Wednesday , April 30 2025
Quishing

Quishing: New Phishing Attacks Tactics Rising

Researchers found a big phishing campaign that uses QR codes to trick people. QR code fraud or “quishing” is a type of phishing where hackers pretend to be a trustworthy source to trick people into giving sensitive information or downloading malware.

This trend is concerning and should not be ignored. It puts both individuals and organizations at high risk.

Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol

Security vulnerabilities in Apple's AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including...
Read More
Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol

Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

CISA Adds Actively Exploited Broadcom Flaws to KEV Database

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault...
Read More
CISA Adds Actively Exploited Broadcom Flaws to KEV Database

Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

Google's Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related...
Read More
Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

Palo Alto Networks to Acquire AI Security Firm “Protect AI”

On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
Palo Alto Networks to Acquire AI Security Firm “Protect AI”

CISA Releases Seven ICS Advisories

On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
CISA Releases Seven ICS Advisories

India Launches First Quantum Computing Village in Amaravati

India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
India Launches First Quantum Computing Village in Amaravati

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library

A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
CVE-2025-43859  Request Smuggling Vulnerability in Python’s h11 HTTP Library
Figure 1: Quishing Kill Chain

Interpol seized 16 shops that were a well-known phishing platform, a big win. But “phishing-as-a-service” platforms make it even easier to launch attacks.

The popularity of QR codes creates a perfect storm for phishing attacks. Trellix’s research provides important insights about the seriousness of the threat. More than 60,000 quishing samples were found in just one quarter. They used different tactics like postal phishing, spear phishing, and malware delivery to target users.

To understand how quishing works, let’s delve into the “Quishing Kill Chain”:

Attackers distribute malicious QR codes: These codes can be found anywhere.

Unsuspecting victims scan the codes: This action leads to harmful websites.

Attackers achieve their malicious goals: This could involve unauthorized access or causing additional harm.

The resurgence of QR codes has paved the way for quishing to flourish. Attackers abuse our trust in codes and our tendency to act quickly when in a hurry. This makes people and organizations vulnerable to advanced phishing tactics.

Figure 2: Quishing Heat Map

Trellix’s research reveals insightful details about recent quishing campaigns:

Postal quishing: Emails posing as FedEx and DHL exploit delivery concerns, redirecting recipients to counterfeit login pages.

Spear quishing: tricking employees with fake emails

File-share quishing: shady links disguised as legitimate documents.

Crypto wallet quishing: Stealing crypto wallet phrases and private keys from impersonated Coinbase and Binance.

To prevent falling victim to quishing, here are some essential tips:

Only scan QR codes from trusted sources: Verify the legitimacy of any code before scanning.

Check if the QR code is from a trustworthy source like an email, website, or location.

Do not provide personal information after scanning a QR code.

Invest in email security and anti-malware software to protect your devices.

Stay informed and keep up-to-date about the latest phishing tactics. Make sure to educate others about the tactic known as “quishing”.

Check Also

MITRE

MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and …

Leave a Reply

Your email address will not be published. Required fields are marked *