Phishing

New phishing-as-a-service platform bypasses MFA via OAuth device code flow. FBI PSA details how Kali365's AI-generated lures and $250/month pricing are enabling widespread credential theft.

SOCRadar documents a persistent phishing operation that stole 2,000+ credentials from aviation, energy, and government sectors over four years using GitHub-hosted infrastructure.

New ConsentFix v3 attack automates Microsoft Azure OAuth credential theft using Pipedream webhooks and Cloudflare phishing pages. Pre-trusted apps bypass MFA entirely.

A Vietnamese threat actor dubbed AccountDumpling compromised 30,000 Facebook Business accounts using Google AppSheet emails to bypass spam filters.

Google Cloud uncovers UNC6692, a threat actor impersonating IT helpdesk staff on Microsoft Teams to deploy the modular SNOW malware suite targeting senior executives.

Attackers are distributing PlugX malware through phishing campaigns impersonating Anthropic's Claude AI. The fake installer abuses a legitimate G DATA binary for DLL sideloading.

Booking.com confirms hackers accessed customer reservation data including names, emails, phone numbers, and booking details. Company resets PINs but won't disclose breach scope.

Google warns of UNC6783 threat actor using Okta and Zendesk phishing to breach BPO providers, stealing 13M Adobe support tickets and bug bounty data. FIDO2 keys recommended.

Brazilian threat actor Augmented Marauder targets Latin America and Europe with Casbaneiro banking trojan, using dynamically generated court summons PDFs and Horabot for worm-like propagation.

Threat actor UAC-0255 sent 1 million phishing emails posing as CERT-UA to distribute the AGEWHEEZE remote access trojan targeting Ukrainian organizations.

Attackers are posting thousands of fake Visual Studio Code vulnerability alerts in GitHub Discussions, using fabricated CVEs and urgent language to trick developers into downloading malware.

Fake copyright infringement notices target healthcare and government organizations in Germany and Canada with fileless PureLog Stealer malware. Campaign uses language-matched lures.

Global coalition seizes 330 domains powering Tycoon 2FA, a phishing-as-a-service platform that bypassed MFA to compromise 96,000 victims across 500,000 organizations.

FBI and CISA alert reveals Russian intelligence operatives have hijacked thousands of Signal and WhatsApp accounts belonging to US officials, military, and journalists through phishing attacks.

Attackers compromised 889 Starbucks Partner Central accounts using fake login portals, exposing employee names, Social Security numbers, and bank details.

Global law enforcement operation spanning 72 countries arrests 94 cybercriminals and dismantles 45,000 malicious IPs tied to phishing, ransomware, and fraud networks.

Active phishing campaign uses spoofed email chains to trick LastPass users into revealing master passwords. Attackers generate thousands of URL variants leading to fake SSO pages.

SANS ISC documents phishing campaign using fabricated incident reports to steal MetaMask wallet credentials. Attackers host phishing pages on AWS S3.

Check Point documents 44% spike in fake Valentine's domains with 97.5% unclassified. Four in ten Valentine-themed emails are scams targeting U.S. consumers.

Germany's BfV and BSI issued a joint advisory warning of state-sponsored phishing campaigns targeting politicians, military officials, and journalists through Signal's device linking feature.

SANS ISC handler Xavier Mertens documents phishing campaigns using malformed URL parameters to evade regex detection, URL normalization, and IOC extraction.

Learn what phishing is, the different types of phishing attacks (email, SMS, voice), red flags to watch for, and how to protect yourself from scams.

Attackers exploit Google Presentations' publish mode to host phishing pages that bypass Google's own security warnings, targeting Vivaldi Webmail users.

Microsoft disrupts multi-stage attack combining adversary-in-the-middle phishing with BEC. Attackers abused SharePoint and inbox rules for persistence.

Fake maintenance emails urge users to backup their vaults before a deadline, redirecting victims to credential-harvesting sites. The campaign launched over MLK weekend.

Coordinated takedown seizes cybercrime service that enabled 191,000 account compromises. Operation marks Microsoft's 35th action against criminal infrastructure.

Fancy Bear campaigns from February through September 2025 targeted energy, defense, and policy organizations using fake VPN and email login pages.

Tenants using default settings will get automatic protection against weaponizable file types and malicious URLs. Administrators who want to opt out must act before the rollout.

Threat actors spoof organization domains by abusing complex mail routing and weak DMARC policies. Microsoft blocked 13 million malicious emails in October alone.

Attackers abuse Google Cloud Application Integration to send phishing emails that bypass SPF, DKIM, and DMARC, targeting 3,200 organizations globally.

CloudSEK identifies Chinese threat group Silver Fox targeting Indian organizations with phishing emails disguised as income tax department communications.