Category: Phishing Attacks
-
A LinkedIn phishing campaign is targeting executives by delivering weaponized files through direct messages. Attackers abuse the platform’s professional trust to convince senior employees to download files disguised as legitimate business documents. Once opened, the files install malware designed to evade detection and maintain long-term access. The campaign highlights how social networking platforms have become…
-
A CIRO phishing attack has exposed sensitive investor data after attackers gained unauthorized access to internal systems. The incident affects hundreds of thousands of individuals and highlights ongoing cybersecurity risks facing financial regulators. Even organizations tasked with protecting markets remain vulnerable to well-executed social engineering campaigns. The breach did not rely on advanced malware or…
-
Mustang Panda phishing activity escalated following a recent US operation tied to Venezuelan President Nicolás Maduro. The campaign shows how quickly state-linked threat actors react to geopolitical events. By exploiting breaking news, attackers attempt to increase trust and urgency among targeted recipients. Researchers say the operation focused on US government-related individuals and policy organizations. The…
-
Authorities in the United States have arrested a couple accused of running a multi-state credit card phishing scheme that targeted victims across several states. Investigators say the suspects used phone-based social engineering to steal credit card details and carry out fraudulent purchases. Law enforcement stopped the pair during a traffic stop after tracking suspicious financial…
-
Nigerian authorities have arrested the suspected developer of the Raccoon0365 phishing platform following an international cybercrime investigation. The arrest targets a service that enabled large-scale Microsoft 365 credential theft across multiple regions. Investigators linked the platform directly to phishing campaigns that compromised enterprise email accounts. By selling ready-made phishing infrastructure, the operator helped cybercriminals launch…
-
Mimecast link abuse drives a new wave of convincing phishing emails that bypass detection. Attackers exploited trusted link-rewriting features to send thousands of fake notifications and lure victims into credential theft attempts. Attackers exploit trusted link rewriting The campaign relied on a simple but powerful tactic. Mimecast rewrites outbound links to inspect them for threats.…
-
The GhostFrame phishing kit has emerged as a major threat in recent months. Security teams link the kit to large-scale credential theft campaigns that use advanced evasion and fast-shifting infrastructure. Its design hides malicious content behind clean HTML layers, which helps attackers bypass filters and reach targets across many sectors. This article explains how the…
-
A growing wave of credential-theft attacks is spreading across professional communities. Cybercriminals now use a Calendly phishing scam to steal Google Workspace and Facebook Business credentials. The attackers impersonate recruiters, send convincing interview invites and hijack accounts linked to advertising, brand management and business operations. The Calendly phishing scam has become one of the most…
-
Legacy MFA flaws stand out as the Tycoon 2FA phishing platform spreads across the criminal ecosystem. Attackers now use ready-made kits to hijack sessions protected by SMS codes, push notifications and authenticator apps. The rise of this platform shows how outdated MFA methods struggle against modern phishing tactics and real-time interception attacks. Companies still relying…
-
The TOAD phishing campaign has emerged as a serious threat targeting users of Microsoft Entra. Cybercriminals send guest-invite emails that appear legitimate but actually carry fake invoices and instructions to call malicious numbers. This tactic combines cloud identity abuse with telephone-oriented attack delivery and demands immediate defensive action. How the attack works Attackers exploit the…