Tag: phishing
-
Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram
Cybersecurity researchers at Guardio Labs have uncovered a massive phishing operation dubbed AccountDumpling that has compromised more than 30,000 Facebook accounts worldwide. Unlike conventional phishing campaigns that rely on spoofed domains or compromised SMTP servers, this Vietnamese-linked operation abuses Google AppSheet to deliver fully authenticated malicious emails. Because the messages originate from legitimate Google infrastructure,…
-
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim to compromise Facebook accounts.The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000…
-
Wire-Chef Schilz: US-Investoren haben keinerlei Einfluss auf Wire
Tags: phishingNach den Phishing-Angriffen auf Signal-Nutzer plant der Bundestag einen Wechsel zu Wire. Firmenchef Schilz erläutert die Unterschiede zwischen beiden Messengern. First seen on golem.de Jump to article: www.golem.de/news/wire-chef-schilz-kein-produkt-auf-der-welt-bietet-absolute-sicherheit-2605-208222.html
-
Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise
Microsoft flagged 8.3 billion phishing emails as attackers turned to QR codes, fake CAPTCHAs, PhaaS kits, and file-based payloads. The post Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-phishing-emails-qr-codes-captcha-phaas/
-
As email phishing evolves, malicious attachments decline and QR codes surge
A new Microsoft report also describes the collapse of a once-dominant tool for generating phishing websites with fake CAPTCHAs. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/email-phishing-trends-microsoft-qr-codes/819077/
-
Phishing-Attacke auf Politiker: Signal verspricht künftig besseren Schutz
Tags: phishingFirst seen on t3n.de Jump to article: t3n.de/news/signal-phishing-attacke-politiker-schutz-1740123/
-
86% of Phishing Attacks are AI Driven, KnowBe4 Research Finds
KnowBe4, the digital workforce security provider, securing both AI agents and humans, has announced new research, Phishing Threat Trends Report Volume Seven. The report finds a seismic shift in the attack vectors utilized to conduct phishing attacks, including touchpoints outside of traditional email communication such as calendar invitations and messaging tools. “The inbox is no…
-
CAPTCHA and ClickFix Abuse Fuels Credential Theft Surge
Attackers are increasingly combining QR codes, fake CAPTCHA gates, and ClickFix-style tricks to steal credentials at scale, even as major phishing-as-a-service (PhaaS) platforms face disruption. These tactics shift risk from traditional malware attachments to highly convincing, hosted phishing flows that are harder for both users and email filters to spot. Across this volume, 78% of…
-
Wire-Chef Schilz: Kein Produkt auf der Welt bietet absolute Sicherheit
Tags: phishingNach den Phishing-Angriffen auf Signal-Nutzer plant der Bundestag einen Wechsel zu Wire. Firmenchef Schilz erläutert die Unterschiede zwischen beiden Messengern. First seen on golem.de Jump to article: www.golem.de/news/wire-chef-schilz-kein-produkt-auf-der-welt-bietet-absolute-sicherheit-2605-208222.html
-
The Cyber Express Weekly Roundup: Data Breaches, AI Risks, and Phishing Campaigns Dominate Cybersecurity Landscape
In this week’s First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity/
-
Bot her emails: most modern phishing campaigns are AI-enabled
KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/modern_phishing_campaigns_ai/
-
New Bluekit phishing service includes an AI assistant, 40 templates
A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-bluekit-phishing-service-includes-an-ai-assistant-40-templates/
-
OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts
OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks. First seen on wired.com Jump to article: www.wired.com/story/openai-chatgpt-codex-advanced-account-security/
-
Two new extortion crews are speedrunning the Scattered Spider playbook
CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion. First seen on cyberscoop.com Jump to article: cyberscoop.com/crowdstrike-cordial-spider-snarky-spider-extortion-attacks/
-
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it’s 2005
Turns out the real problem is not AI but staff still clicking on dodgy emails from ‘IT support’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/almost_half_of_uk_firms/
-
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it’s 2005
Turns out the real problem is not AI but staff still clicking on dodgy emails from ‘IT support’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/almost_half_of_uk_firms/
-
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it’s 2005
Turns out the real problem is not AI but staff still clicking on dodgy emails from ‘IT support’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/almost_half_of_uk_firms/
-
Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails
Robinhood fixed an account-creation flaw that hackers abused to send convincing phishing emails from its own system to some users over the weekend. The post Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-robinhood-phishing-emails-official-address/
-
New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks
Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections. First seen on hackread.com Jump to article: hackread.com/bluekit-phishing-kit-targets-platforms-mfa-bypass-attack/
-
New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks
Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections. First seen on hackread.com Jump to article: hackread.com/bluekit-phishing-kit-targets-platforms-mfa-bypass-attack/
-
New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks
Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections. First seen on hackread.com Jump to article: hackread.com/bluekit-phishing-kit-targets-platforms-mfa-bypass-attack/
-
CISA flags data-theft bug in NSA-built OT networking tool
GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough First seen on theregister.com Jump to article: www.theregister.com/2026/04/29/cisa_flags_datatheft_bug_in/
-
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain.We aren’t just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes.The problem? Most…
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords
Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry. First seen on hackread.com Jump to article: hackread.com/dhl-phishing-scam-attack-chain-steal-passwords/
-
China-linked hackers led phishing campaigns targeting journalists and activists, researchers say
The aim of the campaigns was to steal credentials and likely enable “follow-on operations in the interest of the Chinese government,” the report said. First seen on therecord.media Jump to article: therecord.media/china-linked-hackers-led-phishing-campaigns-journalists
-
Signal Phishing Campaign Targets German Officials in Suspected Russian Operation
Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via…