Tag: phishing
-
Phishing Scammers Impersonating City, County Officials, Demanding Payment: FBI
Scammers are impersonating local municipal officials around the country with seemingly legitimate phishing messages demanding payment for permits. The bad actors grab publicly available information and use them in their emails to fool their targets. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/phishing-scammers-impersonating-city-county-officials-demanding-payment-fbi/
-
Cybercriminals impersonating city officials to steal permit payments, FBI says
In a notice on Monday, the agency said people and businesses with active applications for the permits are being targeted with phishing emails that often include detailed, accurate information “including property addresses, case numbers, and the true names of city and county officials.” First seen on therecord.media Jump to article: therecord.media/cybercriminals-impersonate-city-officials-permit-payments
-
Top 10 Best Anti-Phishing Tools in 2026
The cybersecurity landscape has shifted dramatically, and traditional spam filters are no longer enough to protect sensitive enterprise data. As we navigate through 2026, threat actors are leveraging sophisticated AI-powered exploits to bypass standard security protocols, craft hyper-realistic deepfake audio messages, and execute highly targeted Business Email Compromise (BEC) campaigns. Phishing has evolved from obvious,…
-
Signal and WhatsApp accounts targeted in phishing campaign
Dutch intelligence warns that attackers are hijacking Signal and WhatsApp accounts by tricking users into sharing verification codes or linking a malicious device. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/signal-and-whatsapp-accounts-targeted-in-phishing-campaign/
-
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page, Datadog … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/10/aitm-phishing-aws-accounts/
-
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix
Tags: access, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, detection, exploit, firewall, incident, incident response, infrastructure, insurance, ISO-27001, metric, mfa, monitoring, network, office, phishing, ransomware, regulation, resilience, risk, risk-management, service, siem, soc, stuxnet, supply-chain, tool, vpn, vulnerability, zero-dayWhy everyone knows it’s burning, but nobody pulls the fire alarm: When I talk to OT managers, production leads or plant engineers, I rarely hear, “We didn’t know we had a problem.” Far more often, it’s, “We know it’s critical, but we can’t just shut it down.” This gap between awareness and action is the…
-
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform
Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used to send millions of phishing emails to over 500,000 orgs worldwide. The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By…
-
Phishing campaign spoofs local officials to steal permit fees
The FBI is warning about a phishing scheme in which cybercriminals impersonate city and county officials to solicit fraudulent payments for planning and zoning permits. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/10/fbi-phishing-scheme-planning-zoning-permit-fees/
-
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft
Tags: access, android, control, credentials, cyber, cybercrime, data, LLM, malware, phishing, ransomware, theftA new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware”‘as”‘a”‘service (MaaS) ecosystem. The malware, marketed under the SURXRAT V5 branding, enables cybercriminals to create customized Android malware builds capable of surveillance, credential theft, remote device control, and ransomware-style device locking. The malware appears…
-
Signed malware posing as Teams and Zoom apps drops RMM backdoors
A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors. The activity, attributed to an as-yet unidentified threat actor, highlights how trusted branding and valid-looking digital signatures can be abused to gain stealthy, long-term access in…
-
Signal Confirms Sophisticated Phishing Scheme Caused Account Compromises
The secure messaging platform Signal recently confirmed active, targeted phishing campaigns resulting in severe account takeovers. These sophisticated attacks have successfully compromised the accounts of high-profile individuals, specifically targeting government officials and journalists. Despite these high-profile breaches, Signal explicitly clarified that its underlying infrastructure and end-to-end encryption protocols remain robust and completely uncompromised. The breaches…
-
Microsoft Teams phishing targets employees with A0Backdoor malware
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
-
Microsoft Teams phishing targets employees with A0Backdoor malware
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
-
Microsoft Teams phishing targets employees with backdoors
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
-
FBI alert: scammers target zoning permit applicants
The FBI warns of phishing attacks where crooks impersonate U.S. city and county officials to target people requesting planning and zoning permits. The FBI warns that scammers are impersonating U.S. city and county officials in phishing campaigns targeting businesses and individuals applying for planning or zoning permits. Using publicly available information, attackers craft messages that…
-
Malicious Chrome Extension Targets imToken Wallet Users
A fake Chrome extension impersonating imToken redirects users to phishing pages to steal crypto wallet keys. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-chrome-extension-targets-imtoken-wallet-users/
-
Dutch govt warns of Signal, WhatsApp account hijacking attacks
Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dutch-govt-warns-of-signal-whatsapp-account-hijacking-attacks/
-
FBI warns of phishing attacks impersonating US city, county officials
The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-attacks-impersonating-us-city-county-officials/
-
Russian cybercrims phish their way into officials’ Signal and WhatsApp accounts
Dutch spies flag large-scale campaign to hijack secure messaging accounts First seen on theregister.com Jump to article: www.theregister.com/2026/03/09/dutch_spies_say_russian_cybercrims/
-
MaaS VIP Keylogger Campaign Uses Steganography to Steal Credentials at Scale
A large-scale spear-phishing campaign distributing aVIP Keyloggervariant sold as Malware-as-a-Service (MaaS). The campaign employs steganography, in-memory execution, and modular payload design to evade defenses while harvesting credentials across browsers, email clients, and collaboration tools. Researchers observed fraudulent purchase-order emails that encouraged victims to open an attached RAR file. The compressed archive contained an executable disguised…
-
Cybercrime Group in Vietnam Enables Massive Fraudulent Signups
A wave of fraudulent account registrations to a cybercrime ecosystem operating out of Vietnam. These fake accounts are not just spam; they underpin large-scale financial fraud, phishing, and interpersonal scams that erode trust in online platforms. Attackers scripted mass “puppet” signups on victim services, triggered SMS messages to premium-rate numbers, and then monetized the telecom…
-
EU-Generalanwalt: Banken sollen Phishing-Opfer immer sofort entschädigen
Tags: phishingEin Generalanwalt des EuGH spricht sich dafür aus, dass Banken Phishing-Opfer auch bei grober Fahrlässigkeit zunächst entschädigen müssen. First seen on golem.de Jump to article: www.golem.de/news/eu-generalanwalt-banken-sollen-phishing-opfer-immer-sofort-entschaedigen-2603-206236.html
-
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-arpa-dns-and-ipv6-to-evade-phishing-defenses/