I told you in our last piece about a commercially sold phishing-as-a-service framework called Starkiller. But we didn’t really get into what it does and how to understand the threat it poses. Let’s do that now. Developed by a threat group called Jinkusu, Starkiller doesn’t just exploit static HTML clones of legitimate log-in pages like most phishing platforms do. It actually creates a scenario in which you are logging into the real, intended log-in page – but it intercepts y

I was going to use this space today to tell you about a new cyberthreat called Starkiller, and perhaps next week in this space I will do that. But as I started to develop the piece, a detail struck me that I thought deserved a step back so it could get its own focus. That is the mere fact that Starkiller, like so many other cyberthreats, is actually commercially sold. As you consider your approach to cybersecurity, this is a stunning reality that should have your attention: T

If you bought a Mac at some point because you thought it would be more secure than a Windows device, you certainly had a lot of company in that thinking. All that company isn’t going to help you, though, if you fall prey to threats like the Atomic macOS Stealer, also known as AMOS. Researchers have recently noticed a distribution campaign targeting users of the OpenClaw IA agent framework. Whereas these campaigns used to depend on malicious software or bogus advertising outre

We’ve told you recently in this space that AI-driven cyberattacks represent the most serious and growing cybersecurity threat in today’s world. This is the giveth-and-taketh-away proposition AI presents in cybersecurity. It can absolutely be used to strengthen many of the existing tools – assessing potential threats and helping to make decisions about when manual intervention is necessary. But the bad guys can use AI as well, and they’ve been finding disturbingly creative wa