phishing
-
Linux Foundation Leader Impersonated in Slack Attack on Open Source Developers
A social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the OpenSSF Siren…
Read More » -
EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end‑to‑end factory for…
Read More » -
IBM Security Verify Access Flaws Let Remote Attackers Access Sensitive Data
IBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security…
Read More » -
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware
Hackers are increasinglyusing fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL…
Read More » -
Russian State-Sponsored Hackers Targeting Global Router Networks
Russian military-linked hackers are actively compromising poorly secured home and small-office routers to hijack internet traffic and conduct espionage on…
Read More » -
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
North Korea’s cyber operations have evolved from a monolithic structure to a modular, portfolio-style ecosystem. This design ensures resilience, making…
Read More » -
Hackers Launch Social Engineering Offensive Against Key Node.js Maintainers
Following the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been…
Read More » -
Top 10 Best Identity And Access Management (IAM) Companies 2026
In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become…
Read More » -
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather…
Read More » -
Russian Hackers Deploy “CTRL” for RDP Hijacking
Russian hackers are employing a new remote access toolkit named “CTRL” to stealthily hijack Remote Desktop Protocol (RDP) sessions through…
Read More » -
ClickFix Evades PowerShell Detection via Rundll32 and WebDAV
A new ClickFix attack variant has been identified that evades detection by shifting execution away from PowerShell and mshta towards…
Read More » -
TA446 Uses DarkSword Exploit Kit to Target iPhone Users
Russia-linked espionage group TA446 has initiated a new phishing campaign using the DarkSword exploit kit to compromise iOS devices, leveraging…
Read More » -
New Homoglyph Tricks Let Cybercriminals Mimic Trusted Domains
New homoglyph attack techniques exploit subtle visual similarities in text to spoof trusted domains, steal credentials, and bypass Unicode handling…
Read More » -
Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms
A significant surge in PXA Stealer campaigns targeting global financial institutions during Q1 2026. This marks a notable shift in…
Read More » -
Silver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing Scams
A threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to…
Read More » -
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack
A campaign attributed to APT-Q-27 (GoldenEyeDog), a Chinese group targeting Web3, is leveraging deceptive fake screenshot links delivered through support…
Read More » -
Tycoon2FA Operators Resume Cloud Account Phishing Following Infrastructure Disruption
Tycoon 2FAoperators have restarted large-scale cloud account phishing just days after law enforcement and industry partners disrupted the platform’s core…
Read More » -
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
A newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed…
Read More »