Tag: phishing
-
The Growing Abuse of GitHub and GitLab in Phishing Campaigns
Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity,…
-
EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end”‘to”‘end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing, custom tooling, and large language models, it enables low- to mid-skill threat actors to run highly tailored BEC operations in minutes rather than days. First…
-
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
-
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
Cisco Talos uncovered a cluster of activity we track as UAT-10362 conducting spear-phishing campaigns against Taiwanese non-governmental organizations (NGOs) and suspected universities to deliver a newly identified malware family, “LucidRook.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/new-lua-based-malware-lucidrook/
-
Top 10 Best Multi-Factor Authentication (MFA) Providers in 2026
Tags: authentication, breach, credentials, cyber, cybersecurity, data, malware, mfa, password, phishingIn the digital realm of 2026, the traditional password stands as a flimsy barrier against an onslaught of sophisticated cyber threats. From phishing campaigns and credential stuffing to ever-evolving malware, attackers are relentlessly targeting the weakest link in cybersecurity: single-factor authentication. A staggering percentage of data breaches continue to stem from compromised credentials, underscoring the…
-
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware
Tags: crypto, cyber, cybercrime, hacker, malicious, malware, microsoft, open-source, phishing, tacticsHackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this operation using MetaMask’s eth-phishing-detect system. The campaign primarily targets cryptocurrency professionals, Web3 developers, and investors, but its tactics are now expanding toward open-source communities.…
-
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
Who needs MFA when you’ve got EvilTokens? First seen on theregister.com Jump to article: www.theregister.com/2026/04/07/microsoft_device_code_phishing/
-
Traffic violation scams swap links for QR codes to steal your card details
Phishers are using QR codes on official-looking notices to level up their traffic and toll scams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/traffic-violation-scams-swap-links-for-qr-codes-to-steal-your-card-details/
-
AI-enabled device code phishing campaign exploits OAuth flow for account takeover
A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/microsoft-device-code-phishing-campaign/
-
The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/weaponizing-saas-notification-pipelines/
-
Phishing LNK files and GitHub C2 power new DPRK cyber attacks
DPRK-linked hackers use GitHub C2s, starting attacks via phishing LNK files that drop a PDF and PowerShell script in South Korea. North Korea-linked threat actors target South Korean organizations using GitHub as C2 servers. The attack chain starts with phishing emails carrying obfuscated LNK files that drop a decoy PDF and a PowerShell script to…
-
Missile Alert Phishing Exploits IranIsrael Conflict for Microsoft Logins
New Phishing scam uses fake missile alerts and the ongoing conflict involving Iran to target users with QR codes and fake government emails to steal Microsoft passwords. First seen on hackread.com Jump to article: hackread.com/missile-alert-phishing-iran-us-israel-microsoft-logins/
-
Device code phishing attacks surge 37x as new kits spread online
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/device-code-phishing-attacks-surge-37x-as-new-kits-spread-online/
-
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake “Notice of Default” traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/traffic-violation-scams-switch-to-qr-codes-in-new-phishing-texts/
-
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/device-code-phishing-attacks-surge-37x-as-new-kits-spread-online/
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region.The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda.”This TA416 activity included multiple First seen on…
-
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-phishing-platform-credential/
-
12 cyber industry trends revealed at RSAC 2026
Tags: access, ai, application-security, authentication, awareness, business, ciso, cloud, control, cyber, cybersecurity, data, deep-fake, defense, detection, edr, endpoint, firewall, gartner, governance, identity, infrastructure, insurance, metric, microsoft, monitoring, mssp, phishing, programming, risk, risk-management, service, siem, skills, soc, software, startup, technology, threat, tool, trainingLegacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud…
-
Trusted Platforms Exploited to Steal Philippine Banking Credentials
Hackers are increasingly exploiting trusted online platforms to launch sophisticated phishing campaigns targeting bank users in the Philippines. Despite ongoing improvements in email security, phishing remains one of the most effective attack methods due to its scalability and ease of deployment. The campaign, active since early 2024 and still evolving in 2026, primarily targets customers…
-
North Korea Uses GitHub as C2 in New LNK Phishing Campaign
A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North Korearelated actors, shows a clear evolution from earlier, less obfuscated XenoRAT-delivery campaigns observed since 2024. In…
-
Gmail’s New Rename Feature Could Add Spam and Phishing to Your Inbox
As of March 31st, Google is allowing users to change their primary Gmail address username. Although a nice feature for those who created unfortunate names originally, it may also undermine spam and phishing blocking. The feature is intended to allow the user account to be changed while keeping the underlying account intact. The original name…
-
Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing
Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, tracked as UAC-0255, impersonated CERT-UA in a phishing campaign, sending emails to about 1 million users. The messages urged victims to download a password-protected archive from Files.fm and install a fake “specialized software,”…

