use-genai-to-launch-phishing-attacks/ #CyberSecurityNews #cybersecurity #CyberAttack #Phishing #AI
GBHackers Security | #1 Globally Trusted Cyber Security News Platform · Threat Actors Use GenAI to Launch Phishing Attacks Mimicking Government WebsitesThreat actors are increasingly leveraging generative AI (GenAI) tools to craft highly convincing phishing websites.