phishing

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing 2026-01-26 at 14:37 By Ionut Arghire Priced $2,000 – $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store. The post ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing Read More »

1Password targets AI-driven phishing with built-in prevention

1Password targets AI-driven phishing with built-in prevention 2026-01-23 at 15:31 By Anamarija Pogorelec To help reduce phishing risk, 1Password added an extra layer of protection and began rolling out a phishing prevention feature designed to stop users before they share passwords with scammers. How 1Password phishing prevention works When a user clicks a link whose

1Password targets AI-driven phishing with built-in prevention Read More »

Phishers Abuse SharePoint in New Campaign Targeting Energy Sector

Phishers Abuse SharePoint in New Campaign Targeting Energy Sector 2026-01-23 at 15:31 By Ionut Arghire Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks. The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Phishers Abuse SharePoint in New Campaign Targeting Energy Sector Read More »

Energy sector orgs targeted with AiTM phishing campaign

Energy sector orgs targeted with AiTM phishing campaign 2026-01-22 at 15:19 By Zeljka Zorz Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started with phishing emails with “NEW PROPOSAL – NDA” in the subject line, coming from a compromised email

Energy sector orgs targeted with AiTM phishing campaign Read More »

LastPass Users Targeted With Backup-Themed Phishing Emails

LastPass Users Targeted With Backup-Themed Phishing Emails 2026-01-21 at 15:58 By Eduard Kovacs Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success. The post LastPass Users Targeted With Backup-Themed Phishing Emails appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

LastPass Users Targeted With Backup-Themed Phishing Emails Read More »

When the Olympics connect everything, attackers pay attention

When the Olympics connect everything, attackers pay attention 2026-01-19 at 09:19 By Anamarija Pogorelec Global sporting events bring a surge of network traffic, new systems, and short term partnerships. That mix draws attention from cyber threat actors who see opportunity in scale and distraction. A new Palo Alto Networks threat study on the Milan Cortina

When the Olympics connect everything, attackers pay attention Read More »

QR codes are getting colorful, fancy, and dangerous

QR codes are getting colorful, fancy, and dangerous 2026-01-15 at 08:04 By Sinisa Markovic QR codes have become a routine part of daily life, showing up on emails, posters, menus, invoices, and login screens. Security-savvy users have learned to treat links with caution, but QR codes still carry an assumption of safety. Researchers from Deakin

QR codes are getting colorful, fancy, and dangerous Read More »

Cybercriminals are scaling phishing attacks with ready-made kits

Cybercriminals are scaling phishing attacks with ready-made kits 2026-01-08 at 09:10 By Anamarija Pogorelec Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks. Phishing kits grow more sophisticated and scalable Barracuda threat analysts found that in 2025

Cybercriminals are scaling phishing attacks with ready-made kits Read More »

Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks

Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks 2026-01-07 at 13:46 By Ionut Arghire Threat actors spoof legitimate domains to make their phishing emails appear to have been sent internally. The post Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks Read More »

Fake Booking.com emails and BSODs used to infect hospitality staff

Fake Booking.com emails and BSODs used to infect hospitality staff 2026-01-07 at 13:06 By Zeljka Zorz Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The malware delivery campaign starts with phishing emails that feature room charge details in euros,

Fake Booking.com emails and BSODs used to infect hospitality staff Read More »

RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure

RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure 2025-12-23 at 17:22 By rohansinhacyblecom Following our earlier reporting on RTO-themed threats, CRIL observed a renewed phishing wave abusing the e-Challan ecosystem to conduct financial fraud. Unlike earlier Android malware-driven campaigns, this activity relies entirely on browser-based phishing, significantly lowering the

RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure Read More »

Feds Seize Password Database Used in Massive Bank Account Takeover Scheme

Feds Seize Password Database Used in Massive Bank Account Takeover Scheme 2025-12-23 at 14:46 By Eduard Kovacs The cybercriminals attempted to steal $28 million from compromised bank accounts through phishing. The post Feds Seize Password Database Used in Massive Bank Account Takeover Scheme appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Feds Seize Password Database Used in Massive Bank Account Takeover Scheme Read More »

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns 2025-12-19 at 14:43 By rohansinhacyblecom Executive Summary CRIL (Cyble Research and Intelligence Labs) has been tracking a sophisticated commodity loader utilized by multiple high-capability threat actors. The campaign demonstrates a high degree of regional and sectoral specificity, primarily targeting Manufacturing and Government organizations across

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns Read More »

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring 2025-12-18 at 16:12 By Help Net Security Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring Read More »

Microsoft 365 users targeted in device code phishing attacks

Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when

Microsoft 365 users targeted in device code phishing attacks Read More »

AI might be the answer for better phishing resilience

AI might be the answer for better phishing resilience 2025-12-16 at 08:44 By Sinisa Markovic Phishing is still a go-to tactic for attackers, which is why even small gains in user training are worth noticing. A recent research project from the University of Bari looked at whether LLMs can produce training that helps people spot

AI might be the answer for better phishing resilience Read More »

New “HashJack” attack can hijack AI browsers and assistants

New “HashJack” attack can hijack AI browsers and assistants 2025-11-26 at 14:18 By Zeljka Zorz Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the

New “HashJack” attack can hijack AI browsers and assistants Read More »

Small language models step into the fight against phishing sites

Small language models step into the fight against phishing sites 2025-11-26 at 08:31 By Sinisa Markovic Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range

Small language models step into the fight against phishing sites Read More »

AI Is Supercharging Phishing: Here’s How to Fight Back

AI Is Supercharging Phishing: Here’s How to Fight Back 2025-11-19 at 14:19 By Torsten George AI has given cybercriminals the ability to operate like Fortune‑500‑scale marketing departments—except their product is account takeover, data theft, and identity fraud. The post AI Is Supercharging Phishing: Here’s How to Fight Back appeared first on SecurityWeek. This article is

AI Is Supercharging Phishing: Here’s How to Fight Back Read More »

Scroll to Top