Tag: phishing

Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks

Apr 9, 2026 12:52 PM

Tags: cyber, cyberattack, email, hacker, malware, phishing, spear-phishing, tool

Hackers are using fake security tools and cleverly crafted phishing emails to secretly deploy a new malware family, LucidRook, against organizations in Taiwan. The campaign, tracked as UAT-10362, focuses on Taiwanese NGOs and likely universities and shows a high level of planning, stealth, and technical sophistication. The operation relies on spear-phishing emails sent via what appears…
Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure

Apr 9, 2026 7:50 AM

Tags: cisco, email, github, infrastructure, mail, phishing, saas, spam

Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. >>Because the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/09/saas-platforms-notification-systems-phishing/
Meta Business Alerts Abused for Phishing Campaigns

Apr 9, 2026 7:50 AM

Tags: business, cyber, email, hacker, infrastructure, phishing

Hackers are weaponizing legitimate Meta Business Manager notifications to sneak phishing emails past security filters and into users’ inboxes. By abusing trusted Meta infrastructure, attackers make their messages appear authentic while quietly funneling victims to credential”‘stealing pages. Because Meta systems generate these invites, the emails come from real Meta domains such as facebookmail.com and pass…
AI Is Accelerating Cyberattacks Faster Than Defenses

Apr 9, 2026 12:52 AM

Tags: ai, cio, credentials, cyberattack, defense, exploit, identity, okta, phishing, threat

Okta’s Brett Winterford on Identity Threats and Agentic AI Risks. AI is accelerating cyberattacks, collapsing timelines and exposing new identity risks. Okta’s Brett Winterford explains how attackers are using AI to scale phishing, exploit credentials and infiltrate enterprises – and what CIOs must do to defend against this rapidly evolving threat landscape. First seen on…
Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

Apr 8, 2026 11:52 PM

Tags: espionage, group, infrastructure, malware, phishing, russia, spear-phishing, tactics, ukraine

APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and…
Hackhire group caught targeting Android devices and iCloud backups

Apr 8, 2026 9:52 PM

Tags: android, backup, credentials, data-breach, group, jobs, phishing, spyware

Security researchers exposed a spying campaign by a hack-for-hire group that used Android spyware and phishing to steal iCloud credentials and hack victims’ devices. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/08/hack-for-hire-group-caught-targeting-android-devices-and-icloud-backups/
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

Apr 8, 2026 5:53 PM

Tags: blizzard, cloud, control, malware, phishing, russia, service, spear-phishing, threat, ukraine

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX.”PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control,” Trend Micro First seen on…
New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing

Apr 8, 2026 3:52 PM

Tags: data, finance, government, phishing, qr, scam

Scammers are using fake traffic violation texts with QR codes to steal personal and financial data, posing as state courts and government agencies. The post New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-qr-code-traffic-ticket-scam-2026/
The Growing Abuse of GitHub and GitLab in Phishing Campaigns

Apr 8, 2026 3:52 PM

Tags: attack, credentials, email, github, gitlab, malicious, malware, phishing, theft, threat

Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity,…
Cyberkriminelle haben ihre Angriffe Monate im Voraus auf die Steuersaison 2026 vorbereitet

Apr 8, 2026 3:52 PM

Tags: cyberattack, infrastructure, mail, phishing, software

Check Point Software Technologies warnt vor einer deutlichen Zunahme von auf die Steuererklärungszeit ausgerichteten Cyberangriffen. Neue Erkenntnisse von Check Point Research zeigen, dass diese Kampagnen nicht opportunistisch entstehen. Die Angreifer bauen ihre Infrastruktur Monate im Voraus auf, indem sie betrügerische Domains, Phishing-Websites und schädliche E-Mail-Kampagnen nutzen. Hierzulande wird vor allem mit angeblichen E-Mails von Elster und…
EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC

Apr 8, 2026 2:52 PM

Tags: ai, breach, business, cyber, email, microsoft, phishing, service, threat

EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end”‘to”‘end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing, custom tooling, and large language models, it enables low- to mid-skill threat actors to run highly tailored BEC operations in minutes rather than days. First…
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Apr 8, 2026 1:52 PM

Tags: access, attack, backdoor, blizzard, breach, ceo, ciso, cloud, control, corporate, credentials, data, dns, finance, Hardware, login, malicious, malware, mobile, network, office, password, phishing, ransomware, risk, router, theft, threat, vpn, vulnerability

Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations

Apr 8, 2026 12:52 PM

Tags: attack, cisco, malware, phishing, spear-phishing

Cisco Talos uncovered a cluster of activity we track as UAT-10362 conducting spear-phishing campaigns against Taiwanese non-governmental organizations (NGOs) and suspected universities to deliver a newly identified malware family, “LucidRook.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/new-lua-based-malware-lucidrook/
Top 10 Best Multi-Factor Authentication (MFA) Providers in 2026

