According to Perception Point, hackers are increasingly using a technique called ZIP file concatenation to hide malicious payloads in compressed archives in a way that security solutions might miss.

The abuse of URL rewriting in phishing attacks has emerged as a new trend, allowing threat actors to hide malicious links behind trusted domains of security vendors. Exploiting these features enables bypassing detection mechanisms.

A new LinkedIn threat combines breached users’ accounts and an evasive 2-step phishing attack. A recent Python-based infostealer called Snake targets Facebook users with malicious messages.

A new phishing campaign called Operation PhantomBlu is using sophisticated social engineering tactics to deploy the NetSupport RAT remote access trojan, showcasing innovation in evasion techniques.

Cybersecurity analysts identified that the attacker, posing as a financial services company in this campaign, tricks the target with a fake invoice email. The attacker dodges detection using a fake page and a real link.

The phishing attacks are highly convincing, using personalized messages and a meticulously crafted phishing page that mimics the Booking.com interface, leading victims to unknowingly provide their credit card or bank information.