#phishing
54 articles
Financial services, government, and hospitality organisations bore the brunt of a concentrated phishing wave between 8 April and 13 May 2026, with 61 incidents logged. Threat actors Silver Fox, AccountDumpling, and Bluekit were observed exploiting vulnerabilities including CVE-2023-22515, CVE-2023-34048, CVE-2023-46805, CVE-2023-4966, and CVE-2024-21893. The campaign, composed of 53 high-severity and 8 medium-severity cases, affected targets across Latin America, the United States, Canada, and the Caribbean, alongside global operations in the cryptocurrency and technology sectors.
HIGHSignal Adds In-App Warnings to Block Russian-Linked Phishing Attacks
Signal introduced new in-app confirmations and warnings to counter phishing attacks linked to Russian state hackers who abused the Linked Device feature to hijack high-profile...
HIGH2026 World Cup Scam Economy Targets Fans With Fake Visas, Tickets
Malwarebytes documents a four-part scam economy around the 2026 World Cup: fake visas, counterfeit tickets, phishing sites, and worthless crypto tokens targeting fans ahead of the…
HIGHAmazon SES Abused in Phishing to Evade Email Security Filters
Threat actors exploit Amazon SES to send phishing emails that bypass SPF, DKIM, and DMARC checks, with a 40% rise in abuse since Q4 2025.
HIGHPhishing Campaign Hijacks SimpleHelp, ScreenConnect RMM Tools at 80+
Securonix tracks VENOMOUS#HELPER phishing campaign using legitimate SimpleHelp and ScreenConnect RMM software for persistent remote access across 80+ organizations, mostly in the…
HIGHSilver Fox Deploys ABCDoor Malware via Tax-Themed Phishing
China-linked Silver Fox group targets Indian and Russian organizations with ABCDoor backdoor via tax-themed phishing emails in December 2025 campaign.
HIGHTelegram Mini Apps Fuel Crypto Scams, Android Malware Campaign
Researchers uncovered a fraud network abusing Telegram Mini Apps to impersonate brands, steal crypto wallets, and push Android malware like SpyNote and ERMAC.
HIGHVietnamese Phishers Hijack 30K Facebook Accounts via Google AppSheet
Guardio tracks AccountDumpling campaign using Google AppSheet as phishing relay to steal 30,000 Facebook accounts, resold via illicit storefront.
HIGHSilver Fox Targets Russia, India With ABCDoor Backdoor
Silver Fox group impersonates tax authorities to deliver ValleyRAT and the new ABCDoor backdoor to organizations in Russia and India, per Kaspersky.
HIGHBluekit Phishing Service Offers AI Assistant, 40 Templates
A new phishing-as-a-service platform called Bluekit provides over 40 templates targeting banks, social media, and email providers, plus an AI assistant for drafting lures.
HIGHCanada Arrests Three Over SMS Blaster Phishing Device
Three men arrested in Toronto for operating an SMS blaster that impersonated cell towers to send phishing texts targeting banking credentials in a multi-month campaign.
HIGHLAC Cybercrime Ecosystem Matures with RaaS, Crypto Fraud Surge
Recorded Future's Insikt Group maps a maturing Latin American cybercrime ecosystem: RaaS affiliates, crypto fraud rings, and targeted phishing against financial and government…
MEDIUMRecorded Future Maps Latin America's Maturing Cybercrime Ecosystem
Insikt Group report details how LAC cybercrime evolved in 2025: RaaS adoption, crypto fraud, and phishing-as-a-service expand across the region.
HIGHSilver Fox APT Spoofs Japanese Tax Emails in Targeted Campaign
ESET details Silver Fox APT targeting Japanese firms with tax-themed phishing emails delivering malware via weaponized Excel attachments during tax season.
HIGHKaspersky: Financial Cyber Threats Surged 15% in 2025
Kaspersky reports a 15% year-over-year increase in financial cyber threats in 2025, with infostealers and phishing dominating. Android banking malware rose 20% in Latin America.
HIGHToronto Police Bust SMS Blaster Phishing Operation
Three men arrested in Canada's first SMS blaster case — device impersonated cell towers to send mass phishing messages and disrupt mobile networks in Toronto.
HIGHNorth Korean Hackers Steal $12 Million in Crypto via Trojanized
North Korean hackers siphoned over $12 million from crypto users in Q1 2026 using trojanized trading apps like CoinStats and TradingView AI Agent to steal recovery phrases and…
HIGHFake TradingView AI Agent Site Drops Browser-Hijacking Malware
A malicious website impersonating a TradingView AI agent deploys malware that hands attackers full control of victims' browsers, enabling account theft and financial data…
HIGHPhishing Reclaims Top Initial Access Vector in Q1 2026, Cisco Talos
Cisco Talos found phishing accounted for over a third of initial access engagements in Q1 2026, surpassing exploitation of public-facing apps for the first time since Q2 2025.
