Tag: phishing
-
Phishing campaign used fake compliance notices to compromise employee accounts
Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/microsoft-phishing-fake-compliance-notices/
-
Education Sector Hit by Espionage, Phishing, and Supply Chain Attacks
Educational institutions are now facing a coordinated mix of state espionage, spear”‘phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivated groups observed. China-aligned clusters led by MISSION2074 dominate, with additional activity from Stone Panda, Hafnium, Lotus…
-
Warum unser Passwort von gestern heute ein Problem ist
Die meisten Nutzer verschwenden erst dann einen Gedanken an ihre Passwörter, wenn eine der lästigen Aufforderungen zur Änderung aufploppt. Doch Passwort-Pflege ist weit mehr als eine ungeliebte Pflicht zum Welt-Passwort-Tag ist ein radikales Umdenken fällig. Ob durch gezieltes Phishing, Angriffe auf zentrale Verzeichnisse oder lautlose Infostealer-Malware: Cyberkriminelle haben es auf unsere Zugangsdaten abgesehen. Das […]…
-
Microsoft warns of global campaign stealing auth tokens from 35K users
Microsoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers used fake “code of conduct” emails sent through legitimate platforms to trick recipients into visiting bogus…
-
Attackers Exploit Amazon SES to Send Authenticated Phishing Emails
Attackers are increasingly abusing Amazon Simple Email Service (SES) to deliver highly convincing phishing emails that bypass traditional security controls, marking a growing trend in email-based threats. The primary goal of any phishing campaign is to evade detection while tricking victims into revealing sensitive data. To achieve this, threat actors continuously refine their techniques, using…
-
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens.The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26 countries,…
-
KI treibt Phishing in neue Dimensionen: 86 % aller Angriffe jetzt automatisiert
Phishing ist 2026 kein einzelner Angriff mehr, sondern ein orchestriertes Zusammenspiel aus Technologie, Psychologie und KI. Wer sich schützen will, muss genau dort ansetzen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ki-treibt-phishing-in-neue-dimensionen-86-aller-angriffe-jetzt-automatisiert/a44982/
-
Amazon SES Phishing: Angriffe über geleakte AWS-Zugangsdaten
Cyberkriminelle setzen verstärkt auf legitime Cloud-Dienste, um täuschend echte Phishing-Angriffe durchzuführen. Besonders Amazon Simple Email Service gerät dabei ins Visier, da er eigentlich für vertrauenswürdige Unternehmens-Kommunikation genutzt wird. Sicherheits-Forscher sehen darin eine neue Eskalationsstufe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/amazon-ses-phishing
-
RMM Tools Fuel Stealthy Phishing Campaign
Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/rmm-tools-stealthy-phishing-campaign
-
Amazon SES increasingly abused in phishing to evade detection
The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amazon-ses-increasingly-abused-in-phishing-to-evade-detection/
-
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts.The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps…
-
âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches.While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and…
-
Smishing at Scale: What Our Expert Panel Revealed About the Mobile Phishing Supply Chain
Recap of the live panel hosted by Constella and WMC Global on April 30, 2026 â–¶ Watch the full recording If you’ve gotten a text recently warning you about an unpaid toll, a missed delivery, or suspicious activity on your bank account, you’ve interacted, however briefly, with one of the most sophisticated fraud… First seen…
-
EasyDMARC and KnowBe4 Partner to Advance Proactive Email Security as Phishing Fuels More Than One-Third of Cyberattacks
Originally published at EasyDMARC and KnowBe4 Partner to Advance Proactive Email Security as Phishing Fuels More Than One-Third of Cyberattacks by Anush Yolyan. Dover, Delaware and Tampa Bay, Florida – May … First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/easydmarc-and-knowbe4-partner-to-advance-proactive-email-security-as-phishing-fuels-more-than-one-third-of-cyberattacks/
-
Thousands of Facebook accounts stolen by phishing emails sent through Google
In an ongoing operation, hackers are hijacking Facebook accounts using Google AppSheet to send phishing emails that pass security checks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/thousands-of-facebook-accounts-stolen-by-phishing-emails-sent-through-google/
-
Bluekit Phishing Kit Streamlines Domains, 2FA Lures, and Session Hijacking
A newly discovered phishing kit called “Bluekit” is reshaping how cybercriminals run phishing campaigns by combining multiple attack stages into a single, centralized platform. Instead, Bluekit integrates these capabilities into one operator panel, streamlining the entire attack lifecycle from setup to data exfiltration. This shift reflects a broader trend toward automation and ease of use…
-
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor.The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.”Both waves…
-
Voyage Privé Datenleck: Reisepass- und Buchungsdaten kompromittiert
Das Voyage Privé Datenleck entwickelt sich zu einem gravierenden Sicherheitsvorfall für Reisende. Neben Kontaktdaten könnten auch sensible Passdaten betroffen sein. Gleichzeitig warnen Experten vor gezielten Phishing-Angriffen im Zusammenhang mit echten Buchungen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/voyage-prive-datenleck
-
Bluekit phishing kit enables automated phishing with 40+ templates and AI tools
Bluekit is a new phishing kit with AI features, automated domain setup, and tools like spoofing, voice cloning, and 40+ attack templates. Bluekit is a newly discovered phishing kit still in development that includes advanced features such as an AI assistant and automated domain registration. According to Varonis, it offers over 40 website templates along…
-
Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge
Email bombing campaigns combined with fake IT support outreach are driving a surge in sophisticated Microsoft Teams phishing attacks. The attacks typically begin with email bombing, where victims are flooded with spam messages to create confusion and urgency. Shortly after, threat actors initiate contact via Microsoft Teams, impersonating internal IT support or helpdesk personnel. Posing…
-
Fake Party Invites and the Rise of Social Phishing Attacks
Attackers are now impersonating invitation services to trick people into clicking malicious links and sharing sensitive information. These phishing attempts look like legitimate event invites, making them especially effective. In this episode, we discuss how these scams work and what steps you can take to stay protected. Special thanks to Guardsquare for sponsoring this episode!……
-
ChatGPT advanced account security adds passkeys and hardware keys
Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/openai-chatgpt-advanced-account-security/
-
BKA-Statistik: So sehr gefährden Kartenbetrug und Phishing dein Geld
Tags: phishingFirst seen on t3n.de Jump to article: t3n.de/news/bka-statistik-kartenbetrug-phishing-1739592/
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
Google AppSheet Exploited in 30,000-User Facebook Phishing Operation
Scammers are abusing Google AppSheet and Google Drive to bypass security filters and steal thousands of Facebook Business accounts globally. First seen on hackread.com Jump to article: hackread.com/google-appsheet-facebook-accountdumpling-scam/
-
Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram
Cybersecurity researchers at Guardio Labs have uncovered a massive phishing operation dubbed AccountDumpling that has compromised more than 30,000 Facebook accounts worldwide. Unlike conventional phishing campaigns that rely on spoofed domains or compromised SMTP servers, this Vietnamese-linked operation abuses Google AppSheet to deliver fully authenticated malicious emails. Because the messages originate from legitimate Google infrastructure,…
-
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim to compromise Facebook accounts.The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000…