Tag: phishing
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
Europol-Led Operation Takes Down Tycoon 2FA Phishing-asService Linked to 64,000 Attacks
Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies.The subscription-based phishing kit, which first emerged in August 2023, was described by Europol as one of the largest phishing First seen on…
-
Tycoon 2FA Phishing Operation Dismantled in Joint Raid by Microsoft and Europol
Microsoft, Europol, and industry partners have successfully dismantled the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform. Operating since August 2023, this immense adversary-in-the-middle (AiTM) operation allowed cybercriminals to bypass multi-factor authentication (MFA) and infiltrate over 96,000 distinct victims globally. This coordinated disruption marks a significant blow to the cybercriminal impersonation economy. Anatomy of the Tycoon 2FA Threat…
-
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
-
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
-
Kratos: Neues Phishing-as-aKit ermöglicht selbst Anfängern Ausführung hochkomplexer Angriffe
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/kratos-neu-phishing-as-a-service-kit-ausfuehrung-hochkomplex-angriffe
-
Global coalition dismantles Tycoon 2FA phishing kit
Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform’s core infrastructure. The alleged creator was also named in a civil complaint. First seen on cyberscoop.com Jump to article: cyberscoop.com/tycoon-2fa-phishing-kit-takedown-microsoft/
-
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware
A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks First seen on hackread.com Jump to article: hackread.com/fake-zoom-teams-invites-malware-certificates/
-
Iranian-U.S./Israeli Hostilities Lead to Increased Threat Landscape
Tags: attack, credentials, cyber, data-breach, disinformation, espionage, exploit, intelligence, iran, phishing, risk, theft, threatOverview Iranian”‘aligned cyber actors pose an elevated near”‘term risk due to their history of espionage, credential theft, disruptive attacks, and high”‘visibility “hacktivist” and disinformation operations, often targeting U.S. and allied interests through phishing, exploitation of exposed systems, and social manipulation. Given the current active hostilities between Iran and the U.S./Israeli-led coalition, threat intelligence indicates activity”¦…
-
Tycoon2FA phishing platform dismantled in major operation
A Europol-led sting against the infamous Tycoon2FA MFA bypass phishing service has been successful, with operations disrupted and ringleaders and cyber criminal users identified First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639642/Tycoon2FA-phishing-platform-dismantled-in-major-operation
-
Europol-coordinated action disrupts Tycoon2FA phishing platform
An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/europol-coordinated-action-disrupts-tycoon2fa-phishing-platform/
-
Global Takedown Neutralizes Tycoon2FA Phishing Service
Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/global-takedown-tycoon2fa-phishing/
-
Wenn Phishing zur ‘PlugPlay”-Dienstleistung wird: Das Kratos-Kit im Blick
Die KnowBe4 Threat Labs haben Anfang 2026 ein Phishing-as-a-Service-Kit namens Kratos aufgespürt. Eine Plattform, die selbst technisch weniger versierten Angreifern ermöglicht, hochkomplexe, internationale Phishing-Kampagnen aufzusetzen schnell, skalierbar und erschreckend professionell. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-phishing-zur-plug-and-play-dienstleistung-wird-das-kratos-kit-im-blick/a43945/
-
Wenn Phishing zur ‘PlugPlay”-Dienstleistung wird: Das Kratos-Kit im Blick
Die KnowBe4 Threat Labs haben Anfang 2026 ein Phishing-as-a-Service-Kit namens Kratos aufgespürt. Eine Plattform, die selbst technisch weniger versierten Angreifern ermöglicht, hochkomplexe, internationale Phishing-Kampagnen aufzusetzen schnell, skalierbar und erschreckend professionell. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-phishing-zur-plug-and-play-dienstleistung-wird-das-kratos-kit-im-blick/a43945/
-
Russian hackers deploy new malware in phishing campaign targeting Ukraine
Researchers have identified a suspected Russian espionage campaign targeting Ukraine that uses two previously undocumented malware strains. First seen on therecord.media Jump to article: therecord.media/russian-ukraine-hackers-malware
-
Chinesische Cyberspionage-Gruppe Silver-Dragon hat Behörden in Europa und Asien im Visier
Die Sicherheitsforensiker von Check Point Research (CPR) haben eine Cyberspionage-kampagne identifiziert, die sich gegen Regierungs-organisationen in Südostasien und Teilen Europas richtet. CPR nennt die Gruppe ‘Silver Dragon>> und nach Einschätzung der Sicherheitsexperten ist sie seit mindestens Mitte 2024 aktiv. Die Kampagne kombiniert Server-Exploits, Phishing, maßgeschneiderte Malware und eine cloudbasierte Befehlsinfrastruktur, um langfristigen Zugriff auf die…
-
Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks
Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/attackers-abuse-oauths-built-in-redirects-to-launch-phishing-and-malware-attacks/
-
Iranian cyberattacks fail to materialize but threat remains acute
Tags: ai, application-security, attack, ceo, control, country, cyber, cyberattack, cybercrime, cybersecurity, defense, endpoint, finance, government, group, healthcare, infrastructure, intelligence, Internet, iran, malware, mfa, monitoring, phishing, risk, service, supply-chain, technology, threat, tool, update, vpnTargeting and response: According to Adrian Cheek, a senior cybercrime researcher at Canadian threat intelligence company Flare, the most at-risk sectors are critical infrastructure, including the defense and government supply chain, financial services, energy, and healthcare.”Water, energy, and healthcare sectors are currently the most exposed. These sectors combine high targeting priority with weak baseline security,…
-
Phishing in 2026: 3 Attack Tactics That Beat Most Enterprise Defenses
Phishing drives about 90% of cyberattacks in 2026, using tactics like encrypted flows, QR code scams, and trusted cloud platforms to steal credentials. First seen on hackread.com Jump to article: hackread.com/phishing-2026-attack-tactics-beat-enterprise-defenses/
-
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting…
-
China’s Silver Dragon Razes Governments in EU, SE Asia
The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyberespionage activities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-silver-dragon-governments-eu-se-asia
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.”Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,” Check Point said…
-
Phishing Campaign Uses Google Cloud to Host Malicious Redirects via GCS Bucket
A sophisticated phishing campaign has recently emerged, leveraging Google Cloud’s trusted infrastructure to host malicious redirects. The campaign’s technical structure leverages Google Cloud Storage legitimate domain, googleapis.com, which is widely trusted by mail gateways and end users alike. This provides the attackers an opportunity to bypass common security layers such as SPF and DKIM validation.…
-
Microsoft Alerts Customers to New Phishing Attack Exploiting OAuth in Entra ID to Bypass Detection
Tags: attack, authentication, credentials, cyber, detection, exploit, google, government, microsoft, phishing, software, threat, vulnerabilityMicrosoft recently uncovered sophisticated phishing campaigns that exploit the by-design redirection mechanisms of the OAuth 2.0 protocol. Threat actors are targeting government and public-sector organizations by manipulating legitimate authentication flows in Microsoft Entra ID and Google Workspace. Rather than exploiting traditional software vulnerabilities or stealing credentials directly, this campaign abuses trusted protocol behavior to bypass…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…