Tag: phishingcampaigns
5 articles

Whisper 2FA: Exclusive Risky Phishing Threat
Think 2FA is foolproof? Researchers warn Whisper 2FA — a phishing‑as‑a‑service tool tied to roughly one million credential‑theft attempts since July 2025 — shows attackers can cheaply scale real‑time relay attacks, so phishing‑resistant authentication and layered defenses are now essential.

Smishing via Cellular Routers: Stunning Risk, Top Fixes
Think your router couldn’t text? Belgian users are being targeted by smishing that hijacks Milesight cellular routers to send phishing SMS from devices on their own networks — check for firmware updates, change default passwords, and disable any SMS features you don’t use.

RMM tools Must-Have: Stunning Best Defenses
Attackers are weaponizing legitimate remote-management tools with convincing phishing that tricks users into installing or granting access—letting them move laterally, steal data, or deploy ransomware. Learn practical defenses—from behavioral analytics and least-privilege RMM setups to MFA, segmentation, and clear user procedures—that stop these dual-use tools from becoming a corporate catastrophe.

Axios user agent Dangerous Surge: Must-Have Defense
A routine Axios user‑agent has been weaponized — ReliaQuest found a 241% surge in phishing that spoofs the header to evade filters and increase clicks. Security teams need to stop trusting user‑agent strings alone and adopt layered defenses before attackers scale this trick further.

Salesloft and Drift Risky Breach: Must-Have Defenses
When attackers siphoned customer data from Salesloft and Drift this week and impacted security names like Qualys and Tenable, it became painfully clear that your defenses are only as strong as the third‑party tools your team uses. Now’s the time to tighten API tokens, enforce MFA, and treat vendor risk as a core part of your security posture before contact lists become high‑value phishing and BEC fodder.