Tag: phishing
-
Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks
Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/attackers-abuse-oauths-built-in-redirects-to-launch-phishing-and-malware-attacks/
-
Iranian cyberattacks fail to materialize but threat remains acute
Tags: ai, application-security, attack, ceo, control, country, cyber, cyberattack, cybercrime, cybersecurity, defense, endpoint, finance, government, group, healthcare, infrastructure, intelligence, Internet, iran, malware, mfa, monitoring, phishing, risk, service, supply-chain, technology, threat, tool, update, vpnTargeting and response: According to Adrian Cheek, a senior cybercrime researcher at Canadian threat intelligence company Flare, the most at-risk sectors are critical infrastructure, including the defense and government supply chain, financial services, energy, and healthcare.”Water, energy, and healthcare sectors are currently the most exposed. These sectors combine high targeting priority with weak baseline security,…
-
Chinesische Cyberspionage-Gruppe Silver-Dragon hat Behörden in Europa und Asien im Visier
Die Sicherheitsforensiker von Check Point Research (CPR) haben eine Cyberspionage-kampagne identifiziert, die sich gegen Regierungs-organisationen in Südostasien und Teilen Europas richtet. CPR nennt die Gruppe ‘Silver Dragon>> und nach Einschätzung der Sicherheitsexperten ist sie seit mindestens Mitte 2024 aktiv. Die Kampagne kombiniert Server-Exploits, Phishing, maßgeschneiderte Malware und eine cloudbasierte Befehlsinfrastruktur, um langfristigen Zugriff auf die…
-
Phishing in 2026: 3 Attack Tactics That Beat Most Enterprise Defenses
Phishing drives about 90% of cyberattacks in 2026, using tactics like encrypted flows, QR code scams, and trusted cloud platforms to steal credentials. First seen on hackread.com Jump to article: hackread.com/phishing-2026-attack-tactics-beat-enterprise-defenses/
-
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting…
-
China’s Silver Dragon Razes Governments in EU, SE Asia
The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyberespionage activities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-silver-dragon-governments-eu-se-asia
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.”Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,” Check Point said…
-
Phishing Campaign Uses Google Cloud to Host Malicious Redirects via GCS Bucket
A sophisticated phishing campaign has recently emerged, leveraging Google Cloud’s trusted infrastructure to host malicious redirects. The campaign’s technical structure leverages Google Cloud Storage legitimate domain, googleapis.com, which is widely trusted by mail gateways and end users alike. This provides the attackers an opportunity to bypass common security layers such as SPF and DKIM validation.…
-
Microsoft Alerts Customers to New Phishing Attack Exploiting OAuth in Entra ID to Bypass Detection
Tags: attack, authentication, credentials, cyber, detection, exploit, google, government, microsoft, phishing, software, threat, vulnerabilityMicrosoft recently uncovered sophisticated phishing campaigns that exploit the by-design redirection mechanisms of the OAuth 2.0 protocol. Threat actors are targeting government and public-sector organizations by manipulating legitimate authentication flows in Microsoft Entra ID and Google Workspace. Rather than exploiting traditional software vulnerabilities or stealing credentials directly, this campaign abuses trusted protocol behavior to bypass…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
Hackers abuse OAuth error flows to spread malware
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-hackers-abuse-oauth-error-flows-to-spread-malware/
-
Fake Zoom and Google Meet Pages Trick Users Into Installing Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing a monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-monitoring-tool/
-
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/attackers-abusing-oauth-redirection-phishing-malware/
-
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/attackers-abusing-oauth-redirection-phishing-malware/
-
Compromised Site Management Panels are a Hot Item in Cybercrime Markets
Compromised cPanel credentials are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure. Flare explains how analyzing 200,000 underground posts reveals a commoditized market for hacked site management panels. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/compromised-site-management-panels-are-a-hot-item-in-cybercrime-markets/
-
Phishing-Angriffe: Diesel Vortex nimmt US- und EU-Transport- und Logistikunternehmen ins Visier
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/phishing-angriffe-diesel-vortex-usa-eu-transport-logistikunternehmen-visier
-
Hackers Abuse .arpa Top-Level Domain to Host Phishing Scams
Hackers abuse the .arpa Top-Level Domain to host phishing scams, using IPv6 tunnels, reverse DNS tricks, and shadow domains to bypass security checks. First seen on hackread.com Jump to article: hackread.com/hackers-arpa-top-level-domain-phishing-scams/
-
New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker infrastructure, making pages look authentic and stay up to date. By acting as a live reverse proxy, it can capture credentials and, more importantly, steal session cookies/tokens after the victim completes multi-factor authentication (MFA), enabling…
-
Phishing campaign exploits OAuth redirection to bypass defenses
Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects…
-
OAuth phishers make ‘check where the link points’ advice ineffective
Tags: authentication, automation, awareness, business, cloud, control, edr, email, encryption, endpoint, exploit, governance, identity, login, malicious, microsoft, monitoring, phishing, saas, threat, toolContext, not the URL, is the new red flag: Sakshi Grover, Senior Research Manager at IDC Asia/Pacific, said the longstanding advice to hover over a link and verify its domain was built for an era of lookalike domains and that it no longer holds in environments where authentication flows routinely pass through trusted identity providers.”Organizations…
-
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections.It’s advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand’s real URL.…
-
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers.The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described First seen on thehackernews.com…
-
Neue Phishing-Methode über .arpa
Phishing-Kampagnen folgen häufig bekannten Mustern: gefälschte Login-Seiten, täuschend echte E-Mails und manipulierte Links. Doch aktuelle Analysen von Infoblox zeigen eine ungewöhnliche Entwicklung. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-methode-ueber-arpa

