Tag: phishing
-
Booking.com Hack Exposes Customer Data, Sparks Travel Scam Fears
Booking.com confirms a data breach that exposed traveler details, raising urgent concerns about highly targeted phishing scams and customer safety. The post Booking.com Hack Exposes Customer Data, Sparks Travel Scam Fears appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-booking-com-data-breach-traveler-scam-risk/
-
FBI, Indonesia take down W3LL phishing tool
A widely used phishing tool that allowed hackers to create fake websites that looked like legitimate login portals for just $500 was disrupted by the FBI and law enforcement agencies in Indonesia. First seen on therecord.media Jump to article: therecord.media/phishing-takedown-indonesia-fbi
-
US, Indonesia shut down ‘sophisticated’ phishing kit
For a nominal fee, cybercriminals could rent access to a service that maliciously duplicated popular websites’ login portals. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/phishing-kit-takedown-w3ll-us-indonesia/817318/
-
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims’ account credentials and attempt more than $20 million in fraud.In tandem, authorities detained the alleged developer, who has& First…
-
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims’ account credentials and attempt more than $20 million in fraud.In tandem, authorities detained the alleged developer, who has& First…
-
Interactive Brokers Phishing Scam: Fake IRS W-8BEN Renewal Alert
The blog describes a phishing campaign identified by Cofense that impersonates Interactive Brokers using a fake IRS W-8BEN renewal email to trick users into clicking a malicious link. The email appears legitimate but uses a suspicious sender address and directs victims to a counterfeit login page designed to steal account credentials. First seen on securityboulevard.com…
-
GitHub and Jira Alerts Hijacked for Trusted-SaaS Phishing
Hackers are abusing GitHub and Jira’s built”‘in notification systems to send phishing emails that appear completely legitimate. Because these emails are sent from the platforms’ own mail servers, they pass standard checks like SPF, DKIM, and DMARC, making them very hard for traditional email gateways to block. The messages are routed via the official mail…
-
FBI Dismantles $20m Phishing Operation W3LL
The W3LL phishing kit has been associated with fraud attempts totaling $20m First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-dismantles-phishing-operation/
-
Operation Atlantic Seizes $12m in Crypto Losses
UK, US and Canadian authorities have identified over 20,000 victims of approval phishing scams that trick users into handing over full crypto wallet access First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/operation-atlantic-seizes-12m/
-
FBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Marketplace
FBI Atlanta and Indonesian National Police dismantle W3LLSTORE phishing market linked to $20M fraud, seizing domains and detaining developer. First seen on hackread.com Jump to article: hackread.com/fbi-atlanta-indonesian-police-w3llstore-phishing-market/
-
Globale Phishing-Kampagne: Kunden von Paketzustelldiensten geraten ins Visier
Tags: phishingFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/global-phishing-kampagne-kunden-paketzustelldienste-visier
-
The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks
Flashpoint analysts, working with partner financial institutions, have observed a growing number of PhaaS operations operating with a level of coordination and specialization more commonly associated with legitimate software platforms. These ecosystems bring together phishing kit developers, infrastructure providers, spam delivery services, and financially motivated actors into a single, scalable pipeline for fraud. First seen…
-
UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions
LucidRook is Lua malware used in phishing attacks on NGOs and universities in Taiwan, linked to UAT-10362, spread via password-protected emails. LucidRook is a new Lua-based malware used in targeted phishing attacks against NGOs and universities in Taiwan. Cisco Talos links it to a skilled group tracked as UAT-10362. In Oct 2025, attackers used password-protected…
-
GitHub, GitLab Abused for Malware and Phishing Campaigns
Hackers are increasingly abusing trusted software development platforms GitHub and GitLab to host malware and credential phishing campaigns, making defensive detection significantly harder for enterprises. Because these Git-based platforms are deeply integrated into development and business workflows, organizations cannot simply block them at the network edge, giving threat actors a powerful, trusted delivery channel. GitHub…
-
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-lucidrook-malware-used-in-targeted-attacks-on-ngos-universities/
-
New VENOM phishing attacks steal senior executives’ Microsoft logins
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called “VENOM” are targeting credentials of C-suite executives across multiple industries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins/
-
‘Several dozen’ high-value corporations hit by new extortion crew in helpdesk phishing spree
Possible link to Mr. Raccoon’s claimed Adobe break-in First seen on theregister.com Jump to article: www.theregister.com/2026/04/09/several_dozen_highvalue_corporations_targeted/
-
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook.”LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and First seen on thehackernews.com Jump to…
-
When attackers already have the keys, MFA is just another door to open
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user”, not the session”, blocking phishing relays and MFA bypass. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/when-attackers-already-have-the-keys-mfa-is-just-another-door-to-open/
-
New Phishing Campaign Exploits Google Storage to Deliver Remcos RAT
A recently observed phishing campaign is abusing Google Cloud Storage to deliver the Remcos remote access trojan (RAT), relying on trusted Google infrastructure and a signed Microsoft binary to evade traditional defenses. Attackers host a fake Google Drive login page on the legitimate domain storage.googleapis.com, making the URL appear trustworthy to both users and security…
-
Middle East HackHire Operation Traced to South Asian Cyber Espionage Group
A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/middle-east-hack-operation-bitter/
-
Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks
Hackers are using fake security tools and cleverly crafted phishing emails to secretly deploy a new malware family, LucidRook, against organizations in Taiwan. The campaign, tracked as UAT-10362, focuses on Taiwanese NGOs and likely universities and shows a high level of planning, stealth, and technical sophistication. The operation relies on spear-phishing emails sent via what appears…
-
Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure
Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. >>Because the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/09/saas-platforms-notification-systems-phishing/
-
Meta Business Alerts Abused for Phishing Campaigns
Hackers are weaponizing legitimate Meta Business Manager notifications to sneak phishing emails past security filters and into users’ inboxes. By abusing trusted Meta infrastructure, attackers make their messages appear authentic while quietly funneling victims to credential”‘stealing pages. Because Meta systems generate these invites, the emails come from real Meta domains such as facebookmail.com and pass…
-
AI Is Accelerating Cyberattacks Faster Than Defenses
Okta’s Brett Winterford on Identity Threats and Agentic AI Risks. AI is accelerating cyberattacks, collapsing timelines and exposing new identity risks. Okta’s Brett Winterford explains how attackers are using AI to scale phishing, exploit credentials and infiltrate enterprises – and what CIOs must do to defend against this rapidly evolving threat landscape. First seen on…
-
Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics
APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and…
-
Hackhire group caught targeting Android devices and iCloud backups
Security researchers exposed a spying campaign by a hack-for-hire group that used Android spyware and phishing to steal iCloud credentials and hack victims’ devices. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/08/hack-for-hire-group-caught-targeting-android-devices-and-icloud-backups/
-
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX.”PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control,” Trend Micro First seen on…
-
The Growing Abuse of GitHub and GitLab in Phishing Campaigns
Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity,…
-
Cyberkriminelle haben ihre Angriffe Monate im Voraus auf die Steuersaison 2026 vorbereitet
Check Point Software Technologies warnt vor einer deutlichen Zunahme von auf die Steuererklärungszeit ausgerichteten Cyberangriffen. Neue Erkenntnisse von Check Point Research zeigen, dass diese Kampagnen nicht opportunistisch entstehen. Die Angreifer bauen ihre Infrastruktur Monate im Voraus auf, indem sie betrügerische Domains, Phishing-Websites und schädliche E-Mail-Kampagnen nutzen. Hierzulande wird vor allem mit angeblichen E-Mails von Elster und…

