Cybersecurity researchers at Cofense have uncovered a phishing campaign using fake LinkedIn InMail notifications to distribute the ConnectWise RAT. Unlike typical LinkedIn scams that steal credentials, this attack installs a remote access trojan. The fraudulent emails mimic LinkedIn branding but use an outdated template from before the platform’s 2020 redesign, making them appear legitimate at first glance.

Malwarebytes Labs has uncovered a phishing scam exploiting the Docusign API, which allows users to send emails from legitimate Docusign accounts.

Cybersecurity researchers have uncovered a large-scale phishing campaign leveraging fake CAPTCHA images embedded in PDF documents hosted on Webflow’s content delivery network (CDN).

Asia is poised to claim nearly half of the world’s fintech transactions by the end of 2025, solidifying its position as a global leader in the sector, according to a new report from Singapore-based UnaFinancial.

Bybit has confirmed that hackers executed a "sophisticated attack" on one of its Ethereum (ETH) cold wallets, resulting in the theft of approximately 401,346 ETH, valued at over $1.4 billion.

Phishing isn’t the only threat to worry about. The FBI has issued a critical advisory about Ghost, a ransomware campaign exploiting known software vulnerabilities instead of relying on phishing. Active in over 70 countries, Ghost targets sectors worldwide, using publicly available code to infiltrate unpatched internet-facing servers.

More than three million employee-linked corporate accounts across Fortune 500 companies were compromised between 2022 and 2024, according to cybersecurity firm Enzoic.