From Phish to Phish Phishing: How Email Scams Got Smart – Check Point Blog

In short, malicious emails will become easier to create and more difficult to stop.

Hackers are hijacking Windows Search to hit victims with malware | TechRadar

The attack starts with a phishing email pretending to be an invoice, or something similar. It carries a .ZIP archive of an HTML file, and thus successfully bypasses antivirus and email security programs that overlook compressed contents.

Ascension worker unknowingly downloads malicious file, leading to cyberattack

Officials say a worker accidentally downloaded a malicious file they thought was legitimate, causing the alleged cyber attack at Ascension.

Hackers Using OTP bots To Bypass Two-Factor Authentication

After acquiring victim credentials, the scammer sets up a call by selecting an impersonation category (bank, email service, etc.) and manually entering the specific organization name, victim’s name, and phone number. 

Massachusetts town loses $445,000 in email scam | StateScoop

According to his statement, town employees in September received legitimate emails from the vendor to discuss issues processing payments. But, unbeknownst to the town, the cybercriminals had compromised some town employee user accounts and were monitoring email correspondence.

New Warmcookie Windows backdoor pushed via fake job offers

Warmcookie is capable of extensive machine fingerprinting, screenshot capturing, and the deployment of additional payloads.

Have you answered a spam call by accident? Your next move is extremely important

A database of your information is slowly being pieced together by malicious actors, “stored, repackaged and sold from one scammer to the next.” By offering up more information — even by simply answering the phone — that faux pas is “valuable to scammers who might try it again later” and “sell your number to the highest bidder,” 

What is spear phishing? Examples, tactics, and techniques | CSO Online

Spear phishing messages are crafted with care using social engineering techniques and are difficult to defend against with technical means alone. And they’re ruthlessly efficient.

Hackers phish finance orgs using trojanized Minesweeper clone

Hackers are utilizing code from a Python clone of Microsoft’s venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations.

Google guru roasts useless phishing tests, calls for fire drill-style overhaul • The Register

The main argument against current phishing tests is “there is no evidence that the tests result in fewer incidences of successful phishing campaigns,” said Linton.