Tag: phishing
-
Threat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing Sites
Threat actors are rapidly adopting generative AI platforms to scale phishing operations, and Vercel has emerged as a powerful enabler in this shift. Vercel is a cloud-based platform designed to help developers build and deploy modern web applications quickly. Its GenAI-powered tool, v0[.]dev, allows users to generate fully functional websites using simple text prompts. While…
-
FIFA WM 2026: So erkennen Fans Ticket-Betrug, Fake-Visas und Phishing-Fallen
Wer ein Angebot entdeckt, das zu gut klingt, um wahr zu sein, sollte einen eigenen ‘VAR-Check” durchführen: Quelle prüfen, URL kontrollieren, niemals unter Druck handeln. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/fifa-wm-2026-so-erkennen-fans-ticket-betrug-fake-visas-und-phishing-fallen/a45100/
-
Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
A newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign highlights how modern browser extension abuse is evolving beyond static code inspection, making detection significantly harder. At first glance, it appears legitimate, even displaying “1,000,000+ users” and strong ratings on the Chrome…
-
Phishing-Großangriff seit vier Jahren: Operation HookedWing
Tags: phishingSeit über vier Jahren infiltriert die Operation HookedWing gezielt kritische Sektoren durch Phishing. Über 500 Organisationen sind vom Datendiebstahl betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-grossangriff-vier-jahre
-
Hackers Hid Inside Major UK Water Utility for Nearly 2 Years
ICO Warns Key Security Gaps Led to Exposed Data of Over 630,000 People. A British regulator said a major water sector organization failed to use establish cybersecurity safeguards to secure sensitive data, allowing hackers to use a phishing campaign to gain persistence, steal records and expose more than 630,000 sensitive records. First seen on govinfosecurity.com…
-
Python Infostealer Hides in GitHub Releases to Bypass Detection
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low”‘visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cyberespionage against Russian”‘speaking targets using humanitarian”‘themed lures and a PE”‘less Python architecture. The campaign starts with phishing emails that deliver a RAR archive containing…
-
Messenger: So will Signal Phishing-Angriffe erschweren
Nachdem die Messenger-App Signal Ziel einer Phishing-Attacke unter anderem auf Politiker geworden ist, sollen solche Angriffe erschwert werden. First seen on golem.de Jump to article: www.golem.de/news/messenger-so-will-signal-phishing-angriffe-erschweren-2605-208511.html
-
Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites
Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-vercel-genai-phishing-sites/
-
Identitäten wie Perimeter behandeln
Der World-Password-Day ist nicht mehr nur ein Anstoß, sich stärkere Passwörter zu wählen, sondern ein Anlass, das Thema Identität neu zu überdenken. Cyberkriminelle müssen sich kaum noch reinhacken, sie stehlen die Zugangsdaten einfach über Phishing, Malware oder gehackte Datenbanken und loggen sich einfach ein. Wiederverwendete Passwörter ermöglichen es ihnen, sich über mehrere Dienste und Plattformen…
-
Scammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams
Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes. First seen on hackread.com Jump to article: hackread.com/scammers-text-bypass-ai-email-filters-phishing-scams/
-
Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking
New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishing technique, in which victims are lured to call attacker-controlled numbers rather than clicking malicious…
-
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
Tags: phishingCofense has warned of a “significant” increase in phishing campaigns abusing Vercel platform First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/researchers-spot-uptick-vercel/
-
Saiga 2FA: Gefährliches Phishing-Kit kehrt mit neuer Tarntechnik zurück
Neue Analysen von Barracuda Research zeigen aktuelle Angriffswellen eines selten beobachteten Phishing-Kits mit dem Namen Saiga 2FA. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/saiga-2fa-gefaehrliches-phishing-kit
-
Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins
Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look”‘alike phishing ad above the legitimate ManageWP result and proxying victims’ logins in real time via an adversary”‘in”‘the”‘middle (AiTM) setup. The attackers purchase a sponsored Google ads that imitates ManageWP branding and appears as the top result, while the legitimate domain is…
-
Cybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFA
Tags: authentication, credentials, cyber, cybercrime, espionage, exploit, iran, login, mfa, microsoft, phishing, ransomware, threatIranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espionage operations, using Microsoft Teams as a phishing vector to steal credentials and manipulate multi-factor authentication (MFA). Rapid7 researchers uncovered the intrusion in early 2026, revealing a calculated false flag operation designed to mimic financially…
-
Hackers abuse Google ads for GoDaddy ManageWP login phishing
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-for-godaddy-managewp-login-phishing/
-
Iranian cyber espionage disguised as a Chaos Ransomware attack
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…
-
Phishing Attack Weaponizes Calendar Invites to Steal Login Credentials
A new large-scale phishing campaign is abusing fake event invitations to compromise U.S. organizations, combining credential theft, OTP interception, and the deployment of remote monitoring and management (RMM) tools in a single operation. The campaign stands out because it blends familiar user workflows with legitimate-looking infrastructure, making it harder for security teams to spot and…
-
‘Phoenix System”: Globale Phishing-Plattform für Massen-Smishing enttarnt
Das ‘Phoenix System” ist eine PhaaS-Plattform für massenhaftes Smishing mit Echtzeit-MFA-Umgehung und über 2.500 Phishing-Domains weltweit. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-plattform-massen-smishing
-
Phishing can masquerade as emergency alerts for disasters, researchers warn
Tags: phishingEmergency alerts for disasters like earthquakes and tsunamis are messages we hope we never see, and we trust them when they arrive. Researchers have shown that this trust can … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/emergency-alerts-spoofing-research/
-
Phishing im Namen des Finanzamts: Wie du die gefälschten E-Mails erkennst
First seen on t3n.de Jump to article: t3n.de/news/phishing-im-namen-des-finanzamts-wie-du-die-gefaelschten-e-mails-erkennst-1740858/
-
Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts
Hackers abused Google AppSheet to send Meta phishing emails, compromising 30,000 Facebook business accounts across 50 countries. The post Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-appsheet-facebook-phishing-accountdumpling/
-
Researchers report Amazon SES abused in phishing to evade detection
Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/researchers-report-amazon-ses-abused-in-phishing-to-evade-detection/
-
Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts
Hackers abused Google AppSheet to send Meta phishing emails, compromising 30,000 Facebook business accounts across 50 countries. The post Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-appsheet-facebook-phishing-accountdumpling/
-
Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts
Hackers abused Google AppSheet to send Meta phishing emails, compromising 30,000 Facebook business accounts across 50 countries. The post Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-appsheet-facebook-phishing-accountdumpling/
-
Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails
Microsoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwide First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-phishing-fake-compliance/
-
Fake SSA Emails Drive Venomous#Helper Phishing Campaign
Venomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ssa-emails-venomous-helper-phishing/
-
Silver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor Backdoor
Silver Fox is running a tax”‘themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geofencing controls. The campaign shows how the group is steadily evolving from commodity RAT delivery to…