Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.
Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.”
Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, ...
A popular phone call/voicemail scam (i.e., vishing) involves someone calling you, claiming to be law enforcement with a warrant for your arrest, and then offers you an opportunity to ...
Lead analysts: Cameron Sweeney, Lucy Gee, Louis Tiley, James Dyer “Super-app” WeChat offers a wealth of functionality—from instant messaging, text and voice messaging, and video calls to ...
A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their ...
Malwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid detection by security scanners.
Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email ...
Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts.
Threat actors are using the open-source phishing framework Evilginx to target universities across the United States, according to researchers at Infoblox. The attackers have targeted at ...
Researchers at Palo Alto Networks’ Unit 42 are tracking two new malicious AI tools, WormGPT 4 and KawaiiGPT, that allow threat actors to craft phishing lures and generate ransomware code.
Users should be particularly wary of holiday-themed scams over the next few weeks, according to researchers at Malwarebytes. “Mobile-first shopping has become second nature, and during ...
A large phishing campaign is using phony seasonal party invites to trick users into installing remote management and monitoring (RMM) tools, according to researchers at Symantec.
Users and organizations should be prepared for a surge in phishing attacks over the next several weeks, as attackers take advantage of the holiday shopping season, according to a new ...
A new phishing kit is impersonating the Italian IT and web services provider Aruba, according to researchers at Group-IB. The kit is designed to trick users into entering their Aruba ...
Researchers at Push Security warn of an extremely convincing ClickFix attack posing as a Cloudflare verification check. ClickFix is a social engineering technique that tricks the victim ...
Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users ...
AI-fueled cyberattacks are increasingly targeting entities across Africa, according to Robert Lemos at Dark Reading. Lemos cites two recent reports from Microsoft and Group-IB that warned ...
A phishing campaign is using invisible characters to evade security filters, according to Jan Kopriva at the SANS Internet Storm Center.
I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my!
A phishing campaign is targeting LastPass users with phony notifications informing users that someone has notified the company of the user’s death and is trying to gain access to their ...
