Fake Avast Website Targets Users With €499 Phishing Refund Scam
Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data.
Read OriginalFraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data.
Read OriginalA newly uncovered cloaking platform called 1Campaign is giving cybercriminals a powerful tool to push malicious advertisements through Google’s ad review system, putting everyday users at serious risk of phishing scams and cryptocurrency theft. Google Ads is one of the most trusted advertising networks online. Millions of users click on sponsored search results daily, trusting those links […] The post 1Campaign Platform Helps Attackers Bypass Google Ads Screening to Show Malicious Ads appeared ...
Read OriginalA financially motivated threat group dubbed "Diesel Vortex" is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. [...]
Read OriginalNew York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. [...]
Read OriginalA highly sophisticated phishing framework named Starkiller has recently emerged, offering attackers an advanced method to steal credentials and bypass multi-factor authentication. Developed by a group known as Jinkusu, this malicious toolkit is sold as a commercial software-as-a-service product. Unlike older toolkits relying on static copies of legitimate websites, this new platform loads real login […] The post New Phishing Framework Starkiller Proxies Real Login Pages to Bypass MFA appeared fi...
Read OriginalA new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys.
Read OriginalMost phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentic...
Read OriginalThreat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. [...]
Read OriginalMicrosoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns. [...]
Read OriginalThis morning, I received an interesting phishing email. I&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;ve a &#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;love &#;x26; hate&#;x26;#;xe2;&#;x26;#;x80;&#;x9d; relation with such emails because I always have the impression to lose time when reviewing them but sometimes it&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;s a win because you spot interesting &#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;TTPs&#;x26;#;xe2;&#;x26;#;x80;&#;x9d; (&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;tool...
Read OriginalA new phishing campaign has been observed delivering an updated variant of XWorm, a Remote Access Trojan (RAT) that can give attackers full remote control of infected Microsoft Windows systems. First tracked in 2022, XWorm is still actively distributed and is often traded through Telegram-based marketplaces, keeping it within easy reach of many threat actors. […] The post New XWorm RAT Campaign Uses Themed Phishing Lures and CVE‑2018‑0802 Excel Exploit to Evade Detection appeared first on Cyber ...
Read OriginalThe distribution of malicious software through pirated games and cracked applications continues to be a highly effective strategy for cybercriminals. By exploiting the widespread desire for free access to premium content, attackers can easily bypass initial user suspicions and deliver complex threats directly to personal devices. A newly identified campaign exemplifies this persistent trend, utilizing […] The post Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing...
Read OriginalThe AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. [...]
Read OriginalThe Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. [...]
Read Original