Skip to main content

Tag: phishing

689 articles

Office email workstation with laptop, papers, and supplies under ordinary lighting.

AI Spam Filters Vulnerable to Text Salting Attacks

Over 1 million retail-themed phishing emails have been detected using a sneaky technique called text salting to evade AI spam filters since April. This clever trick hides harmless words in malicious messages, fooling automated scanners but not the human eye.

Analyst 207
Person looks concerned while examining a laptop screen with a fake security alert.

Phishers Target LastPass, Bitwarden Users with Fake Security Alerts

Beware of fake security alerts! LastPass and Bitwarden users are being targeted by phishers with convincing emails that mimic real corporate communications, trying to trick you into visiting fraudulent websites.

Analyst 207
Brightly-lit server stands out in dimly lit data center with blurred equipment and cityscape visible through a window.

Misconfigured Server Reveals Evilginx Phishing Operators

A shocking security blunder exposed the inner workings of a massive Evilginx phishing campaign, revealing 218 victims across 12 countries, with nearly 94% being corporate targets, who were quietly harvested over the course of a year. The careless mistake, made on a Budapest virtual private server, gave researchers a rare glimpse into the sophisticated phishing ecosystem.

Analyst 207
Dutch National Police officer stands in formal briefing room with agency emblem and cityscape in background.

Dutch Police Expose Suspects in Odido Hacking Case

The Dutch National Police have cracked the Odido hacking case, revealing that suspects impersonated an IT employee in a phone call with customer service, tricking the company into divulging sensitive info through phishing. This clever ruse led to a massive data theft in February.

Analyst 207
Empty desks and chairs in a brightly-lit office with a blurred computer terminal in the background.

Cyberattacks Exploit Summer Staffing Gaps

Cyberattacks surge by 40% during holiday periods, with summer being a prime target due to lighter staffing and slower business operations that create the perfect storm for cybercriminals to exploit. When teams are on vacation, attackers see an opportunity to probe for vulnerabilities and test response times.

Analyst 207
Person sitting at desk with concerned expression, looking at phone near open laptop.

Phishing Campaign Targets Microsoft 365 Users with Voice-Based Entra Passkey Scam

Beware of scammers impersonating Microsoft 365, tricking users into enrolling a fake Entra passkey by mimicking the real enrollment portal and leveraging voice calls to urge action. This sneaky phishing campaign has been targeting multiple sectors since April, putting unsuspecting users at risk.

Analyst 207
AI-Powered Attacks Target Service Desks With Convincing Impersonation Tactics

AI-Powered Attacks Target Service Desks With Convincing Impersonation Tactics

Beware: AI-powered attacks are now targeting service desks with incredibly convincing impersonation tactics, making it easier for attackers to trick agents into bypassing security controls. A single phone call can be all it takes to spark a devastating data breach, as seen in high-profile incidents at major companies like M&S, MGM Resorts, and Clorox.

Analyst 207
Office workstation with laptop and printer in background.

EvilTokens Exposes New Blind Spot in Email Security

A shocking 75.6% of consulting firms were exposed to phishing attacks in 2026, with other industries like financial services, manufacturing, and tech also falling prey to these threats. EvilTokens' ghost phishing campaign uses a sneaky Microsoft Device Code Phishing tactic to trick victims into giving hackers access to their Microsoft 365 accounts.

Analyst 207
Concerned business owner sits at desk, scrutinizing suspicious email on smartphone.

Meta Disrupts Phishing Campaign Targeting Facebook Business Users

Watch out for phishing scams targeting Facebook Business users - red flags include broken graphics, suspicious links, and unsolicited emails promising exciting opportunities. Experts warn that cybercriminals are getting sneaky, using legitimate-looking emails and Messenger chatbots to trick victims into taking action.

Analyst 207
Office worker looks confused at laptop screen with phone and notebook nearby.

Phishers Exploit Microsoft Device Code Flow to Hijack M365 Accounts

Cyber attackers have cleverly exploited Microsoft's device code login flow to hijack M365 accounts, using a sneaky collaboration-style lure to trick users into handing over session tokens without even needing to steal passwords. This clever tactic abuses the OAuth 2.0 Device Authorization Grant, designed for constrained devices, to bypass security measures like multifactor authentication.

Analyst 207
Laptop screen displays Microsoft Teams call on a home office desk with a phone and headset nearby.

Microsoft Teams Abused to Deploy EtherRAT Malware via Fake IT Support Calls

Beware of fake IT support calls on Microsoft Teams - hackers are using convincing tactics, including a phishing email with a malicious PDF, to trick victims into downloading the potent EtherRAT malware. They impersonate system administrators to gain your trust, making it crucial to stay vigilant.

Analyst 207
Marketing professional looks concerned, holding smartphone amidst papers and laptop.

Phishing Campaign Targets Google Accounts with Fake Job Interviews

Beware of fake job interviews that could be phishing scams! A clever new campaign is targeting marketing pros with emails that appear to be from recruiters, aiming to trick them into handing over their Google account credentials.

