Hacking, Information Security and Phishing

Nigerian man Sentenced to 26+ years in real estate phishing scams

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S. Ojelade was extradited to the U.S.

Scams

Scams Phishing Identity Theft Accountability

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing

Phishing Accountability Authentication Advertising

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. ” continues the report.

Phishing

Phishing Authentication Telecommunications Accountability

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Security Affairs

OCTOBER 30, 2024

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. The Midnight Blizzard group along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.

Phishing

Phishing Social Engineering Government Hacking

Attackers use CSS to create evasive phishing messages

Security Affairs

MARCH 17, 2025

Using CSS properties like text-indent , they conceal phishing text from victims while bypassing security parsers. The following phishing message impersonates the Blue Cross Blue Shield organization. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,phishing)

Phishing

Phishing Engineering Media Hacking

Morphing Meerkat phishing kits exploit DNS MX records

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS

DNS Phishing Banking Hacking

A large-scale phishing campaign targets WordPress WooCommerce users

Security Affairs

APRIL 28, 2025

A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. com , woocommerce-api[.]com

Phishing

Phishing Accountability DDOS Hacking

Tycoon2FA phishing kit rolled out significant updates

Security Affairs

APRIL 14, 2025

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. ” reported Trustwave.

Phishing

Phishing Hacking Cybersecurity Cybercrime

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs

NOVEMBER 23, 2024

Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation. Microsoft announced the disruption of the ONNX phishing service, another success against cybercrime which led to the seizure of 240 sites. Microsoft has tracked Nady, linked to phishing services since 2017.

Phishing

Phishing Cybercrime Financial Services Media

FBI shared a list of phishing domains associated with the LabHost PhaaS platform

Security Affairs

MAY 1, 2025

The FBI shared 42K phishing domains tied to LabHost, a PhaaS platform shut down in April 2024, to boost awareness and help identify compromises. The domain list helps prevent future malicious use, allows security teams to scan past logs for breaches, and supports phishing analysis and model training.

Phishing

Phishing Banking Threat Detection Authentication

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

“Cloaks attack strategy involves acquiring network access through Initial Access Brokers (IABs) or social engineering methods such as phishing, malvertising, exploit kits, and drive-by downloads disguised as legitimate updates like Microsoft Windows installers.” .” reads a report published by Halcyon.

Ransomware

Ransomware Hacking Social Engineering Manufacturing

Silent Ransom Group targeting law firms, the FBI warns

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. FBI warns Silent Ransom Group has targeted U.S. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. ” reads the alert issued by the FBI.

Social Engineering

Social Engineering Antivirus Phishing Engineering

Russia-linked APT Star Blizzard targets WhatsApp accounts

Security Affairs

JANUARY 16, 2025

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.

Accountability

Accountability Phishing Government Hacking

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. from fake websites (phishing sites) disguised as websites of real securities companies.” from fake websites (phishing sites) disguised as websites of real securities companies.”

Financial Services

Financial Services Passwords Accountability Antivirus

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. ” The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website.”

Phishing

Phishing Scams Malware Authentication

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. Korean and Chinese authorities dismantled a voice phishing syndicate that caused $1.1B in losses to 1,900+ victims. The operation led to 27 arrests and 19 indictments.

Cryptocurrency

Cryptocurrency Phishing Scams Cybercrime

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

Russia-linked APT29 group used red team tools in rogue RDP attacks

Security Affairs

DECEMBER 18, 2024

In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware.

Phishing

Phishing Government Firewall VPN

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime

Cybercrime Advertising Phishing Hacking

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

Security Affairs

JUNE 11, 2025

Meanwhile, Hong Kong Police analyzed over 1,700 intel items from INTERPOL, uncovering 117 command-and-control servers used for phishing, fraud, and social media scams. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, INTERPOL )

Cybercrime

Cybercrime Data collection Scams Cyber threats

Hacking campaign compromised at least 16 Chrome browser extensions

Security Affairs

DECEMBER 31, 2024

Threat actors targeted the publishers of the extensions on the Chrome Web Store via phishing messages, then once obtained access to their account inserted a malicious code into the code of the extensions. “On December 24, a phishing attack compromised a Cyberhaven employee’s credentials to the Google Chrome Web Store.

Hacking

Hacking Phishing VPN Malware

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

JANUARY 22, 2024

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches.

Phishing

Phishing Education Social Engineering Media

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Armageddon , Primitive Bear , ACTINIUM , Callisto ) targets Ukraine with a phishing campaign. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing

Phishing Antivirus Encryption Hacking

A crafty phishing campaign targets Microsoft OneDrive users

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users.

Phishing

Phishing DNS Social Engineering Engineering

OP KAERB: Europol dismantled phishing scheme targeting mobile users

Security Affairs

SEPTEMBER 21, 2024

A joint international law enforcement operation led by Europol dismantled a major phishing scheme targeting mobile users. Europol supported European and Latin American law enforcement agencies in dismantling an international criminal network that unlocks stolen or lost mobile phones using a phishing platform.

Mobile

Mobile Phishing Computers and Electronics Marketing

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Antivirus

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Security Affairs

APRIL 21, 2025

Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER.

