Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts zurl.co/KUoD5

HMRC scammers stole £47m in phishing fraud targeting 100,000 taxpayer accounts The large-scale fraud was exposed during a Treasury Select Committee hearing, where senior HMRC officials were criticised for failing to inform MPs earlier zurl.co/CmOhc

HMRC opens anti-fraud centre as stated losses from recent phishing campaign increase by £2m The losses are just under £50 million! HMRC has created a new dedicated unit to tackle fraud zurl.co/EvRec

Phishing goes prime time: Hackers use trusted sites to hijack search rankings Through the underground Hacklink platform, attackers exploit .gov and .edu domains to boost fraudulent pages to the top of search results zurl.co/aONZd

If you receive an email informing you that a password needs changing, you have a voicemail or a document to sign always go through your trusted links as opposed to clicking on the one in an email. Better to be safe than sorry!

It’s a busy day with scams and phishing attempts! They will always prey on the vulnerable and use unethical methods to relieve you of your cash, be wary!

When you report a phishing email to [email protected] you get a reply with details of what they've achieved As of March 2025, the number of reports received stands at more than 40,916,893, with the removal of more than 214,614 scams across 387,536 URLs

Did you know that if you receive a scam text you can forward it on to 7726. Your network provider will ask you for the number is was sent from so that they can take action, and it's completely free!

IT helpdesk scams are ramping up –here’s what leaders can do Sophisticated IT helpdesk scams are increasingly targeting firms of all sizes, what can be done to stop them? zurl.co/UEFh2

Phishing Deep Dive: EU-Affiliated Survey Platform Exploited in Sophisticated Credential Harvesting Campaign KnowBe4 Threat Lab identified a phishing campaign originating from accounts created on the legitimate service ‘EUSurvey’ #KnowBe4 zurl.co/CBV4a

Takeover of British Russia expert’s email accounts used novel phishing tactic Email accounts belonging to a well-known British expert on Russia were targeted with a highly customised and novel social engineering attack #SecurityAwarenessTraining zurl.co/3Oqn7

ChainLink Phishing: How Trusted Domains Become Threat Vectors Phishing remains one of cybersecurity’s most enduring threats, not because defenders aren’t evolving, but because attackers are adapting even faster #MultiLayeredSecurity zurl.co/ZVy9R

Anti-phishing efforts flag legitimate e-mails As organisations become more adept at identifying phishing threats, a new and unexpected challenge has emerged: legitimate, business-critical e-mails are increasingly being mistaken for malicious ones zurl.co/BN5ii

Cybercriminals use SEO tricks to push phishing pages Search engine optimisation (SEO) has become the latest tool for attackers looking to lure in targets for phishing attacks #MultiLayerSecurity zurl.co/irVJx

Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods - thehackernews.com/2025/07/four-a…

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild zurl.co/TAvbR

Oracle Fixes Critical Bug in Cloud Code Editor The bug allowed an attacker an easy way to compromise full suite of developer tools in Oracle Cloud Infrastructure zurl.co/f6itj

Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms Researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection zurl.co/UbuWv

Recognising Social Engineering's Role in Ransomware Surge Manufacturers need to reflect on how phishing attacks and human risks contribute to ransomware exposure zurl.co/A4OSI

Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable More than 10,000 WordPress sites have been left vulnerable to full site takeover due to three critical security flaws zurl.co/TOwiW