Cyber-enabled crimes cost Americans nearly $21 billion in 2025, a 26% increase from the previous year, according to the FBI’s latest Internet Crime Report. Phishing, extortion, and investment scams were the most commonly reported attacks, with AI-related scams driving some of the costliest losses. Phishing was the top attack vector, with these attacks leading to more than $215 million in losses.
A new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files.
“The campaign relies on a combination of social engineering and living-off-the-land techniques,” Microsoft says. “It uses renamed Windows utilities to blend into normal system activity, retrieves payloads from trusted cloud services such as AWS, Tencent Cloud, and Backblaze B2, and installs malicious Microsoft Installer (MSI) packages to maintain control of the system. By combining trusted platforms with legitimate tools, the threat actor reduces visibility and increases the likelihood of successful execution.”
If a user falls for the phishing attack, the malicious VBS file creates a hidden folder on the infected system and creates renamed versions of legitimate Windows utilities to evade detection.
Microsoft offers the following advice to help organizations thwart these attacks:
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Microsoft has the story.
Threat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using n8n, a legitimate platform that automates workflows in web apps and services like Slack, GitHub, Google Sheets, and others.
Nobody wakes up on a Sunday, stretches, checks the weather, and accidentally clocks 26.2 miles before brunch. A marathon is built on lonely mornings, careful plans, lost toenails, and no social life. You train for weeks or months. You get injured. You ice. You tape. You pick protein over pudding. All because you know without this, you won’t cross that finish line.
Scams are becoming more sophisticated over time, but this latest scam should be a wake-up call to all organizations and employees as to how far some scammers will go to damage your organization or its stakeholders.
A new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files.
“The campaign relies on a combination of social engineering and living-off-the-land techniques,” Microsoft says. “It uses renamed Windows utilities to blend into normal system activity, retrieves payloads from trusted cloud services such as AWS, Tencent Cloud, and Backblaze B2, and installs malicious Microsoft Installer (MSI) packages to maintain control of the system. By combining trusted platforms with legitimate tools, the threat actor reduces visibility and increases the likelihood of successful execution.”
If a user falls for the phishing attack, the malicious VBS file creates a hidden folder on the infected system and creates renamed versions of legitimate Windows utilities to evade detection.
Microsoft offers the following advice to help organizations thwart these attacks:
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Microsoft has the story.
