Author: Cyber Analyst
-
Most Common Passwords in 2024: The Psychology Behind 10 Billion Leaked Credentials
The most common passwords 2024 list delivers a shocking verdict on corporate security: “secret” topped US rankings while “123456” dominated globally, contributing to an unprecedented 10 billion plaintext passwords leaked in the RockYou2024 breach alone. This catastrophic exposure affected 5.5 billion accounts, an eightfold increase from 2023, costing businesses $4.88 million per breach on average.…
-
DMARC, SPF & DKIM: Why Email Authentication Alone Won’t Stop Phishing
Email authentication protocols like SPF, DKIM, and DMARC are important building blocks in protecting email. They help prevent direct spoofing of your organization’s exact domain name, and they provide reporting insights into who is sending mail on your behalf. But in 2025, phishing remains the top reported cybercrime, and billions in losses are still attributed…
-
Typosquatting: guía clave sobre la nueva estafa digital y cómo protegerte en 2025
El typosquatting es una de las estafas digitales más peligrosas que están creciendo en 2025. Se trata de una técnica usada por ciberdelincuentes que registran dominios muy similares a los de empresas legítimas, aprovechándose de pequeños errores tipográficos para engañar al usuario. Imagina que intentas entrar a goggle.com en lugar de google.com: esa mínima diferencia…
-
Levenshtein Distance Algorithm: Why It’s Not Enough for Domain Security
The Levenshtein distance algorithm calculates the minimum number of single-character edits needed to transform one string into another, making it a fundamental tool for detecting typosquatted domains like “gooogle.com” or “mircosoft.com.” While this mathematical approach developed by Vladimir Levenshtein in 1965 remains valuable, it represents just one module among SpoofGuard’s 35 different typosquatting generation techniques.…
-
Tariff Phishing Scams: How Trade Wars Weaponize Cybercrime in 2025
The $16.6 Billion Connection Between Tariffs and Cybercrime The numbers tell a chilling story: within the first three months of 2025, cybersecurity firm BforeAI tracked 301 malicious domain registrations specifically targeting tariff confusion. This isn’t coincidence – it’s a calculated exploitation of economic uncertainty. As Trump’s tariffs reshape global trade, creating average household tax increases…
-
Spoofing bancario: la nueva estafa que amenaza a clientes de CaixaBank
El spoofing bancario se ha convertido en una de las estafas más peligrosas en España en 2025, afectando especialmente a clientes de entidades como CaixaBank. Esta modalidad de fraude no solo suplanta números telefónicos legítimos, sino que utiliza ingeniería social para que los usuarios entreguen voluntariamente sus datos más sensibles. En este artículo te explicamos…
-
Supply Chain Phishing Attacks Targets npm: How Package Hijacking Threatens Your Code
Supply chain attacks have evolved into one of the most dangerous threats facing modern software development. The recent hijacking of popular npm linter packages through sophisticated phishing campaigns demonstrates how attackers are targeting the very tools developers trust. When the maintainer of npm packages like eslint-config-prettier and eslint-plugin-prettier fell victim to targeted phishing, millions of…
-
¿Cómo identificar una campaña de phishing?
Detectar una campaña de phishing a tiempo puede marcar la diferencia entre mantener tu seguridad digital o convertirte en víctima de un robo de identidad. Estas campañas maliciosas son cada vez más sofisticadas y frecuentes. Desde correos electrónicos falsificados hasta mensajes de texto y sitios clonados, el phishing evoluciona y se adapta constantemente. En esta…
-
Cybersécurité et IA : opportunités et risques
L’intelligence artificielle (IA) révolutionne le domaine de la cybersécurité. Utilisée à bon escient, elle permet d’améliorer la détection des menaces, d’automatiser les réponses aux incidents et de renforcer les systèmes de défense. Cependant, cette même technologie est également exploitée par les cybercriminels pour mener des attaques plus rapides, furtives et précises. Quels sont donc les…
-
Phishing as a Service Exposed: How Cybercrime Went Mainstream in 2025
Phishing as a service has transformed cybercrime from a technical challenge into a point-and-click business opportunity. For minimal cost, anyone with basic computer skills can now launch sophisticated phishing campaigns that bypass multi-factor authentication and harvest credentials at scale. The recent emergence of the Rockstar 2FA platform, which specifically targets Microsoft 365 accounts with adversary-in-the-middle…