Analyst 207
Person at desk looks concerned while staring at laptop in a brightly-lit office setting with blurred law enforcement logo…

Ransomware Attacks Targeted via Fake Interpol Emails

Beware of fake Interpol emails that could be ransomware traps! Cybercriminals are impersonating the law enforcement agency, sending unsolicited emails with suspicious links and password-protected files, trying to trick organizations into compromising their security.

Analyst 207
Cluttered office desk with open laptop, invoices, and scattered papers showing signs of disruption.

EvilTokens Phishing Kit Exposes Sophisticated Evasion Tactics

Microsoft VP of security research Tanmay Ganacharya revealed that 10-15 distinct EvilTokens phishing campaigns have been launching daily since March 15, 2026, showcasing the alarming speed at which device-code phishing operations have scaled. This comes as Cisco Talos incident responders uncovered a targeted phishing chain that abused a real vendor relationship using an outstanding-invoice lure.

Analyst 207
Southern European city street with a blurred laptop on a desk in a small business district.

Ousaban Trojan Expands to Spain, Portugal with Advanced Evasion Tactics

Meet Ousaban, a sneaky banking Trojan that's evolved from decade-old tactics to target unsuspecting customers in Spain and Portugal, starting with a clever phishing PDF disguised as a broken file. This highly optimized threat profiles its victims before striking, making it a force to be reckoned with.

Analyst 207
Hotel staff room with laptop on desk showing suspicious email on blurred screen.

Hackers Exploit Blockchain to Target Japan Hotels via Phishing

TrendAI Research uncovered a sneaky phishing campaign in late May 2026 that targeted hotel staff in Japan, cleverly disguising emails as guest complaints or review requests to trick employees into divulging sensitive info. The attackers stayed one step ahead, constantly updating their tactics to maximize their success.

Analyst 207
Rows of servers and computers in a brightly-lit tech facility with a cityscape in the background.

DCloud Uni-App Framework Fuels 236,000 Scam Sites

Over the past two years, a staggering 236,000 scam sites have sprouted up using the DCloud Uni-App Framework, with operators continually launching sophisticated schemes to deceive victims. These sites are being used for a wide range of fraudulent activities, from fake cryptocurrency exchanges to crypto wallet drainers.

Analyst 207
Government agency setting with laptop on table, hinting at technology.

FBI Warns of Russian Intelligence Signal Phishing Attacks

Stay vigilant: Russian intelligence agents are masquerading as automated support accounts to trick victims into revealing sensitive Backup Recovery Keys through phishing messages. The FBI has warned that multiple clusters of Russian hackers, including FSB officers and military hackers, are actively targeting high-risk accounts.

Analyst 207
Person sitting in quiet room, holding smartphone with concern, surrounded by papers and laptop.

Russia Targets Messaging Credentials with Fake Support Texts

Beware of fake support texts that could compromise your personal data and sensitive information! A joint investigation by the Security Service of Ukraine and the FBI uncovered a systematic campaign to steal messaging platform credentials from government officials, military personnel, and activists worldwide.

Analyst 207
Person sits in quiet room with smartphone, papers, and blurred laptop screen, conveying cautious atmosphere.

FBI Warns of Russian Hackers Targeting Signal Backup Keys

Stay vigilant, as Russian hackers are now targeting Signal backup keys in an evolved phishing campaign, attempting to gain access to your historical message backups by tricking you into revealing these sensitive keys. Be cautious of messages masquerading as automated support accounts, as they may be part of this sinister plot.

Analyst 207
Smartphone with Signal app open on screen in a public setting.

FBI Warns of Russian Hackers Targeting Signal with Recovery Key Phishing

Beware of scammers posing as Signal support - the FBI and CISA warn that Russian hackers are using recovery key phishing to target users, so treat any in-app message from Signal support with extreme caution. Stay safe by being vigilant about unexpected messages.

Analyst 207
Texas Parks and Wildlife Department office with subtle digital system hint.

Texas Hunting License Data Breach Exposes Millions

A recent data breach at the Texas Parks and Wildlife Department may have exposed over three million hunting and fishing license customers, putting sensitive information like driver's license numbers and passport data at risk of being used for account takeover, synthetic identity fraud, and targeted phishing. This breach is just the beginning, as stolen data can be used for a range of malicious activities.

Analyst 207
Hotel front desk with computer workstation and blurred laptop screen in background.

Microsoft Uncovers ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft warns of a sneaky ZIP phishing campaign that's been targeting hotels across Europe and Asia since April 2026, using photo-themed attachments to deliver a Node.js implant to front-desk machines. The cleverly crafted emails, often written in Japanese, Danish, or Dutch, use urgent and reputation-focused themes to trick recipients into opening the malicious attachments.

Analyst 207
Fake pre-order website on a computer screen in a dimly lit room with cityscape view.

Scammers Exploit GTA 6 Hype with Fake Pre-Order Sites

Don't fall for fake GTA 6 pre-order sites promising early access - any unofficial offer is likely a scam, and Rockstar Games will only announce legitimate pre-orders through official channels. Scammers are using professional-looking sites to trick victims into paying hundreds of dollars in cryptocurrency for a fake VIP experience.

Analyst 207