Tag: phishing
689 articles

Cloud Atlas Expands Arsenal with New Tools, Payloads
Cloud Atlas is beefing up its toolkit with fresh tools and payloads, including a blast from the past - the notorious CVE-2018-0802 Microsoft Office Equation Editor vulnerability. The group is also reviving its use of ZIP archives with malicious LNK shortcuts that trigger PowerShell scripts, keeping security experts on high alert.

Crypto Drainers Evolve Into Sophisticated Service Platforms
Meet the modern Drainer-as-a-Service model, where affiliates supply victims through phishing links and fake websites, while the service handles the technical heavy lifting, including signatures, approvals, and token transfers, with operators taking a 20% commission from successful scams. This sophisticated platform is a far cry from ad-hoc phishing, with a business model that's both lucrative and alarmingly efficient.

Barracuda Warns of CypherLoc Scareware Targeting Millions
Millions of users are under attack by the CypherLoc scareware, with Barracuda researchers tracking around 2.8 million attacks since January 2026 alone. This staggering number reveals a coordinated and widespread campaign that's putting tens of millions of people at risk.

Vulnerability Exploitation Surges in Data Breaches
Vulnerability exploitation is now the top attack vector, responsible for a staggering one-third of all data breaches. This alarming trend highlights the urgent need for robust patch management and cybersecurity measures to stay ahead of threats.

INTERPOL Disrupts Cybercrime Networks with 'Operation Ramz' Arrests
In a major crackdown on cybercrime, INTERPOL's Operation Ramz has led to over 200 arrests and identified 382 suspects across 13 countries in the Middle East and North Africa, disrupting phishing, malware, and online fraud networks that cost the region dearly. The operation resulted in the seizure of 53 servers and uncovered nearly 8,000 intelligence packages linked to over 3,800 victims.

Tycoon2FA Exploits Microsoft 365 with Device-Code Phishing
Beware of Tycoon2FA's sneaky phishing tactics: victims are tricked into granting OAuth tokens to attackers through Microsoft's own device-login flow after clicking a malicious link. This comeback kid of a phishing kit has bounced back from a March disruption, now with added layers of obfuscation to evade detection.

Security Teams Overlook AI-Enabled Threats in Cloud Risk Management
Cyber threats are evolving at an alarming rate, with AI-enabled attackers now launching faster and more sophisticated attacks on cloud and hybrid environments. Security teams must stay vigilant against emerging threats like AI-driven phishing, malware, and credential compromise.

BWH Hotels Reservation Data Exposed to Cybercrooks
BWH Hotels guests are being warned to stay vigilant after a data breach exposed reservation information to cybercriminals, and customers are urged to watch out for potential phishing scams.

Phishing Campaigns Exploit Vercel's AI Tools
Scammers are using Vercel's AI tools to create super-realistic phishing sites that mimic popular brands, making it easier for them to trick victims into handing over sensitive info. This clever tactic allows attackers to quickly recreate malicious pages, even if they're taken down.

Hackers exploit Google ads for ManageWP phishing scam
Beware of a sneaky phishing scam targeting ManageWP users, where hackers use Google ads to trick victims into divulging their login credentials on a fake website that looks identical to the real one. This clever attack can put hundreds of sites at risk, since each ManageWP account typically hosts multiple sites.

Phishing Campaign Targets 35,000 Users in 2 Days
In just 48 hours, a massive phishing campaign hit over 35,000 users across 13,000 organizations in 26 countries, with nearly 1 in 5 targets in the healthcare and life sciences sector. The alarming attack highlights the speed and scale of modern phishing operations.

Attackers Exploit Amazon SES to Bypass Email Security in Phishing Campaigns
Phishing campaigns are now using Amazon's Simple Email Service to make malicious messages look legit, bypassing standard email security checks and putting victims at risk of revealing sensitive data. By exploiting Amazon SES's trusted reputation and authentication features, attackers are making it harder to spot phishing emails.

