Tag: phishing
-
12.4 Million Accounts Exposed in CarGurus Leak
ShinyHunters’ alleged CarGurus leak exposed 12.4 million accounts, heightening phishing and fraud risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/12-4-million-accounts-exposed-in-cargurus-leak/
-
Starkiller Phishing Framework Bypasses Defenses with Reverse Proxies, Takes an SaaS Approach
Starkiller is a new SaaS-style phishing framework that runs real brand websites inside headless Chrome containers, acting as a live reverse proxy to steal credentials, session tokens, and MFA-protected accounts while evading traditional detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/starkiller-phishing-framework-bypasses-defenses-with-reverse-proxies-takes-an-saas-approach/
-
Cybercriminals Exploit Fake Avast Website to Steal Users Credit Card Information
Cybercriminals have launched a convincing phishing operation by building a fake Avast website designed to steal credit card information from unsuspecting visitors. The fraudulent page mimics Avast’s official portal almost perfectly, complete with the genuine Avast logo pulled directly from the company’s content delivery network. It displays regular navigation links like “Home,” “My Account,” and…
-
Boards don’t need cyber metrics, they need risk signals
Tags: access, advisory, ai, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, framework, governance, intelligence, metric, phishing, riskThe seduction of counting: Even when metrics are not too technical and align with business impact, another problem emerges: What gets counted can crowd out what matters.Wendy Nather, a longtime CISO who is now an advisor at EPSD, cautions against equating measurement with understanding. “When you are reporting to the board, there are some things…
-
Airline brands become launchpads for phishing, crypto fraud
Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/airline-phishing-campaigns-crypto-fraud/
-
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bitpanda-mfa-phishing-scheme/
-
Phishing-Kampagne missbraucht Google Tasks für Unternehmenszugänge
Wie das Sicherheitsunternehmen Kaspersky berichtet, missbrauchen Angreifer das Benachrichtigungssystem von Google Tasks, um an Zugangsdaten von Unternehmensaccounts zu gelangen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-google-tasks
-
Autonomer KI-Agent für das Human-Risk-Management
KnowBe4 führt AIDA-Orchestration ein. Dabei handelt es sich um den achten KI-gestützten Agenten in der KnowBe4-Suite, bekannt als AIDA (Artificial-Intelligence-Defense-Agents). Der AIDA-Orchestration-Agent ist ein autonomes, KI-gestütztes System für das Human-Risk-Management. Er erstellt, plant und verwaltet unabhängig personalisierte Phishing-Sicherheitstests und Security-Awareness-Trainings auf Benutzerebene, die sich dynamisch an das Risikoprofil jeder Person anpassen. Dadurch entfallen manuelle Kampagnen,…
-
Master Your Passwordless Future: Introducing Thales Authenticator Lifecycle Manager
Tags: access, attack, authentication, automation, breach, compliance, container, control, data, fido, Hardware, identity, login, msp, phishing, service, software, tool, zero-trustMaster Your Passwordless Future: Introducing Thales Authenticator Lifecycle Manager madhav Tue, 02/24/2026 – 07:53 The move to passwordless authentication is no longer a distant goal; it’s a present-day necessity. Organizations are rapidly adopting FIDO2 authenticators to defend against phishing and strengthen their security posture. While this shift enhances security, it introduces a new challenge: managing…
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Inside Attacker’s Defensive Funnel: How Sneaky 2FA Cloaks Itself from Security Scanners Blog – Menlo Security
Learn how Menlo Security identified a massive Sneaky 2FA phishing campaign using 3.4K domains to bypass Microsoft 365 MFA and steal session cookies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/inside-attackers-defensive-funnel-how-sneaky-2fa-cloaks-itself-from-security-scanners-blog-menlo-security/
-
Ad tech firm Optimizely confirms data breach after vishing attack
New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ad-tech-firm-optimizely-confirms-data-breach-after-vishing-attack/
-
Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach
A youX breach exposed sensitive borrower data in Australia, including over 200,000 driver’s licence numbers, raising fraud and phishing risks. The post Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-youx-data-breach-australia-drivers-licence-exposure/
-
Phishing-Kampagne umgeht Multi-Faktor-Authentifizierung von Microsoft 365
KnowBe4 Threat Labs hat eine komplexe Phishing-Kampagne entdeckt, die auf US-amerikanische Unternehmen und Fachkräfte abzielt. Die Angriffe kompromittieren Microsoft-365-Konten (Outlook, Teams, Onedrive), indem sie den OAuth-2.0-Geräteautorisierungsfluss missbrauchen und dadurch selbst starke Passwörter und Multi-Faktor-Authentifizierung (MFA) überlisten. Das Opfer wird auf das legitime Microsoft-Portal ‘https://microsoft.com/devicelogin” weitergeleitet, um einen vom Angreifer bereitgestellten Gerätecode einzugeben. Durch die Eingabe…
-
Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs
A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys. First seen on hackread.com Jump to article: hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
-
Phishing-Kampagne umgeht mit Gerätecode-Hijacking die MFA von MS365
Angesichts sich rasch entwickelnder Taktiken wie dieser OAuth-Token-Diebstahlkampagne reicht ein passiver Sicherheitsansatz für Sicherheitsteams nicht mehr aus. Die Tatsache, dass Angreifer legitime Domains nutzen und MFA umgehen können, zeigt, dass herkömmliche Perimeter-Abwehrmaßnahmen und einfache Anmeldedatenprüfungen nicht ausreichen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/phishing-kampagne-umgeht-mit-geraetecode-hijacking-die-mfa-von-ms365/a43796/
-
Starkiller Phishing Kit Clones Real Login Pages to Evade MFA Protections
New phishing framework Starkiller is enabling more convincing, scalable credential theft by proxying real login pages and bypassing multi-factor authentication (MFA), significantly raising the bar for defenders. Traditional phishing kits typically serve static HTML clones of popular login portals, which quickly become outdated when brands update their interfaces, creating telltale visual discrepancies. Starkiller takes a…
-
Police seize 100,000 stolen Facebook credentials in cybercrime raid
Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group that used phishing to seize Facebook accounts and extract BLIK payment … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/poland-cybercrime-facebook-phishing-ring/
-
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and…
-
Vishing: Gezielte Cyberangriffe in Echtzeit mittels neuartiger VoiceKits
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/vishing-gezielt-cyberangriffe-echtzeit-neu-voice-phishing-kits
-
Neuartige VoiceKits hebeln MFA in Echtzeit aus
neuartige Voice-Phishing-Kits, die selbst unerfahrenen Cyberkriminellen hochkomplexe und individuell zugeschnittene Vishing-Angriffe ermöglichen. Besonders brisant: Mit diesen Tools lassen sich sogar Multi-Faktor-Authentifizierungen (MFA) in Echtzeit umgehen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neuartige-voice-phishing-kits-hebeln-mfa-in-echtzeit-aus/a43776/
-
PayPal launches latest struggle to get rid of SMS for MFA
Tags: authentication, ceo, ciso, communications, compliance, cybersecurity, email, finance, fraud, government, group, login, mfa, mobile, nfc, passkey, password, phishing, risk, service, strategy, switch, updateMuddled effort, mixed messages Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says he’s “always found it odd” that PayPal still supports SMS as its primary secondary authentication factor.”Everyone in financial services and government has abandoned it for not being sufficiently secure and are moving to even phishing-resistant authentication, such as passkeys, Yubikeys,” he…

