HHS added ten listings to its public leak site today, all of which are part of the Integrated Oncology Network (“ION”). See updates to 22 listings. According to its substitute notice, on May 9, ION concluded an investigation of a phishing incident that occurred between December 13 and December 16, 2024. The incident resulted in…
Category: Phishing
Five youths arrested on suspicion of phishing
Dutch police report: Last week, the police arrested five young people on suspicion of phishing. On Tuesday 1 July, four minors aged 14 and 17 from Lelystad were arrested, and on Wednesday 2 July, a 21-year-old suspect from Lelystad was arrested. The police in Flevoland started an investigation some time ago after receiving reports of…
Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
Ravie Lakshmanan reports: Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. “A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also…
Marquette County Medical Care Facility discloses data breach
Marquette County Medical Care Facility (MCMCF) has issued a statement about a breach they discovered in March 2025. On March 3, 2025, MCMCF became aware of the business email compromise incident when contacts of MCMCF’s Human Resources director began receiving phishing emails from her Microsoft Office 365 (O365) account. The types of information involved included…
Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
Kevin Poireault reports: Keir Giles, a British expert on Russian information operations, has been targeted by a sophisticated spear phishing attack using novel social engineering techniques. The writer and senior consulting fellow at the UK think tank Chatham House was lured into sending app-specific passwords to someone impersonating a US State Department employee. The Google…
FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters
This may make it a bit harder for those legitimately seeking jobs on LinkedIn. Daryna Antoniuk reports: Cybercriminals from the long-running FIN6 group are posing as job seekers on platforms like LinkedIn to infect recruiters with malware delivered through fake resumes, according to a new report. Recruitment scams are common among cybercrime gangs, but this…