Tag: phishing
-
Illicit Enterprise: An Anatomy of the Modern Underground Phishing Marketplace
Intel 471 analysts examined the evolving ecosystem of cybercriminal phishing marketplaces. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/illicit-enterprise-an-anatomy-of-the-modern-underground-phishing-marketplace/
-
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (PhaaS) platforms, making the once obscure technique widely accessible. New kits are appearing almost weekly, many seemingly…
-
Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/stolen-iphone-unlocking-tools-telegram-groups/
-
KnowBe4 kooperiert mit EasyDMARC und Secure Code Warrior
Im Fokus stehen dabei zwei zentrale Problemfelder moderner IT-Sicherheit: Domain- und E-Mail-Schutz gegen Phishing sowie sichere Programmierung First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-kooperiert-mit-easydmarc-und-secure-code-warrior/a45154/
-
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts. First seen on hackread.com Jump to article: hackread.com/calphishing-eviltokens-kit-outlook-invites-m365/
-
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol disrupted Tycoon 2FA infrastructure. Despite that operation, the actors have quickly adapted, reusing their…
-
‘FrostyNeighbor’ APT Carefully Targets Govt Orgs in Poland, Ukraine
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/frostyneighbor-apt-govt-orgs-poland-ukraine
-
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cyber-enabled-cargo-crime-how-cybercrime-tradecraft-is-used-to-steal-freight/
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
Tags: attack, authentication, business, cloud, communications, control, credentials, defense, detection, email, framework, government, infrastructure, login, malicious, malware, mfa, microsoft, phishing, service, theftThe campaign dynamically adapts to victims: After deobfuscation, the phishing payload loads infrastructure designed to impersonate Microsoft 365 and other login portals while dynamically adapting to targeted users.According to the report, the malware can determine which authentication provider should be impersonated, preload victim email addresses into phishing pages, and customize branding elements such as company…
-
Your iPhone Gets Stolen. Then the Hacking Begins
A bustling underground ecosystem is providing criminals with the tools to unlock iPhones”, and wage phishing attacks against their contacts to access bank accounts and more. First seen on wired.com Jump to article: www.wired.com/story/your-iphone-gets-stolen-then-the-hacking-begins/
-
Threat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing Sites
Threat actors are rapidly adopting generative AI platforms to scale phishing operations, and Vercel has emerged as a powerful enabler in this shift. Vercel is a cloud-based platform designed to help developers build and deploy modern web applications quickly. Its GenAI-powered tool, v0[.]dev, allows users to generate fully functional websites using simple text prompts. While…
-
FIFA WM 2026: So erkennen Fans Ticket-Betrug, Fake-Visas und Phishing-Fallen
Wer ein Angebot entdeckt, das zu gut klingt, um wahr zu sein, sollte einen eigenen ‘VAR-Check” durchführen: Quelle prüfen, URL kontrollieren, niemals unter Druck handeln. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/fifa-wm-2026-so-erkennen-fans-ticket-betrug-fake-visas-und-phishing-fallen/a45100/
-
Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
A newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign highlights how modern browser extension abuse is evolving beyond static code inspection, making detection significantly harder. At first glance, it appears legitimate, even displaying “1,000,000+ users” and strong ratings on the Chrome…
-
Phishing-Großangriff seit vier Jahren: Operation HookedWing
Tags: phishingSeit über vier Jahren infiltriert die Operation HookedWing gezielt kritische Sektoren durch Phishing. Über 500 Organisationen sind vom Datendiebstahl betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-grossangriff-vier-jahre
-
Hackers Hid Inside Major UK Water Utility for Nearly 2 Years
ICO Warns Key Security Gaps Led to Exposed Data of Over 630,000 People. A British regulator said a major water sector organization failed to use establish cybersecurity safeguards to secure sensitive data, allowing hackers to use a phishing campaign to gain persistence, steal records and expose more than 630,000 sensitive records. First seen on govinfosecurity.com…
-
Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites
Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-vercel-genai-phishing-sites/
-
Python Infostealer Hides in GitHub Releases to Bypass Detection
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low”‘visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cyberespionage against Russian”‘speaking targets using humanitarian”‘themed lures and a PE”‘less Python architecture. The campaign starts with phishing emails that deliver a RAR archive containing…
-
Messenger: So will Signal Phishing-Angriffe erschweren
Nachdem die Messenger-App Signal Ziel einer Phishing-Attacke unter anderem auf Politiker geworden ist, sollen solche Angriffe erschwert werden. First seen on golem.de Jump to article: www.golem.de/news/messenger-so-will-signal-phishing-angriffe-erschweren-2605-208511.html
-
Identitäten wie Perimeter behandeln
Der World-Password-Day ist nicht mehr nur ein Anstoß, sich stärkere Passwörter zu wählen, sondern ein Anlass, das Thema Identität neu zu überdenken. Cyberkriminelle müssen sich kaum noch reinhacken, sie stehlen die Zugangsdaten einfach über Phishing, Malware oder gehackte Datenbanken und loggen sich einfach ein. Wiederverwendete Passwörter ermöglichen es ihnen, sich über mehrere Dienste und Plattformen…
-
Scammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams
Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes. First seen on hackread.com Jump to article: hackread.com/scammers-text-bypass-ai-email-filters-phishing-scams/
-
Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking
New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishing technique, in which victims are lured to call attacker-controlled numbers rather than clicking malicious…
-
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
Tags: phishingCofense has warned of a “significant” increase in phishing campaigns abusing Vercel platform First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/researchers-spot-uptick-vercel/
-
Saiga 2FA: Gefährliches Phishing-Kit kehrt mit neuer Tarntechnik zurück
Neue Analysen von Barracuda Research zeigen aktuelle Angriffswellen eines selten beobachteten Phishing-Kits mit dem Namen Saiga 2FA. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/saiga-2fa-gefaehrliches-phishing-kit
-
Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins
Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look”‘alike phishing ad above the legitimate ManageWP result and proxying victims’ logins in real time via an adversary”‘in”‘the”‘middle (AiTM) setup. The attackers purchase a sponsored Google ads that imitates ManageWP branding and appears as the top result, while the legitimate domain is…
-
Cybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFA
Tags: authentication, credentials, cyber, cybercrime, espionage, exploit, iran, login, mfa, microsoft, phishing, ransomware, threatIranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espionage operations, using Microsoft Teams as a phishing vector to steal credentials and manipulate multi-factor authentication (MFA). Rapid7 researchers uncovered the intrusion in early 2026, revealing a calculated false flag operation designed to mimic financially…