Category: Phishing Attacks
-
The GhostFrame phishing kit has emerged as a major threat in recent months. Security teams link the kit to large-scale credential theft campaigns that use advanced evasion and fast-shifting infrastructure. Its design hides malicious content behind clean HTML layers, which helps attackers bypass filters and reach targets across many sectors. This article explains how the…
-
A growing wave of credential-theft attacks is spreading across professional communities. Cybercriminals now use a Calendly phishing scam to steal Google Workspace and Facebook Business credentials. The attackers impersonate recruiters, send convincing interview invites and hijack accounts linked to advertising, brand management and business operations. The Calendly phishing scam has become one of the most…
-
Legacy MFA flaws stand out as the Tycoon 2FA phishing platform spreads across the criminal ecosystem. Attackers now use ready-made kits to hijack sessions protected by SMS codes, push notifications and authenticator apps. The rise of this platform shows how outdated MFA methods struggle against modern phishing tactics and real-time interception attacks. Companies still relying…
-
The TOAD phishing campaign has emerged as a serious threat targeting users of Microsoft Entra. Cybercriminals send guest-invite emails that appear legitimate but actually carry fake invoices and instructions to call malicious numbers. This tactic combines cloud identity abuse with telephone-oriented attack delivery and demands immediate defensive action. How the attack works Attackers exploit the…
-
The Polish municipalities phishing campaign has targeted mayors and senior officials across the country with malicious emails disguised as official government communication. Attackers posed as the Ministry of Digital Affairs and attempted to trick municipal leaders into opening malware-laden attachments. This incident underscores how local government networks remain attractive targets for well-planned social-engineering campaigns. How…
-
A massive outage at Amazon Web Services (AWS) disrupted major online platforms and triggered new cybersecurity concerns. Experts warn that the AWS outage phishing attacks could follow as cybercriminals rush to exploit user confusion and system instability. The outage caused widespread service failures across streaming platforms, online retailers, and financial services. Users experienced login errors,…
-
AI platforms fake CAPTCHA phishing campaigns are rising sharply. Attackers abuse services like Vercel, Netlify, and Lovable to host convincing CAPTCHA pages. These fake security checks redirect users to credential theft sites, making phishing harder to detect. How the Scam Works Cybercriminals exploit low-code AI platforms to deploy phishing campaigns quickly. They publish sites with…
-
Microsoft seizes phishing sites connected to Raccoon0365, a Nigerian group running a subscription-based cybercrime service. Nearly 340 domains were taken down. These websites hosted fake Microsoft login pages designed to steal credentials. The takedown is one of the largest anti-phishing operations Microsoft has led this year. How Raccoon0365 Operated The group launched its service in…
-
VoidProxy phishing service is targeting Microsoft 365 and Google accounts with advanced techniques. Security researchers warn that the service enables large-scale credential theft and account takeovers. The attacks highlight growing threats from adversary-in-the-middle tactics. How the Attacks Work Attackers launch phishing campaigns using compromised marketing platforms and third-party email tools. Victims receive links that redirect…
-
Authorities have confirmed a Moldovan espionage scandal after the arrest of a former intelligence official accused of leaking secrets to Belarus. The suspect, previously a senior figure in Moldova’s Information and Security Service, allegedly passed sensitive state documents to Belarusian operatives during secret meetings. The arrest took place in Romania on September 8, 2025. It…