Tag: phishing
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
Hackers abuse OAuth error flows to spread malware
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-hackers-abuse-oauth-error-flows-to-spread-malware/
-
Fake Zoom and Google Meet Pages Trick Users Into Installing Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing a monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-monitoring-tool/
-
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/attackers-abusing-oauth-redirection-phishing-malware/
-
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/attackers-abusing-oauth-redirection-phishing-malware/
-
Compromised Site Management Panels are a Hot Item in Cybercrime Markets
Compromised cPanel credentials are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure. Flare explains how analyzing 200,000 underground posts reveals a commoditized market for hacked site management panels. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/compromised-site-management-panels-are-a-hot-item-in-cybercrime-markets/
-
Phishing-Angriffe: Diesel Vortex nimmt US- und EU-Transport- und Logistikunternehmen ins Visier
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/phishing-angriffe-diesel-vortex-usa-eu-transport-logistikunternehmen-visier
-
Hackers Abuse .arpa Top-Level Domain to Host Phishing Scams
Hackers abuse the .arpa Top-Level Domain to host phishing scams, using IPv6 tunnels, reverse DNS tricks, and shadow domains to bypass security checks. First seen on hackread.com Jump to article: hackread.com/hackers-arpa-top-level-domain-phishing-scams/
-
OAuth phishers make ‘check where the link points’ advice ineffective
Tags: authentication, automation, awareness, business, cloud, control, edr, email, encryption, endpoint, exploit, governance, identity, login, malicious, microsoft, monitoring, phishing, saas, threat, toolContext, not the URL, is the new red flag: Sakshi Grover, Senior Research Manager at IDC Asia/Pacific, said the longstanding advice to hover over a link and verify its domain was built for an era of lookalike domains and that it no longer holds in environments where authentication flows routinely pass through trusted identity providers.”Organizations…
-
New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker infrastructure, making pages look authentic and stay up to date. By acting as a live reverse proxy, it can capture credentials and, more importantly, steal session cookies/tokens after the victim completes multi-factor authentication (MFA), enabling…
-
Phishing campaign exploits OAuth redirection to bypass defenses
Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects…
-
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections.It’s advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand’s real URL.…
-
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers.The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described First seen on thehackernews.com…
-
Neue Phishing-Methode über .arpa
Phishing-Kampagnen folgen häufig bekannten Mustern: gefälschte Login-Seiten, täuschend echte E-Mails und manipulierte Links. Doch aktuelle Analysen von Infoblox zeigen eine ungewöhnliche Entwicklung. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-methode-ueber-arpa
-
Warnsignal bei Phishing – KnowBe4-Studie zeigt Dringlichkeit schlägt Rechtschreibfehler
Eine aktuelle Umfrage von KnowBe4 zeigt nun deutlich: Mitarbeitende haben dazugelernt. Das wichtigste Warnsignal für betrügerische E-Mails ist nicht mehr die Rechtschreibung, sondern die künstlich erzeugte Dringlichkeit. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warnsignal-bei-phishing-knowbe4-studie-zeigt-dringlichkeit-schlaegt-rechtschreibfehler/a43916/
-
Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery
Crims hope for payday from malicious payloads rather than stealing access tokens First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/microsoft_oauth_scams/
-
Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery
Crims hope for payday from malicious payloads rather than stealing access tokens First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/microsoft_oauth_scams/
-
Phishing Pages for Zoom and Google Meet Install Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing Teramind monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-teramind-monitoring-tool/
-
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-security-site-uses-pwa-app-to-steal-credentials-mfa-codes/
-
Iran-linked hackers raise threat level against US, allies
Security researchers warn that hacktivists and state-linked groups are using DDoS, phishing and other tactics against critical infrastructure. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-hackers-threat-level-us-allies/813494/
-
Dringlichkeit ist wichtigstes Warnsignal beim Erkennen betrügerischer E-Mails
Die Zeiten, in denen man Phishing-E-Mails an ihrer schlechten Grammatik erkennen konnte, sind vorbei. Eine neue Umfrage von KnowBe4 zeigt, dass Mitarbeiter nicht mehr Rechtschreibfehler im Text, sondern den Versuch, ein Gefühl der Dringlichkeit zu vermitteln, als zuverlässigstes Erkennungsmerkmal für Betrugsversuche ansehen. Die Daten zeigen, dass 34 Prozent der Befragten nun das ‘Erzeugen von Druck,…
-
Phishing Pages for Zoom and Google Meet Install Teramind Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing Teramind monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-teramind-monitoring-tool/
-
GTFire Phishing Campaign Exploits Google Services to Bypass Detection and Harvest Credentials
GTFire is a large-scale phishing scheme that abuses multiple Google services to hide malicious infrastructure, evade security tools, and steal credentials from organizations worldwide. GTFire is a credential-harvesting operation that chains Google Firebase Hosting and Google Translate to deliver phishing pages that look like legitimate brand logins. Attackers host fake login portals on Firebase .web.…
-
Purchase order attachment isn’t a PDF. It’s phishing for your password
A fake purchase order attachment turned out to be a phishing page designed to harvest your login details. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/purchase-order-attachment-isnt-a-pdf-its-phishing-for-your-password/
-
A scorecard for cyber and risk culture
Tags: access, automation, awareness, breach, business, compliance, control, credentials, cyber, finance, governance, identity, jobs, metric, mitigation, phishing, risk, service, strategy, tool, trainingWhen someone asks for an exception.When a change goes in late.When an alert fires at 2 a.m.When a junior analyst spots something odd and wonders if it’s worth escalating.When an executive wants speed, and the team wants safety. Ownership means people act like the risk is partly theirs. They don’t outsource judgment to “security.” They…