Telegram Abused for Crypto Scams and Android Malware Delivery
Researchers uncovered a massive scam operation, dubbed FEMITBOT, that uses Telegram's Mini Apps to spread fake crypto platforms, brand impersonations, and Android malware, with a single API string tying it all together. Victims are lured in with a convincing, app-like interface that tricks them into divulging sensitive info.

Phishing campaigns increasingly harness AI to evade detection
Phishing campaigns are getting smarter by the minute, with a whopping 86% of recent attempts leveraging AI to sneak past detection. This marks a significant jump from just two years ago, when AI was used in 80% of phishing ops.

Phishing Kit Bluekit Incorporates AI to Streamline Attacks
Meet Bluekit, a cutting-edge phishing kit that's revolutionizing the game with an AI Assistant panel, pairing traditional templates with advanced AI models to help cybercriminals quickly draft campaign materials. This innovative tool is streamlining attacks, making it easier for malicious actors to launch sophisticated phishing campaigns.

Ukraine Arrests Hackers Behind 610,000 Roblox Account Breach
Ukrainian authorities have cracked down on a group of hackers responsible for breaching over 610,000 Roblox accounts in a months-long phishing scam that harvested credentials and tokens. The stolen access was used to snag in-game items and Robux, Roblox's virtual currency.

Cyberattacks Expose 1.8M RDP Servers Online
A shocking 1.8 million RDP servers are currently vulnerable to cyberattacks, leaving them open to exploitation by opportunistic hackers. Canadian authorities have also cracked down on SMS blaster phishing, arresting three men and seizing a device that sent fake texts to unsuspecting phones.

Phishing Exploits Persist, Breaching Half of UK Businesses
Phishing attacks remain a major threat, with nearly half of UK businesses falling victim to these scams in the past year, and a staggering 85% of breaches involving phishing as the primary entry point. These attacks often rely on human error, using tactics like impersonation emails and fake logins to trick staff into handing over sensitive information.

Robinhood Flaw Exploited to Send Convincing Phishing Emails
Scammers have found a way to send fake emails that look like they're really from Robinhood, complete with convincing details like unusual IP addresses and partial phone numbers. These phishing emails even appeared to come from Robinhood's official email address, making them super convincing.

Canada Cracks Down on Rogue Cellular Tower Used for Mass Phishing Texts
Imagine receiving a text from your bank or favorite store, but it's actually a sneaky scam - that's what happened in Toronto when a rogue cellular tower started sending out mass phishing texts to unsuspecting users. Canadian authorities cracked down on the culprit in a sting operation dubbed Project Lighthouse.

Microsoft Update Disrupts Remote Desktop Security Warnings
Microsoft's latest update aimed at boosting Remote Desktop security may have an unintended consequence: a display-scaling bug that makes crucial security warnings hard to read or even unreadable. This glitch comes at a critical time, as the update was designed to protect against phishing attacks that exploit .rdp files.

Scammers Exploit Trust in Remote Job Interviews
Boris Vujičić thought he had landed a legit remote job interview, but the scammers behind it expertly gained his trust, convincing him to let his guard down long enough to hack into his laptop. A fake LinkedIn recruiter, a professional website, and a convincing Zoom call with a person named Zam Villalon were all part of their clever scheme.

Scotland's Scattered Spider Affiliate Pleads Guilty in US Cryptocurrency Heist
A Scottish affiliate of the notorious Scattered Spider cybercrime crew has pleaded guilty in the US to stealing at least $8 million in cryptocurrency through a cunning phishing and SIM-swap scheme. This guilty plea raises a pressing question: what can $8 million buy in the shadowy world of digital theft?

Iran's Cyber Threat Landscape Intensifies
Iran's cyber threat landscape is escalating, with phishing, hacktivist operations, and criminal activity converging to create a complex risk picture. A recent Unit 42 threat brief offers valuable insights and practical guidance to help defenders stay ahead of these emerging threats.