HIGHMalicious Crypto Apps Hijack Recovery Phrases from Apple App Store
Apple removed 45 malicious cryptocurrency apps from its App Store after they stole recovery phrases and private keys from users, mimicking legitimate wallets like MetaMask and Coinbase.
HIGHBritish National Pleads Guilty to SIM Swapping, SMS Phishing for Crypto Theft
Tyler Robert Buchanan admitted to a U.S. conspiracy that stole over $1 million in cryptocurrency via SMS phishing, corporate network intrusions, and SIM swapping attacks targeting victims nationwide.
HIGHGitHub Issue Notifications Hijacked for Developer Phishing via OAuth Apps
Threat actors are using GitHub's trusted notification system to phish developers, pushing malicious OAuth apps that steal account data and hijack repositories. The campaign exploits the platform's own infrastructure to bypass traditional email security.
HIGHIdentity-Based Attacks Dominate Breaches as Attackers Bypass Exploits
The Hacker News reports identity-based attacks, using stolen credentials and MFA bypass, are the dominant initial access vector in modern breaches, rendering sophisticated exploits unnecessary for initial entry.
HIGHSideWinder APT Deploys Fake Chrome PDF Viewer and Zimbra Clone to Steal
SideWinder APT targets South Asian government bodies with a phishing campaign using a fake Chrome PDF viewer and a cloned Zimbra login portal to steal webmail credentials, active since February 2026.
HIGHFakeWallet Crypto Stealer Infects iOS Devices via Apple App Store
Kaspersky discovered 22 malicious iOS apps on the official App Store impersonating crypto wallets like MetaMask and Coinbase, stealing seed phrases and private keys from over 1,000 victims.
HIGHApple Account Change Alerts Hijacked for Phishing Scams
Threat actors are abusing Apple's legitimate notification system to send iPhone purchase phishing emails from Apple's own servers, bypassing spam filters and targeting millions of Apple ID users.
MEDIUMProofpoint Finds FIFA World Cup 2026 Partners Vulnerable to Email Spoofing
Proofpoint reports 36% of FIFA World Cup 2026 commercial partners fail to implement DMARC, exposing fans to spoofed email fraud. The analysis of 39 official partners found 14 lack basic email authentication.
HIGHFake Data Breach Notifications Deploy Malware, Steal Credentials
Threat actors are weaponizing data breach notifications, sending fake alerts that trick users into downloading malware or entering credentials on phishing sites, according to ESET research.
HIGHTycoon 2FA Phishing Kit Disruption Fuels Surge in Copycat Attacks
The disruption of the Tycoon 2FA phishing-as-a-service platform has led to a surge in copycat attacks, as threat actors reuse its tools and techniques in other kits, increasing the overall volume of multi-factor authentication bypass attempts.
HIGHUAC-0247 Threat Actor Deploys Data-Stealing Malware Against Ukrainian Targets
The Ukrainian CERT-UA attributes a new campaign to threat actor UAC-0247, which uses phishing lures to deploy malware that steals data from Chromium browsers and WhatsApp on government and healthcare systems.
HIGHDHL-Themed Phishing Campaign Delivers Remote Access Software
A new phishing campaign impersonates DHL to trick recipients into installing legitimate remote access software, which attackers then use as a foothold to deploy additional malware, including ransomware.
HIGHEmail-Borne Worm Surge Targets Industrial Control Systems
A global wave of email-borne worms, driven by a single piece of malware, targeted industrial control systems (ICS) in Q4 2025, marking a significant shift in OT threats.
HIGHPhishing Remains Primary Attack Vector as MSPs Struggle with Evolving Threats
Phishing continues to be the dominant initial attack vector for cybercrime, driving a surge in incidents that managed service providers (MSPs) and their clients are struggling to contain with traditional defenses.
HIGHTycoon 2FA Phishing Group Shifts to Device Code Attacks
The Tycoon 2FA phishing group has abandoned its namesake toolkit, adopting device code phishing to bypass multi-factor authentication and compromise Microsoft 365 and Gmail accounts.
HIGHW3LL Phishing Platform Disrupted in International Law Enforcement Operation
A coordinated law enforcement operation has disrupted the W3LL phishing-as-a-service platform, which was used to target over 800,000 corporate Microsoft 365 accounts globally.
HIGHBooking.com Breach Fuels Sophisticated Hotel Impersonation Scams
A data breach at Booking.com is providing threat actors with detailed guest reservation data, enabling highly convincing scams where attackers impersonate hotels to steal payment details and credentials.
