Crimeware server used by NetWalker ransomware seized and shut down

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Once more, it's time for Shakespeare's words: Once more unto the breach...

“Suspicious login” scammers up their game – take care at Christmas

A picture is worth 1024 words - we clicked through so you don't have to.

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING

How social media scammers buy time to steal your 2FA codes

The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake

Twitter Blue Badge email scams – Don’t fall for them!

That was the week that was...

Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!

Simple but super-sneaky - use a picture of a browser, and convince people it's real...

Facebook 2FA scammers return – this time in just 21 minutes

Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes

That didn’t last! Microsoft turns off the Office security it just turned on

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

Facebook 2FA phish arrives just 28 minutes after scam domain created

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

Lastest epsiode - listen now!

Know your enemy! Learn how cybercrime adversaries get in…

Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!

S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]

Latest episode - listen now!

Beware the Smish! Home delivery scams with a professional feel…

Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

Latest episode - listen now (or read it, if that's your preference)...

Instagram scammers as busy as ever: passwords and 2FA codes at risk

Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

Latest episode - listen now!

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Instagram copyright infringment scams – don’t get sucked in!

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams...

Black Friday and Cyber Monday – here’s what you REALLY need to do!

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

“Customer complaint” email scam preys on your fear of getting into trouble at work

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]

Latest episode - listen now! Serious security explained with personality in plain English.

Banking scam uses Docusign phish to thieve 2FA codes

999 people in 1000 will know this is a phish straight off the bat. But for 1 in 1000 it will be plausible at first sight...

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

Latest episode - listen now!