Tag: phishing
-
From teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishing
Ocean, an agentic email security platform, raised funding from Lightspeed Venture Partners. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/from-teen-hacker-to-iron-dome-researcher-this-founder-raised-28m-to-fight-ai-phishing/
-
Neue Phishing-Methode umgeht MFA über echte Microsoft-Seiten
Sicherheitsforscher von Proofpoint schlagen Alarm: Eine Angriffstechnik namens ‘Device Code Phishing” entwickelt sich derzeit zu einer der am schnellsten wachsenden Bedrohungen im Bereich Identitätsschutz. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-methode-mfa-microsoft
-
PureLogs infostealer is stealing credentials worldwide
A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/19/purelogs-infostealer-delivery-steganography/
-
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had…
-
Operation Ramz Dismantles 53 Servers Used in Scam and Malware Campaigns
Tags: cyber, cybercrime, international, interpol, law, malicious, malware, middle-east, phishing, scamA large-scale international cybercrime operation led by INTERPOL has resulted in 201 arrests and the takedown of 53 malicious servers linked to phishing, malware, and online scam campaigns across the Middle East and North Africa (MENA) region. DubbedOperation Ramz, the initiative ran from October 2025 to February 2026 and involved law enforcement agencies from 13…
-
Kimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense Officials
Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at least four distinct spear-phishing campaigns in early 2026, targeting recruiters, cryptocurrency users, developers, defense personnel, and academic administrators. Despite using different themes and delivery methods, all campaigns follow a consistent attack chain:…
-
Public Instagram posts provide raw material for AI phishing campaigns
A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/19/social-media-phishing-ai-generated-emails/
-
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
More than 200 individuals were arrested for cybercrime activities during INTERPOL’s Operation Ramz, which focused on the Middle East and North Africa. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interpol-operation-ramz-seizes-53-malware-phishing-servers/
-
Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa
Operation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams. First seen on cyberscoop.com Jump to article: cyberscoop.com/interpol-operation-ramz-middle-east-north-africa/
-
Device Code Phishing Targets Microsoft 365 Users
Proofpoint warns that device code phishing attacks are rapidly growing across Microsoft 365 environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/device-code-phishing-targets-microsoft-365-users/
-
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread.Early phishing detection closes…
-
Gamaredon Deploys GammaDrop, GammaLoad in Phishing Campaigns
Gamaredon Uses GammaDrop and GammaLoad Downloaders in Multi-Stage Phishing Attacks. A sustained cyber-espionage campaign linked to the Gamaredon threat group is actively targeting Ukrainian government entities using multi-stage phishing attacks and evolving malware loaders. Gamaredon, also known as UAC-0010 or Shuckworm, continues to exploit CVE-2025-8088, a directory traversal vulnerability in WinRAR that allows attackers to…
-
Paper Werewolf APT Spreads EchoGather RAT via Fake Adobe Installer
A sophisticated Russian-language threat cluster known asPaper Werewolf(also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and transport organizations between March and April 2026. The attack begins with a phishing email carrying a PDF attachment. Embedded inside the PDF is a URL pointing to a ZIP archive named…
-
201 arrested in INTERPOL disruption of phishing and fraud networks
Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/18/interpol-mena-cybercrime-operation-ramz-201-arrests/
-
Hackers Hide PureLogs Infostealer in PawsRunner Loader
Threat actors are increasingly hiding malware inside seemingly harmless files, and a new campaign shows just how effective this tactic has become. The attack begins with a phishing email carrying a TXZ archive attachment. Disguised as an urgent invoice, the file pressures victims into opening it quickly. Once extracted, the archive reveals a JavaScript file…
-
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tycoon2fa-hijacks-microsoft-365-accounts-via-device-code-phishing/
-
Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases. First seen on hackread.com Jump to article: hackread.com/scammers-physical-phishing-letters-ledger-wallet-seed/
-
Illicit Enterprise: An Anatomy of the Modern Underground Phishing Marketplace
Intel 471 analysts examined the evolving ecosystem of cybercriminal phishing marketplaces. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/illicit-enterprise-an-anatomy-of-the-modern-underground-phishing-marketplace/
-
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (PhaaS) platforms, making the once obscure technique widely accessible. New kits are appearing almost weekly, many seemingly…
-
Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/stolen-iphone-unlocking-tools-telegram-groups/
-
KnowBe4 kooperiert mit EasyDMARC und Secure Code Warrior
Im Fokus stehen dabei zwei zentrale Problemfelder moderner IT-Sicherheit: Domain- und E-Mail-Schutz gegen Phishing sowie sichere Programmierung First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-kooperiert-mit-easydmarc-und-secure-code-warrior/a45154/
-
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts. First seen on hackread.com Jump to article: hackread.com/calphishing-eviltokens-kit-outlook-invites-m365/
-
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol disrupted Tycoon 2FA infrastructure. Despite that operation, the actors have quickly adapted, reusing their…
-
‘FrostyNeighbor’ APT Carefully Targets Govt Orgs in Poland, Ukraine
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/frostyneighbor-apt-govt-orgs-poland-ukraine
-
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cyber-enabled-cargo-crime-how-cybercrime-tradecraft-is-used-to-steal-freight/
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
Tags: attack, authentication, business, cloud, communications, control, credentials, defense, detection, email, framework, government, infrastructure, login, malicious, malware, mfa, microsoft, phishing, service, theftThe campaign dynamically adapts to victims: After deobfuscation, the phishing payload loads infrastructure designed to impersonate Microsoft 365 and other login portals while dynamically adapting to targeted users.According to the report, the malware can determine which authentication provider should be impersonated, preload victim email addresses into phishing pages, and customize branding elements such as company…
-
Your iPhone Gets Stolen. Then the Hacking Begins
A bustling underground ecosystem is providing criminals with the tools to unlock iPhones”, and wage phishing attacks against their contacts to access bank accounts and more. First seen on wired.com Jump to article: www.wired.com/story/your-iphone-gets-stolen-then-the-hacking-begins/