HIGHClickFix Phishing Campaign Masquerades as Claude AI Installer
A phishing campaign uses fake Claude AI installer lures and 'ClickFix' social engineering to trick users into granting remote access, enabling credential theft and financial fraud.
MEDIUMScammers Revive iCloud Storage Full Scam to Steal Payment Details
A phishing campaign impersonates Apple to pressure users with fake 'iCloud storage full' alerts, aiming to steal credit card information and Apple ID credentials.
HIGHThreat Actors Abuse Google Cloud Storage to Evade Filters, Deliver Remcos RAT
Cybercriminals are hosting phishing pages on Google Cloud Storage to bypass email security and reputation checks, delivering the Remcos remote access trojan in campaigns observed since early 2026.
MEDIUMCredit Resources Vault Scam Targets Financially Vulnerable with Deceptive Fees
A sophisticated email scam impersonating the 'Credit Resources Vault' uses urgency and official-looking documents to trick financially distressed individuals into paying recurring fees for worthless credit repair services.
HIGHFake YouTube Copyright Notices Steal Google Credentials via Phishing
YouTube creators are targeted by a sophisticated phishing campaign using fake copyright infringement notices to steal Google account credentials, enabling channel takeover and broader account compromise.
HIGHThreat Actors Weaponize n8n Workflow Platform for Phishing and Payload Delivery
Attackers have been abusing the legitimate n8n workflow automation platform since October 2025 to send phishing emails and deliver malware, leveraging its trusted infrastructure to bypass email security filters.
HIGHFake Ledger Live App on Apple App Store Steals $9.5M in Cryptocurrency
A malicious Ledger Live app distributed via Apple's official App Store for macOS stole approximately $9.5 million from 50 victims by harvesting recovery phrases.
HIGHFBI Dismantles W3LL Phishing Kit, a $500 Service Behind $20M in Fraud
The FBI and Indonesian authorities dismantled the W3LL phishing-as-a-service platform, a $500 kit used to steal credentials and linked to over $20 million in attempted fraud.
HIGHFIFA 2026 Partners' Email Security Gaps Expose Public to Impersonation Fraud
Proofpoint research reveals 36% of FIFA World Cup 2026 official partners lack essential DMARC email authentication, exposing fans to high-risk domain impersonation and fraud.
HIGHJanelaRAT Evolves with New Anti-Analysis and Data Theft Capabilities
Kaspersky researchers detail an updated JanelaRAT campaign targeting Latin American users with enhanced anti-analysis, credential theft, and remote access capabilities delivered via phishing.
HIGHBooking.com Confirms Data Breach Exposing Reservation and User Data
Booking.com confirms a data breach exposing sensitive reservation and user data, forcing PIN resets for affected customers.
MEDIUMBooking.com Confirms Data Breach via Social Engineering Attack
Booking.com confirms a data breach where attackers used social engineering to compromise employee accounts and access customer travel booking information. The company states the incident has been contained.
HIGHCanadian Payroll Phishing Campaign Exploits Office 365 Search Poisoning
A financially motivated group is hijacking Office 365 search results to steal employee paychecks via phishing and account takeover.
HIGHSANS Stormcast: Exploits Target Ivanti, Fortinet, and VMware Flaws
The SANS Internet Storm Center reports active exploitation of vulnerabilities in Ivanti, Fortinet, and VMware products, alongside a new phishing campaign using malicious OneNote attachments.
HIGHVENOM PhaaS Platform Targets C-Suite Credentials in Sophisticated Campaign
A new phishing-as-a-service platform dubbed VENOM is being used to steal Microsoft credentials from senior executives via sophisticated, multi-stage email campaigns.
HIGHFake Claude AI Site Delivers PlugX Malware in Trojanized Installer
A sophisticated phishing campaign uses a counterfeit Claude AI website to distribute a trojanized installer, deploying the remote access trojan PlugX to establish persistent backdoor access.
HIGHAI-Powered Threat Actor Breaches Mexican Government, Exposes Citizen Data
A sophisticated attacker leveraged AI tools like Claude and ChatGPT to breach nine Mexican government agencies, exfiltrating hundreds of millions of citizen records in a multi-month campaign.
MEDIUMFake BTS World Tour Ticket Sites Target Fans in Multi-Country Scam
A widespread phishing campaign uses fraudulent BTS concert ticket websites to steal payment information from fans across at least nine countries.
HIGHGPT-5 Release: Security Implications for Enterprise Defenders
OpenAI's GPT-5 raises the bar for AI-assisted cyberattacks — spear-phishing at scale, automated exploit generation, and deepfake social engineering. Here's what security teams need to know and do.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.