phishing

Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers

Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers 2026-07-10 at 14:06 By Ionut Arghire The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages. The post Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers Read More »

Thousands of malicious AI skills found capable of stealing data, running malware

Thousands of malicious AI skills found capable of stealing data, running malware 2026-07-08 at 12:00 By Anamarija Pogorelec AI agents can browse the web, use external tools, execute commands, and perform tasks on behalf of users. Many rely on skills that define how they interact with services and data. Malicious skills can abuse those capabilities

Thousands of malicious AI skills found capable of stealing data, running malware Read More »

The ARToken phishing panel targets Microsoft 365 accounts

The ARToken phishing panel targets Microsoft 365 accounts 2026-07-01 at 13:00 By Sinisa Markovic Accounts-payable staff at U.S. companies keep receiving invoice emails that look like they come from vendors they already work with. One landed at a life-sciences company in April 2026, addressed to the person who handles payments and written in the voice

The ARToken phishing panel targets Microsoft 365 accounts Read More »

$3 Million Reportedly Stolen in Polymarket Hack

$3 Million Reportedly Stolen in Polymarket Hack 2026-06-26 at 12:47 By Eduard Kovacs The decentralized prediction market said hackers targeted some of its users through a compromise of a third-party vendor. The post $3 Million Reportedly Stolen in Polymarket Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

$3 Million Reportedly Stolen in Polymarket Hack Read More »

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials 2026-06-26 at 12:26 By Sinisa Markovic Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during MFA prompts, has been identified by researchers at Fortra. Fortra based its analysis on

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials Read More »

Algerian national accused of running cybercrime marketplaces extradited to US

Algerian national accused of running cybercrime marketplaces extradited to US 2026-06-24 at 17:09 By Sinisa Markovic An Algerian national accused of running online marketplaces that sold phishing kits and fraud tools has been extradited from Spain to the United States to face bank fraud conspiracy charges. The post Algerian national accused of running cybercrime marketplaces

Algerian national accused of running cybercrime marketplaces extradited to US Read More »

Phishing attack on healthcare firm Xsolis impacts 1.4 million people

Phishing attack on healthcare firm Xsolis impacts 1.4 million people 2026-06-24 at 15:00 By Sinisa Markovic Healthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network. The company develops AI-powered software for hospitals, health systems, and health plans and serves more than 600 hospitals and health insurers. “On January

Phishing attack on healthcare firm Xsolis impacts 1.4 million people Read More »

Phishing hides in routine Microsoft 365 workflows

Phishing hides in routine Microsoft 365 workflows 2026-06-23 at 11:26 By Sinisa Markovic Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow. A user may see what looks like

Phishing hides in routine Microsoft 365 workflows Read More »

Operation FanTrap: Inside the FIFA 2026 Fraud Ecosystem

Operation FanTrap: Inside the FIFA 2026 Fraud Ecosystem 2026-06-18 at 17:05 By Ashish Khaitan Executive Summary  The FIFA World Cup 2026 has become more than a global sporting event. It has evolved into a large-scale cybercrime opportunity exploited by threat actors through a coordinated ecosystem of fraudulent domains, social media channels, messaging platforms, pirated streaming

Operation FanTrap: Inside the FIFA 2026 Fraud Ecosystem Read More »

FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service

FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service 2026-06-15 at 12:31 By Ionut Arghire The platform used more than 9,000 phishing sites, stealing nearly 4 million credit cards and causing roughly $1.9 billion in losses. The post FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service Read More »

Cybercriminals are moving away from mass phishing campaigns

Cybercriminals are moving away from mass phishing campaigns 2026-06-12 at 13:47 By Sinisa Markovic Phishing activity declined by roughly 20% in both 2024 and 2025, according to research from Zscaler’s ThreatLabz team. The drop followed years of growth that pushed phishing activity above 2 billion hits in 2023. “Phishing volume measured by blocked emails is

Cybercriminals are moving away from mass phishing campaigns Read More »

New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials

New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials 2026-06-10 at 17:24 By Sinisa Markovic A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42. The attack relies on a fake browser

New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials Read More »

MokN Raises $15 Million for Phish-Back Platform

MokN Raises $15 Million for Phish-Back Platform 2026-05-29 at 17:34 By Ionut Arghire MokN’s platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abuse occurs. The post MokN Raises $15 Million for Phish-Back Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

MokN Raises $15 Million for Phish-Back Platform Read More »

LinkedIn-themed phishing abuses Adobe’s A/B testing platform

LinkedIn-themed phishing abuses Adobe’s A/B testing platform 2026-05-29 at 14:08 By Zeljka Zorz A newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe. The attack from the victim’s perspective The attack starts with an email that looks, at first glance, like a routine business

LinkedIn-themed phishing abuses Adobe’s A/B testing platform Read More »

OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight

OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight 2026-05-27 at 09:24 By rohansinhacyblecom Executive Summary Cyble Research and Intelligence Labs (CRIL) has identified a novel Android banking trojan, dubbed OverlayPhantom, actively distributed in the wild via malicious URLs. The malware employs a two-stage infection chain, using a dropper application that impersonates trusted platforms, including

OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight Read More »

Chinese phishing gangs grow into a force to be reckoned with

Chinese phishing gangs grow into a force to be reckoned with 2026-05-26 at 17:09 By Sinisa Markovic Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active PhaaS offerings operating in Chinese-language underground communities and found mature services, with several

Chinese phishing gangs grow into a force to be reckoned with Read More »

Microsoft 365 users targeted by new phishing threat that bypasses MFA

Microsoft 365 users targeted by new phishing threat that bypasses MFA 2026-05-22 at 12:17 By Sinisa Markovic Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens

Microsoft 365 users targeted by new phishing threat that bypasses MFA Read More »

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector 2026-05-20 at 17:16 By Zeljka Zorz Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector Read More »

PureLogs infostealer is stealing credentials worldwide

PureLogs infostealer is stealing credentials worldwide 2026-05-19 at 16:58 By Zeljka Zorz A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive and using an invoice-themed lure

PureLogs infostealer is stealing credentials worldwide Read More »

Public Instagram posts provide raw material for AI phishing campaigns

Public Instagram posts provide raw material for AI phishing campaigns 2026-05-19 at 09:17 By Sinisa Markovic A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington and Louisiana State University showed how public social media activity can be turned

Public Instagram posts provide raw material for AI phishing campaigns Read More »

Scroll to Top