Tag: phishing
-
PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments
A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the brand while leveraging free hosting services and Telegram bots to exfiltrate data in real time.…
-
DPRK Actors Deploy VS Code Tunnels for Remote Hacking
A spear-phishing campaign tied to the Democratic People’s Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/dprk-vs-code-tunnels-remote-hacking
-
Energy sector orgs targeted with AiTM phishing campaign
Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/22/energy-sector-aitm-phishing-sharepoint-misuse/
-
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lastpass-phishing-master-passwords/
-
LastPass Warns of Phishing Campaign Targeting Its Customers
The campaign targets customers with urgent “maintenance” alerts designed to steal master passwords within hours. The post LastPass Warns of Phishing Campaign Targeting Its Customers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-lastpass-phishing-campaign/
-
NDSS 2025 Dissecting Payload-Based Transaction Phishing On Ethereum
Authors, Creators & Presenters: Zhuo Chen (Zhejiang University), Yufeng Hu (Zhejiang University), Bowen He (Zhejiang University), Dong Luo (Zhejiang University), Lei Wu (Zhejiang University), Yajin Zhou (Zhejiang University) PAPER Dissecting Payload-Based Transaction Phishing On Ethereum In recent years, a more advanced form of phishing has arisen on Ethereum, surpassing early-stage, simple transaction phishing. This new…
-
Don’t click on the LastPass ‘create backup’ link – it’s a scam
Phishing campaign tries to reel in master passwords First seen on theregister.com Jump to article: www.theregister.com/2026/01/21/lastpass_backup_phishing_campaign/
-
Fake Lastpass emails pose as password vault backup alerts
LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-lastpass-emails-pose-as-password-vault-backup-alerts/
-
LastPass warns backup request is phishing campaign in disguise
The company said customers were sent deceptive emails over the holiday weekend claiming the company was doing maintenance.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/backup-request-phishing-campaign-lastpass/810083/
-
LastPass warns backup request is phishing campaign in disguise
The company said customers were sent deceptive emails over the holiday weekend claiming the company was doing maintenance.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/backup-request-phishing-campaign-lastpass/810083/
-
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-spoofed-sites-olympic/
-
Backup request is actually a phishing campaign, LastPass warns
The company said customers were sent deceptive emails over the holiday weekend claiming the company was doing maintenance.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/backup-request-phishing-campaign-lastpass/810083/
-
LinkedIn Phishing Abuses DLL Sideloading for Persistent Access
A LinkedIn phishing campaign uses DLL sideloading to gain stealthy, persistent access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/linkedin-phishing-abuses-dll-sideloading-for-persistent-access/
-
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
Loan phishing operation in Peru is stealing card info by impersonating financial institutions First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/loan-scam-harvests-cards-pins/
-
You Got Phished? Of Course! You’re Human…
Phishing succeeds not because users are careless, but because attackers exploit human timing, context, and emotion. Flare shows how modern phishing has become industrialized, scalable, and increasingly hard to spot. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/you-got-phished-of-course-youre-human/
-
PURELOGS Payload Hidden in Weaponized PNG Images Used in Stealth Attacks
A sophisticated PURELOGS infostealer campaign that weaponizes PNG image files to evade detection.The attack begins with a phishing email disguised as a pharmaceutical invoice containing a ZIP archive with a JScript (.js) file. Unlike browser-based JavaScript, this Windows Script Host file executes with full operating system privileges through the Windows scripting engine, granting direct access…
-
Weaponized Shipping Documents Spread Remcos RAT in Stealthy Malware Campaign
A sophisticated phishing campaign distributing a fileless variant of Remcos RAT, a commercial remote access tool offering extensive capabilities, including system resource management, remote surveillance, network management, and agent control. The campaign initiates through phishing emails impersonating Vietnamese shipping companies, tricking recipients into opening attached Word documents under the pretense of viewing updated shipping documents.…
-
Crooks impersonate LastPass in campaign to harvest master passwords
Password manager LastPass warns of an active phishing campaign impersonating the service to steal users’ master passwords. LastPass warned users about an active phishing campaign that began around January 19, 2026. Attackers impersonate the service with emails claiming urgent maintenance and urge users to back up their password vaults within 24 hours. The messages use…
-
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords.The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults…
-
Threat Actors Exploit LinkedIn for RAT Delivery in Enterprise Networks
A sophisticated phishing campaign exploiting LinkedIn private messages has been identified, delivering remote access trojans (RATs) through a combination of DLL sideloading techniques and weaponized open-source Python pen-testing scripts, enabling attackers to establish persistent control over corporate systems while evading traditional security detection. These archives contain four key components: a genuine open-source PDF reader application,…
-
NDSS 2025 Studying the Defensive Registration Practices of the Fortune 500
Session 9C: Phishing & Fraud 2 Authors, Creators & Presenters: Boladji Vinny Adjibi (Georgia Tech), Athanasios Avgetidis (Georgia Tech), Manos Antonakakis (Georgia Tech), Michael Bailey (Georgia Tech), Fabian Monrose (Georgia Tech) PAPER The Guardians of Name Street: Studying the Defensive Registration Practices of the Fortune 500 Using orthographic, phonetic, and semantic models, we study the…
-
Hackers target Afghan government workers with fake correspondence from senior officials
Hackers are targeting Afghan government employees with phishing emails disguised as official correspondence from the office of the country’s prime minister, researchers found. First seen on therecord.media Jump to article: therecord.media/hackers-target-afghan-workers
-
New Windows Flaw Lets Attackers Bypass Mark of the Web
Microsoft patched a Windows Remote Assistance flaw that lets attackers bypass Mark of the Web, weakening protections against malicious downloads and phishing files. The post New Windows Flaw Lets Attackers Bypass Mark of the Web appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-flaw-bypass-mark-of-the-web/
-
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Tags: access, cybersecurity, exploit, hacker, linkedin, malicious, malware, open-source, phishing, ratCybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT).The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script,” ReliaQuest said in a report shared with First…
-
Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs
Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linkedin-phishing-campaign-targets/
-
Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs
Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linkedin-phishing-campaign-targets/
-
Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs
Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linkedin-phishing-campaign-targets/
-
Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs
Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linkedin-phishing-campaign-targets/
-
Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
Seqrite Labs has uncovered a sophisticated spear-phishing campaign targeting Argentina’s judicial sector with a multi-stage infection chain designed to deploy a stealthy Rust-based Remote Access Trojan (RAT). The campaign primarily targets Argentina’s judicial institutions, legal professionals, justice-adjacent government bodies, and academic legal organizations. Attackers abuse legitimate Argentine federal court rulings specifically, preventive detention review documents…