Malware

Malware Phishing Encryption Hacking

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 8, 2024

Now He Wants to Help You Escape, Too Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack The Great Pokmon Go Spy Panic Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Artificial Intelligence

Artificial Intelligence Spyware Hacking Ransomware

Experts warn of a new wave of Bumblebee malware attacks

Security Affairs

OCTOBER 22, 2024

The malware is distributed through phishing messages using a malicious attachment or a link to the malicious archive containing Bumblebee. The Bumblebee infection detected by Netskope likely begins with a phishing email containing a ZIP file with an LNK file named “Report-41952.lnk” lnk” that, once executed, starts the attack chain.

Malware

Malware Phishing Ransomware Hacking

Chinese man charged for spear-phishing against NASA and US Government

Security Affairs

SEPTEMBER 17, 2024

US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. DoJ charged a Chinese national, Song Wu (39), who used spear-phishing emails to target employees of NASA, the U.S. Air Force, Navy, Army, and the FAA. Air Force, Navy, Army, and the FAA.” “According to U.S.

Phishing

Phishing Government Identity Theft Engineering

Phishing attacks target mobile users via progressive web applications (PWA)

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The technique allows the installation of a phishing application from a third-party website without requiring the user to enable third-party app installations. ” reads the report published by ESET.

Phishing

Phishing Mobile Banking Social Engineering

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing

Phishing Cybercrime Advertising Hacking

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. They also attempted to send malware-laden emails to OpenAI employees, but the spear-phishing campaign was detected and neutralized.

Malware

Malware Social Engineering Engineering Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs

OCTOBER 20, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for Linux Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Technical Analysis of DarkVision RAT Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service (..)

Malware

Malware Ransomware Encryption Phishing

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT.

Phishing

Phishing Malware Accountability Hacking

DPRK-linked BlueNoroff used macOS malware with novel persistence

Security Affairs

NOVEMBER 7, 2024

The initial attack vector is a phishing email containing a link to a malicious application disguised as a link to a PDF document relating to a cryptocurrency topic such as “Hidden Risk Behind New Surge of Bitcoin Price”, “Altcoin Season 2.0-The The attackers exploit a unique, novel persistence method via the zshenv configuration file.

Malware

Malware Risk Architecture Cryptocurrency

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. If convicted, the man could face up to 20 years in prison for each wire fraud count, 10 years for each computer hacking charge, and 5 years for conspiracy to commit computer fraud and abuse.

Cybercrime

Cybercrime Ransomware Healthcare Education

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. A primary culprit of these attacks is the lack of understanding of application programming interfaces, or APIs.

Hacking

Hacking Penetration Testing Data breaches Authentication

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

Representatives of the Security Service of Ukraine and the General Staff of the Armed Forces of Ukraine warned that Russia-linked threat actors are actively using Telegram for cyberattacks, spreading phishing and malware, geolocating users, adjusting missile strikes, etc. continues the announcement.

Government

Government Surveillance Mobile Hacking

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government

Government Phishing Malware Banking

Crooks are reviving the Grandoreiro banking trojan

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. Attackers also employ encrypted or password-protected files to evade security detection.

Banking

Banking Phishing Malware Passwords

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

. “The analyses of the TTPs used during APT28 campaigns since 2021 and the recommendations published in October of 2023 remain relevant and may be consulted on the website of the CERT-FR” APT28’s attack chain begins with phishing and brute-force attacks, along with zero-day exploitation (e.g. CVE-2023-23397 ).

Government

Government Phishing DNS VPN

Nigerian man Sentenced to 26+ years in real estate phishing scams

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Trending Sources

Storm-2372 used the device code phishing technique since August 2024

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Attackers use CSS to create evasive phishing messages

Morphing Meerkat phishing kits exploit DNS MX records

A large-scale phishing campaign targets WordPress WooCommerce users

Tycoon2FA phishing kit rolled out significant updates

Microsoft seized 240 sites used by the ONNX phishing service

FBI shared a list of phishing domains associated with the LabHost PhaaS platform

Cloak ransomware group hacked the Virginia Attorney General’s Office

Silent Ransom Group targeting law firms, the FBI warns

Russia-linked APT Star Blizzard targets WhatsApp accounts

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Russia-linked APT29 group used red team tools in rogue RDP attacks

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

Hacking campaign compromised at least 16 Chrome browser extensions

“My Slice”, an Italian adaptive phishing campaign

Russia-linked Gamaredon targets Ukraine with Remcos RAT

A crafty phishing campaign targets Microsoft OneDrive users

OP KAERB: Europol dismantled phishing scheme targeting mobile users

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION

Experts warn of a new wave of Bumblebee malware attacks

Chinese man charged for spear-phishing against NASA and US Government

Phishing attacks target mobile users via progressive web applications (PWA)

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Iran and China-linked actors used ChatGPT for preparing attacks

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

DPRK-linked BlueNoroff used macOS malware with novel persistence

Russian Phobos ransomware operator faces cybercrime charges

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

CERT-UA warns of a phishing campaign targeting government entities

Crooks are reviving the Grandoreiro banking trojan

France links Russian APT28 to attacks on dozen French entities

Stay Connected