Category: Phishing Attacks
-
Meta says it has disrupted a new campaign of WhatsApp phishing attacks linked to spyware vendor NSO Group. The company claims the activity violated a court order that permanently prohibited NSO from targeting WhatsApp users after a lengthy legal battle over the deployment of Pegasus spyware. The latest discovery suggests that efforts to target WhatsApp…
-
Visitors to several well-known websites recently faced an unexpected threat when fake Microsoft login prompts began appearing on pages associated with trusted brands. Security researchers traced the activity to a Polyfill-related compromise that allowed attackers to inject phishing content into legitimate websites, including pages connected to Toshiba and Muji. The incident demonstrates how cybercriminals continue…
-
Cybercriminals are targeting hotel guests with convincing payment scams after a data breach affected more than 100 hotels across Europe. The incident exposed reservation information belonging to travelers staying at properties in the Netherlands, Belgium, and Ireland. Attackers are now using the stolen data to send phishing messages that appear to come from legitimate hotels,…
-
Security researchers have uncovered a malware-as-a-service platform called BTMOB malware that allows cybercriminals to generate custom Android phishing payloads with minimal technical knowledge. The service gives attackers tools to create malicious Android applications, manage phishing campaigns, and remotely control infected devices. Researchers warned that the platform lowers the barrier for cybercriminals looking to target Android…
-
The FBI warned that cybercriminals are increasingly using the Kali365 phishing kit to hijack Microsoft 365 accounts while bypassing multi-factor authentication protections. According to investigators, Kali365 operates as a phishing-as-a-service platform distributed through Telegram channels and underground cybercrime communities. Instead of stealing passwords directly, the toolkit focuses on stealing OAuth access tokens and authenticated sessions.…
-
The Tycoon2FA phishing platform has resurfaced with a new attack method designed to hijack Microsoft 365 accounts through device-code phishing. Researchers warn that the updated campaign allows attackers to gain account access without directly stealing passwords, making the attacks more difficult to detect and block. Tycoon2FA already gained attention for bypassing multi-factor authentication through adversary-in-the-middle…
-
The ManageWP phishing attack is targeting WordPress administrators through malicious Google Ads that impersonate the legitimate ManageWP login page. Researchers discovered that attackers are purchasing sponsored Google search results designed to trick users into entering their GoDaddy credentials through fake login portals. The campaign specifically targets users of ManageWP, a GoDaddy-owned platform used to manage…
-
A growing ses phishing trend is raising concerns across the cybersecurity landscape. Attackers now exploit Amazon’s email infrastructure to send convincing phishing messages that slip past traditional security controls. Because these emails come from a trusted source, they often reach inboxes without triggering alerts. This shift shows how attackers adapt their methods. Instead of relying…
-
A new Bluekit phishing service is lowering the barrier for cybercriminals to run large-scale campaigns. By combining automation, ready-made templates, and AI tools, the platform simplifies what used to require advanced technical skills. What the platform includes The Bluekit phishing service operates as a phishing-as-a-service toolkit. It offers more than 40 templates designed to imitate…
-
The Robinhood phishing email flaw allowed attackers to send fake security alerts from legitimate company email addresses. Specifically, the issue originated in the account creation process, where attackers manipulated input fields to inject phishing content. As a result, this incident shows how trusted systems can be abused even without a direct breach. Account creation flow…