CyberSecurity news
FlagThis - #cyble
|
@cyble.com
//
Cyble threat intelligence researchers have uncovered a global phishing campaign leveraging the LogoKit phishing kit. This sophisticated kit is being used to target government, banking, and logistics sectors. The initial discovery stemmed from a phishing link mimicking the Hungary CERT login page, highlighting the campaign's ability to impersonate legitimate websites to steal credentials.
The LogoKit is designed to enhance credibility and increase the likelihood of successful credential theft. The phishing attacks often embed the victim's email address in the URL, pre-filling the username field on the spoofed login page. This personalized approach, combined with the kit's ability to dynamically generate convincing phishing pages, makes it a potent threat. CRIL analyzes show that the kit uses brand assets from Clearbit and Google Favicon to create realistic-looking login pages. These phishing campaigns are part of a larger trend of surging identity attacks. Reports indicate a significant increase in cyberattacks targeting user logins. Cybercriminals are increasingly turning to sophisticated phishing-as-a-service platforms to conduct BEC schemes and ransomware disasters. Organizations should implement strong DNS security measures to protect against such threats. Recommended read:
References :
@www.dhs.gov
//
Following U.S. airstrikes on Iranian nuclear sites on June 21, 2025, a wave of cyberattacks has been launched against U.S. organizations by Iran-aligned hacktivist groups. Cyble threat intelligence researchers reported that in the first 24 hours after the strikes, 15 U.S. organizations and 19 websites were targeted with DDoS attacks. Groups such as Mr Hamza, Team 313, Keymous+, and Cyber Jihad have claimed responsibility, targeting U.S. Air Force websites, aerospace and defense companies, and financial services organizations.
The attacks have been framed as retaliation for U.S. involvement in the ongoing Israel-Iran conflict, with the groups using the hashtag #Op_Usa to deface websites and leak credentials. The U.S. Department of Homeland Security (DHS) issued a bulletin on June 22, 2025, warning of likely low-level cyber attacks against U.S. networks by pro-Iranian hacktivists, noting that cyber actors affiliated with the Iranian government may also conduct attacks. This warning highlights the escalating cyber warfare activity between the two nations. In a notable incident, Donald Trump's social media platform, Truth Social, was paralyzed by a DDoS attack just hours after the U.S. airstrikes. The hacker group “313 Team” claimed responsibility, stating the attack was in response to President Trump's announcement of the successful strikes on Iranian nuclear sites. The DHS emphasizes that this cyber activity reflects an increasing shift of geopolitical tensions into the digital space, further intensifying the cyber security concerns. Recommended read:
References :
@x.com
//
The ongoing Israel-Iran conflict has expanded into cyberspace, marked by a surge in hacktivist activity and the deployment of new malware campaigns. Pro-Israel and pro-Iranian groups are actively engaging in cyberattacks, including DDoS attacks, website defacements, and data breaches, targeting organizations within each other's territories. This digital warfare mirrors the escalating military tensions between the two nations, turning the internet into a covert combat zone.
Amidst this cyber conflict, a pro-Israel hacktivist group known as Predatory Sparrow has claimed responsibility for hacking Bank Sepah, a major Iranian financial institution. Predatory Sparrow alleges that the bank was used to circumvent international sanctions and finance the Iranian regime's military activities. While independent verification of the attack is pending, reports have emerged of banking disruptions and closed Bank Sepah branches across Iran. The group has targeted Iranian organizations in the past. The intensification of cyber hostilities between Israel and Iran raises concerns about potential spillover effects, with U.S. companies and critical infrastructure facing increased risks. Cybersecurity experts are urging organizations to brace for potential disruptions and enhance their defenses against cyberattacks. The digital conflict highlights the importance of cybersecurity preparedness in a world where geopolitical tensions increasingly manifest in cyberspace. Recommended read:
References :
MalBot@malware.news
//
References:
gbhackers.com
, infosecwriteups.com
,
A fraudulent website, digiyatra[.]in, is actively targeting Indian air travelers by impersonating the official DigiYatra Foundation. Threat actors are exploiting the trust placed in India's digital infrastructure by setting up this deceptive phishing site. The website, which remains live at the time of reporting, is designed to harvest personal user data under the guise of providing official services for air travelers, mirroring a legitimate flight booking portal with a flight search box and user forms requesting names, phone numbers, and email addresses.
Despite the appearance of a genuine booking platform, the website does not facilitate any actual ticket sales or transactions. Instead, its sole purpose is data harvesting, enticing users to input Personally Identifiable Information (PII) by imitating a legitimate service experience. The site uses a free SSL certificate from Let's Encrypt to enhance its perceived legitimacy, further deceiving unsuspecting users. The domain was registered under the name Ali Sajil from Kerala, India, and is accessible through both its domain name and IP address (167[.]172[.]151[.]164). The discovery of this phishing site poses significant risks, including unauthorized data collection, public deception, and potential reputational damage to the DigiYatra initiative. The site's ability to deceive users stems from its strategic use of keywords and the appearance of security through HTTPS. In response to this threat, ThreatWatch360 has taken immediate action, escalating the matter to CERT-In and submitting a takedown request to the domain registrar. Furthermore, alerts have been shared with brand protection clients, and monitoring for similar fraudulent attempts is ongoing, with DNS-level blocks advised for the domain and its IP address to prevent further abuse. Recommended read:
References :
|