Cloudflare is a content delivery network that serves content for about 20% of the worldâs websites and mirrors that content on thousands of servers worldwide.
November 18, 2025
high
descriptive
Scope and scale of Cloudflare's CDN service as described in the article.
When a user accesses a website protected by Cloudflare, the user's computer connects to the nearest Cloudflare server rather than directly to the website.
November 18, 2025
high
process
Describes how Cloudflare routes user connections via its distributed servers.
Content delivery networks (CDNs) protect websites from traffic floods and provide faster responses by caching or mirroring content across distributed servers.
November 18, 2025
high
descriptive
General function and benefit of CDNs described in the article.
Smishing is a type of phishing scam that uses text messages to trick recipients into revealing personal and sensitive information such as passwords and credit card numbers.
November 12, 2025
high
definition
Describes a category of phishing that uses SMS/text messaging as the attack vector.
Phishing-as-a-service refers to platforms or services that enable operators to launch mass phishing or smishing campaigns at scale, often by providing infrastructure, templates, or fake websites to impersonate legitimate brands.
November 12, 2025
high
concept
Describes a durable business model and technical approach used by cybercriminals to scale phishing operations.
Common user defenses against text-message phishing include not clicking links or replying to unknown messages; on iPhone, enabling 'Filter Unknown Senders' and 'Filter Junk'; and on Android, enabling Spam Protection and forwarding suspected scam texts to 7726 (SPAM).
November 12, 2025
high
security_practice
Practical, general-purpose recommendations for reducing risk from SMS/text phishing (smishing).
Immigration and Customs Enforcement (ICE) reports that members of the South American Theft Group (SATG) use encrypted messaging apps, burner phones, and pre-surveillance of neighborhoods to identify and target victims.
November 07, 2025
high
descriptive
Common operational tactics attributed to the group by ICE.
The Cybersecurity and Infrastructure Security Agency (CISA) operates election monitoring rooms during election cycles to field and share information about active threats to elections.
November 04, 2025
high
descriptive
CISA's operational role in coordinating threat information during election cycles
The Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) provides real-time threat alerts to election operators.
November 04, 2025
high
descriptive
EI-ISAC's role as an information-sharing mechanism for election security
State and local election officials use tabletop exercises, regional networks, and national associations as mechanisms to share threat information and to rehearse responses to election threats.
November 04, 2025
high
procedural
Common non-federal practices for threat preparedness and information sharing in election administration
Smaller local election offices often have limited budgets and may struggle to afford cybersecurity and physical security resources without federal funding support.
November 04, 2025
high
descriptive
Resource constraints affecting security capabilities of smaller election offices
Some web-scraping operations evade website anti-scraping measures and mask identities to harvest publicly available content, and scraped content is sometimes sold commercially as training material for AI models.
October 22, 2025
high
general
Describes recurring techniques and commercialization practices in large-scale web scraping.
Impersonation scams commonly use multiple contact channelsâmailing a fake official letter followed by text messages and telephone callsâto create apparent authenticity by 'authenticating' the incoming call and reducing recipients' hesitation to engage.
October 16, 2025
high
temporal
Describes a recurring social-engineering tactic that combines physical mail with electronic contact to increase credibility.
Fraudsters often direct victims to fake agency websites or links to capture login credentials or solicit creditâcard information; a recommended defense is to avoid clicking links in unsolicited messages and instead navigate directly to the official agency website such as https://www.ssa.gov.
October 16, 2025
high
temporal
Describes common credential-harvesting and phishing tactics and a practical mitigation.
Since March 2025, a hacking group known as Storm-2657 has conducted "pirate payroll" attacks that target university staff to hijack salary payments.
March 01, 2025
high
temporal
Describes the onset and nature of a class of payroll-targeting attacks against higher-education institutions.
In 2025, Storm-2657 primarily targeted Workday and other payroll and HR software by sending phishing emails that capture login credentials and multi-factor authentication (MFA) codes in real time using adversary-in-the-middle techniques.
March 01, 2025
high
temporal
Describes the primary technical target and credential-capture method used in payroll-directed phishing campaigns.
In 2025, attackers commonly set inbox rules to delete platform notifications and enrolled attacker-controlled phone numbers as MFA devices to maintain persistent access and conceal unauthorized payroll changes.
March 01, 2025
high
temporal
Describes persistence and stealth tactics used after initial credential compromise in payroll fraud campaigns.
Using a small number of compromised internal accounts increases the credibility of phishing messages and enables large-scale spreading; Microsoft reported that 11 compromised accounts at three universities were used to send phishing emails to nearly 6,000 addresses at 25 institutions in 2025.
March 01, 2025
high
temporal
Quantifies how attackers scale campaigns by leveraging trusted internal accounts to improve phishing success.
A 2025 Check Point Research investigation found that the 'YouTube Ghost Network' has been active since 2021 and that observed activity surged threefold in 2025.
January 01, 2025
high
temporal
Long-running malware distribution network operating via YouTube
A court complaint filed by Google alleges that, from July 2023 through October 2024, the Lighthouse network created or used 32,094 distinct phishing websites that mimicked the U.S. Postal Service.
October 31, 2024
high
statistic
Alleged scale of phishing sites impersonating a major U.S. government-related service over a defined period.
Google estimated that phishing sites mimicking the U.S. Postal Service could compromise between 12.7 million and 115 million U.S. credit cards for the period from July 2023 through October 2024.
October 31, 2024
high
statistic
Range estimate attributed to Google about potential credit-card compromises tied to phishing sites over a specific timeframe.
