Latest Phishing news

Russian military hackers target Ukraine with new MASEPIE malware

Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.
- Bill Toulas
- December 28, 2023
- 12:43 PM
- 0
Crypto drainer steals $59 million from 63k people in Twitter ad push

Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.
- Bill Toulas
- December 21, 2023
- 04:23 PM
- 0
New phishing attack steals your Instagram backup codes to bypass 2FA

A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account.
- Bill Toulas
- December 20, 2023
- 02:35 PM
- 2
New Web injections campaign steals banking data from 50,000 people

A new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan.
- Bill Toulas
- December 19, 2023
- 03:36 PM
- 0
WordPress hosting service Kinsta targeted by Google phishing ads

WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials.
- Mayank Parmar
- December 17, 2023
- 06:46 PM
- 0
Qbot malware returns in campaign targeting hospitality industry

The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer.
- Lawrence Abrams
- December 17, 2023
- 10:09 AM
- 0
Discord adds Security Key support for all users to enhance security

Discord has made security key multi-factor authentication (MFA) available for all accounts on the platform, bringing significant security and anti-phishing benefits to its 500+ million registered users.
- Bill Toulas
- December 14, 2023
- 01:21 PM
- 0
BazarCall attacks abuse Google Forms to legitimize phishing emails

A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate.
- Bill Toulas
- December 13, 2023
- 03:34 PM
- 1
Microsoft: OAuth apps used to automate BEC and cryptomining attacks

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining.
- Sergiu Gatlan
- December 12, 2023
- 06:53 PM
- 0
UK and allies expose Russian FSB hacking group, sanction members

The UK National Cyber Security Centre (NCSC) and Microsoft warn that the Russian state-backed actor "Callisto Group" (aka "Seaborgium" or "Star Blizzard") is targeting organizations worldwide with spear-phishing campaigns used to steal account credentials and data.
- Bill Toulas
- December 07, 2023
- 11:38 AM
- 0
Fake WordPress security advisory pushes backdoor plugin

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin.
- Bill Toulas
- December 04, 2023
- 12:19 PM
- 4
DarkGate and Pikabot malware emerge as Qakbot’s successors

A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled.
- Bill Toulas
- November 21, 2023
- 10:55 AM
- 0
Bloomberg Crypto X account snafu leads to Discord phishing attack

The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack.
- Sergiu Gatlan
- November 17, 2023
- 06:01 PM
- 1
FBI shares tactics of notorious Scattered Spider hacker collective

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..
- Bill Toulas
- November 16, 2023
- 04:55 PM
- 0
Police takes down BulletProftLink large-scale phishing provider

The notorious BulletProftLink phishing-as-a-service (PhaaS) platform that provided more than 300 phishing templates has been seized, the Royal Malaysian Police announced.
- Bill Toulas
- November 11, 2023
- 11:06 AM
- 0
D-Link confirms data breach after employee phishing attack

Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
- Sergiu Gatlan
- October 17, 2023
- 02:48 PM
- 0
ToddyCat hackers use 'disposable' malware to target Asian telecoms

A newly discovered campaign dubbed "Stayin' Alive" has been targeting government organizations and telecommunication service providers across Asia since 2021, using a wide variety of "disposable" malware to evade detection.
- Bill Toulas
- October 12, 2023
- 10:09 AM
- 0
LinkedIn Smart Links attacks return to target Microsoft accounts

Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials.
- Bill Toulas
- October 11, 2023
- 09:00 AM
- 0
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing

A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings.
- Bill Toulas
- October 03, 2023
- 09:00 AM
- 0
New ZeroFont phishing tricks Outlook into showing fake AV-scans

Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook.
- Bill Toulas
- September 26, 2023
- 05:32 PM
- 0