Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering 131

Engineering Phishing Banking Authentication 131

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S. ” reads the press release published by DoJ.

Scams 127

Scams Phishing Identity Theft Accountability 127

Security Boulevard

JANUARY 9, 2025

A bad actor is using a Microsoft 365 test domain and a self-created distribution list to bypass traditional email protections and entice victims to hand over their PayPal account information in what Fortinet's CISO is calling a "phish-free" phishing campaign.

CISO 113

CISO Phishing Accountability Social Engineering 113

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Another 4,800 could even read information from an Android devices Notifications bar to obtain the same info.

Phishing 132

Phishing Passwords Mobile Authentication 132

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing 338

Phishing DNS Scams Technology 338

Schneier on Security

JANUARY 17, 2025

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website.

Social Engineering 284

Social Engineering Engineering Phishing 284

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing 108

Phishing Identity Theft Cryptocurrency Cybercrime 108

Penetration Testing

MAY 22, 2025

The Rhadamanthys stealer, a notorious information-stealing malware, has returned with a new wave of targeted phishing attacks sweeping The post Rhadamanthys Stealer Returns: Copyright Phishing Targets Europe appeared first on Daily CyberSecurity.

Phishing 106

Phishing Malware Cybersecurity Scams 106

Malwarebytes

APRIL 1, 2025

Once logged in, follow the prompts to review and confirm your tax information. If the receiver were to scan the QR code, they would be sent to a phishing site. The IRS’s annual Dirty Dozen list of tax scams shows common schemes that threaten your tax and financial information. Please do not reply to this email.

Scams 140

Scams Phishing Artificial Intelligence Social Engineering 140

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing 116

Phishing Accountability Authentication Advertising 116

Security Boulevard

JANUARY 27, 2025

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say.

Mobile 116

Mobile Scams Phishing Social Engineering 116

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing 118

Phishing Authentication Telecommunications Accountability 118

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft 269

Identity Theft Phishing Cryptocurrency Accountability 269

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

Malware 133

Malware Encryption Phishing Hacking 133

Malwarebytes

MARCH 26, 2025

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. If you have any questions or need more information, please contact the guest directly or through our platform. Press Ctrl + V.

Phishing 123

Phishing Malware Passwords Password Management 123

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Please contact us at [link] to get more information on how to fix this issue.” A reader named Chris shared an email he received this week that spoofed GitHub’s security team and warned: “Hey there!

Phishing 327

Phishing Scams Malware Passwords 327

Krebs on Security

MARCH 14, 2025

In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks. From there, they sent out phishing messages asking for financial information from people who’d just booked travel through the company’s app. Source: Sekoia.

Phishing 285

Phishing Malware Scams Passwords 285

Security Affairs

MARCH 17, 2025

Using CSS properties like text-indent , they conceal phishing text from victims while bypassing security parsers. The following phishing message impersonates the Blue Cross Blue Shield organization. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,phishing)

Phishing 121

Phishing Engineering Media Hacking 121

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing 106

Phishing Authentication Engineering Banking 106

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. How to avoid AI Gmail phishing Never click on links or download files from unexpected emails or messages. Don’t enter personal information on a website unless you are certain it is legitimate.

Phishing 110

Phishing Artificial Intelligence Identity Theft Accountability 110

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 86

Phishing Mobile Social Engineering Data breaches 86

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS 89

DNS Phishing Banking Hacking 89

The Hacker News

MAY 27, 2025

The campaign leverages "information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims,"

Social Engineering 114

Social Engineering Phishing Engineering Technology 114

SecureWorld News

APRIL 7, 2025

One of the most pressing challenges in cybersecurity is the rise of AI-driven phishing campaigns. Recent findings from Hoxhunt reveal that artificial intelligence is now outpacing human red teams in developing more sophisticated phishing attacks.

Phishing 98

Phishing Artificial Intelligence Cyber threats Cybersecurity 98

Krebs on Security

AUGUST 28, 2024

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. The information requested from people who visited votewin.org via the SMS campaign. Image: WDIV Detroit on Youtube. Red flag #1.

Phishing 316

Phishing Scams Mobile Advertising 316

Security Affairs

OCTOBER 30, 2024

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. “On October 22, 2024, Microsoft identified a spear-phishing campaign in which Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations.

Phishing 126

Phishing Social Engineering Government Hacking 126

Security Affairs

APRIL 28, 2025

A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. com , woocommerce-api[.]com

Phishing 93

Phishing Accountability DDOS Hacking 93

Krebs on Security

NOVEMBER 9, 2024

. “Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI warned. Don’t be discouraged.

Hacking 294

Hacking Accountability Government Social Engineering 294

Security Affairs

MAY 1, 2025

The FBI shared 42K phishing domains tied to LabHost, a PhaaS platform shut down in April 2024, to boost awareness and help identify compromises. The domain list helps prevent future malicious use, allows security teams to scan past logs for breaches, and supports phishing analysis and model training.

Phishing 78

Phishing Banking Threat Detection Authentication 78

Krebs on Security

DECEMBER 18, 2024

The message included a “Google Support Case ID number” and information about the Google representative supposedly talking to him on the phone, stating the rep’s name as “Ashton” — the same name given by the caller. I put my seed phrase into a phishing site, and that was it.”

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

eSecurity Planet

JUNE 9, 2025

According to HMRC, criminals used stolen personal data, likely obtained through phishing emails or from third-party sources, to either access or create fake PAYE (Pay As You Earn) tax accounts. HMRC has already locked down affected accounts, removed incorrect information, and reset login details.

Scams 81

Scams Phishing Password Management Accountability 81

eSecurity Planet

MAY 28, 2025

Adam Mosseri, the head of Instagram, revealed that he nearly fell for a highly convincing phishing attack that appeared to come from Google. The scam, which combined a phone call and a cleverly disguised email, highlights just how advanced phishing methods are becoming, even fooling seasoned tech leaders.

Scams 76

Scams Phishing Passwords Media 76

Security Affairs

APRIL 14, 2025

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. ” reported Trustwave.

Phishing 83

Phishing Hacking Cybersecurity Cybercrime 83

Malwarebytes

NOVEMBER 1, 2024

The threat, dubbed “Phish ‘n Ships” by the researchers, reportedly infected more than 1,000 websites and built 121 fake web stores to trick consumers. If you are suspicious, it’s a good idea to try the input validation of the shipping information. So, what can consumers do to stay safe?

Phishing 125

Phishing Advertising Engineering Risk 125

Malwarebytes

APRIL 8, 2025

By purchasing prominent Google Ads, they are creating highly convincing fake login pages designed to pilfer sensitive information, including usernames, passwords, and even one-time passcodes (OTPs) the keys to someone’s financial data needed for tax compliance. Malicious QuickBooks domains quicckboocks-accounting[.]com

Phishing 85

Phishing Scams Accountability Authentication 85

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. And BEARHOST has been cultivating its reputation since at least 2019.

Malware 262

Malware Antivirus Software DDOS 262

Krebs on Security

APRIL 30, 2025

Buchanan was arrested in Spain last year on a warrant from the FBI, which wanted him in connection with a series of SMS-based phishing attacks in the summer of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and many other tech firms. A Scattered Spider/0Ktapus SMS phishing lure sent to Twilio employees in 2022.

Identity Theft 195

Identity Theft Phishing Cryptocurrency Cybercrime 195