Apr 8, 2026 11:50 AM

Tags: authentication, breach, credentials, cyber, cybersecurity, data, malware, mfa, password, phishing

In the digital realm of 2026, the traditional password stands as a flimsy barrier against an onslaught of sophisticated cyber threats. From phishing campaigns and credential stuffing to ever-evolving malware, attackers are relentlessly targeting the weakest link in cybersecurity: single-factor authentication. A staggering percentage of data breaches continue to stem from compromised credentials, underscoring the…
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware

Apr 8, 2026 9:51 AM

Tags: crypto, cyber, cybercrime, hacker, malicious, malware, microsoft, open-source, phishing, tactics

Hackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this operation using MetaMask’s eth-phishing-detect system. The campaign primarily targets cryptocurrency professionals, Web3 developers, and investors, but its tactics are now expanding toward open-source communities.…
Hundreds of orgs compromised daily in Microsoft device code phishing attacks

Apr 7, 2026 10:54 PM

Tags: attack, mfa, microsoft, phishing

Who needs MFA when you’ve got EvilTokens? First seen on theregister.com Jump to article: www.theregister.com/2026/04/07/microsoft_device_code_phishing/
5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
Traffic violation scams swap links for QR codes to steal your card details

Apr 7, 2026 3:52 PM

Tags: phishing, qr, scam

Phishers are using QR codes on official-looking notices to level up their traffic and toll scams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/traffic-violation-scams-swap-links-for-qr-codes-to-steal-your-card-details/
AI-enabled device code phishing campaign exploits OAuth flow for account takeover

Apr 7, 2026 2:50 PM

Tags: ai, authentication, automation, exploit, phishing

A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/microsoft-device-code-phishing-campaign/
The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

Apr 7, 2026 12:51 PM

Tags: cisco, cybercrime, phishing, saas, spam

Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/weaponizing-saas-notification-pipelines/
Threat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing Campaigns

Apr 7, 2026 9:51 AM

Tags: cyber, detection, exploit, malicious, monitoring, phishing, social-engineering, sophos, threat, tool

Threat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi”‘stage phishing campaign that blends social engineering, living”‘off”‘the”‘land techniques, and stealthy information”‘stealing malware. Sophos’ Managed Detection and Response (MDR) teams first saw this activity in April 2025, with most malicious activity clustered in OctoberNovember 2025. More than 80…
Phishing LNK files and GitHub C2 power new DPRK cyber attacks

Apr 6, 2026 10:51 PM

Tags: attack, cyber, email, github, hacker, korea, north-korea, phishing, powershell, threat

DPRK-linked hackers use GitHub C2s, starting attacks via phishing LNK files that drop a PDF and PowerShell script in South Korea. North Korea-linked threat actors target South Korean organizations using GitHub as C2 servers. The attack chain starts with phishing emails carrying obfuscated LNK files that drop a decoy PDF and a PowerShell script to…
Best of the Worst: The Week Your Security Tools Became the Disguise

Apr 6, 2026 9:52 PM

Tags: ai, antivirus, attack, authentication, cisco, control, credentials, crime, detection, dkim, dmarc, email, finance, fraud, google, infrastructure, intelligence, Internet, malicious, malware, microsoft, phishing, phone, risk, social-engineering, software, technology, threat, tool, training

<div cla TL;DR This week’s Attack of the Day posts revealed a clear pattern: attackers are deliberately routing attacks through legitimate security and platform infrastructure so the tools themselves become trust signals. TitanHQ and Cisco URL wrappers hid a malware payload. Microsoft Safe Links rewrote a phishing URL to look protected. Microsoft Bookings sent a…
Missile Alert Phishing Exploits IranIsrael Conflict for Microsoft Logins

Apr 6, 2026 7:52 PM

Tags: email, exploit, government, iran, login, microsoft, phishing, qr, scam

New Phishing scam uses fake missile alerts and the ongoing conflict involving Iran to target users with QR codes and fake government emails to steal Microsoft passwords. First seen on hackread.com Jump to article: hackread.com/missile-alert-phishing-iran-us-israel-microsoft-logins/
Device code phishing attacks surge 37x as new kits spread online

Apr 6, 2026 5:52 PM

Tags: attack, phishing

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/device-code-phishing-attacks-surge-37x-as-new-kits-spread-online/
Traffic violation scams switch to QR codes in new phishing texts

Apr 5, 2026 10:51 PM

Tags: finance, phishing, qr, scam, switch

Scammers are sending fake “Notice of Default” traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/traffic-violation-scams-switch-to-qr-codes-in-new-phishing-texts/