Subsea internet and data cables carry large volumes of global internet traffic and support daily financial transactions worth trillions of dollars.
January 01, 2024
high
descriptive
Role of undersea data cables in global internet traffic and financial transaction flows.
The FBI warned that the cybercriminal group 'Scattered Spider' targets the airline sector.
high
temporal
FBI advisory describing targeting of the airline ecosystem by a named cybercriminal group.
The FBI reported that 'Scattered Spider' relies on social engineering techniques that impersonate employees or contractors to deceive IT help desks into granting access and frequently uses methods to bypass multi-factor authentication by convincing help desk staff to add unauthorized MFA devices to compromised accounts.
high
temporal
Description of attack techniques and MFA-bypass methods attributed to a named cybercriminal group in an FBI advisory.
Phishing is an online fraud technique that uses fake websites to trick people into entering sensitive information, and "smishing" refers to phishing attacks conducted via SMS (text messages).
high
definition
Terminology describing types of online fraud targeting user credentials or payment data.
Phishing-as-a-Service is a cybercriminal business model in which operators sell software kits and support that provide large numbers of fake website templates to would-to-be scammers.
high
definition
Describes a commercially organized criminal model enabling scalable phishing operations.
MIT Technology Review noted that AI agents are less expensive than professional hackers and can operate rapidly at larger scale, making them particularly attractive to cybercriminals.
high
trend
General analysis about the economic and operational advantages of AI agents for conducting cyberattacks.
Jackpotting is a cyber-physical crime in which attackers gain access to an automated teller machine (ATM) by installing malware or attaching a physical 'black box' device to the machine.
high
definition
General definition of the term 'jackpotting' used to describe attacks on ATMs.
Attackers can access an ATM through a physical connection or remotely in order to override the ATM's security systems and cause the machine to dispense large amounts of cash on demand.
high
process
Describes the typical mechanics used in jackpotting attacks to force cash disbursement.
Jackpotting techniques can enable cardless cash withdrawals by triggering the ATM to dispense cash without using the machine's normal user interface or inserting a payment card.
high
technical
Outcome of successful jackpotting attacks enabling withdrawals without standard card-based authentication.
Hyundai AutoEver America is an IT services provider that manages IT systems for Hyundai Motor America and supports employee operations, connected-vehicle technologies, connected-vehicle infrastructure, and dealership systems across North America.
high
organizational
Describes the persistent role and functions of Hyundai AutoEver America within the Hyundai ecosystem.
Social Security numbers and driver's license numbers are sensitive personal identifiers that cannot be easily changed and can be used for long-term identity theft, financial fraud, creating fake identities, opening fraudulent accounts, and enabling targeted phishing attacks.
high
security_risk
General risks associated with exposure of immutable personal identifiers.
Scammers send unsolicited SMS and iMessage texts that include the recipient's first name and fabricated counts of photos or videos, with short links that lead to malicious .info domains.
high
behavioral
Describes the initial contact method and social-engineering details used in the scam.
Fraudsters create fake cloud storage websites that mimic real cloud services by using similar fonts, icons, progress bars, countdown timers, and dashboard layouts to increase credibility.
high
behavioral
Describes the visual and design tactics used on phishing landing pages.
These fake cloud storage pages commonly request a small 'upgrade' payment (often cited as $1.99) and collect credit card numbers, PayPal logins, or other personal information, resulting in financial theft.
high
behavioral
Explains the mechanism by which the scam converts a phishing interaction into stolen financial credentials.
Scammers use urgency and fear-based language such as 'Act now' or 'Final warning' to induce panic and target populations that may be more likely to trust such messages, including older adults.
high
behavioral
Describes the emotional-manipulation techniques and target demographics used by attackers.
Phishing campaigns impersonating cloud-storage providers commonly send unsolicited SMS or iMessage alerts that include the recipient's first name, fabricated photo/video counts, and a short link to a malicious domain to create urgency and prompt clicks.
high
procedural
Describes the initial contact and social-engineering technique used in cloud-storage impersonation scams.
Fake cloud-storage websites mimic the fonts, icons, buttons and layout of legitimate cloud services and use interface elements such as progress bars and countdown timers to convince users to enter payment or account credentials.
high
procedural
Describes how attackers create convincing counterfeit pages to harvest credentials or payment details.
Scammers frequently request small 'upgrade' fees (for example, $1.99) and request credit card information, PayPal logins, or other personal data as part of cloud-storage impersonation scams in order to steal payment credentials and financial information.
high
procedural
Explains the typical monetization tactic used after luring victims to fake storage dashboards.
Some phishing campaigns harvest credentials or payment details and then redirect victims to legitimate sites to obscure the fraud, and these scams commonly exploit fear and urgency and frequently target older adults.
high
behavioral
Describes follow-on concealment techniques and the emotional manipulation and demographic targeting used by attackers.
Social engineering attacks that use deceptive lures to trick employees can enable unauthorized parties to gain access to company systems.
high
general
Describes a common attack vector where attackers manipulate personnel rather than exploiting technical vulnerabilities.
Exposure of basic contact information such as names, email addresses, phone numbers, and physical addresses in a data breach can be used by criminals to carry out scams and phishing attacks.
high
general
Contact data is valuable to attackers for targeted fraud even when financial or government ID data are not exposed.
Users should delete unsolicited messages that request personal information or urge clicking links, and verify account alerts directly through official apps or websites instead of following links in the message.
high
general
This is a recommended practice to reduce risk from phishing and lookalike scam messages following breaches.