Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]
Read OriginalDevice code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...]
Read OriginalA coordinated phishing campaign has been quietly targeting banking customers across the Philippines since early 2024, and it remains active today. The attackers are not relying on crude tricks — they are hiding behind widely trusted internet platforms to steal banking credentials and one-time passwords, then using them to drain victims’ accounts within minutes. The […] The post Hackers Abuse Trusted Platforms to Steal Bank Credentials From Philippine Users appeared first on Cyber Security News .
Read OriginalUsing automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems. The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek .
Read OriginalA botnet that has been running since 2011 is back in the spotlight — not because it is new, but because it keeps reinventing itself. Phorpiex, also known as Trik, has grown from a basic spam tool into a full-scale criminal platform capable of delivering ransomware, sending sextortion emails to millions of victims, and silently […] The post Hackers Use Phorpiex Botnet to Spread Ransomware, Sextortion, and Crypto-Clipping Malware appeared first on Cyber Security News .
Read OriginalA newly identified campaign linked to North Korean state-sponsored threat actors is using Windows shortcut files, known as LNK files, to launch targeted phishing attacks against organizations in South Korea. What makes this campaign alarming is how attackers conceal their operations inside GitHub, one of the most trusted platforms on the internet, converting it into […] The post North Korea-Related Campaign Abuses GitHub as C2 in New LNK Phishing Attacks appeared first on Cyber Security News .
Read OriginalA threat group recently set up a convincing fake version of Ukraine’s official cybersecurity authority website to trick targets into downloading a dangerous remote access tool. The campaign, now tracked under the identifier UAC-0255, relied on a mix of phishing emails and a cloned government website to push malware onto the computers of government workers, […] The post Hackers Clone CERT-UA Site to Trick Victims Into Installing Go-Based RAT appeared first on Cyber Security News .
Read OriginalCybercriminals are getting better at hiding their tracks, and a recently uncovered Remcos RAT campaign is proof of that. This attack does not rely on a single malicious file dropped onto a system. Instead, it uses a carefully built, multi-stage chain that starts with a simple phishing email and ends with a full, in-memory system […] The post Remcos RAT Infection Chain Hides Behind Obfuscated Scripts and Trusted Windows Binaries appeared first on Cyber Security News .
Read OriginalA new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. [...]
Read OriginalA LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.
Read OriginalA newly disclosed Russian-linked remote access toolkit called “CTRL” is being used to hijack Remote Desktop Protocol sessions and steal credentials from Windows systems. According to Censys ARC, the malware is a custom .NET framework that combines phishing, keylogging, reverse tunneling, and persistence into one attack chain. Censys ARC said the toolkit was discovered during […] The post Russian Hackers Using Remote Access Toolkit “CTRL” for RDP Hijacking appeared first on Cyber Security News .
Read OriginalLicensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets. The post Venom Stealer Raises Stakes With Continuous Credential Harvesting appeared first on SecurityWeek .
Read OriginalA new and dangerous phishing toolkit has entered the cybercrime scene. In early 2026, a Phishing-as-a-Service platform called EvilTokens began circulating in underground cybercrime communities, offering criminals a ready-to-use kit built to steal Microsoft 365 accounts. Unlike most phishing tools that mimic Microsoft login pages, EvilTokens takes a different approach — it abuses the legitimate […] The post EvilTokens Emerges as New Phishing-as-a-Service Platform for Microsoft Account Takeover ap...
Read OriginalTax season brings a reliable wave of phishing attacks, but 2026 has already shown a bigger and more organized push than in previous years. Cybercriminals are actively impersonating the Internal Revenue Service (IRS), national tax authorities, and company HR departments to trick people into installing malware or handing over login credentials. Over a hundred campaigns […] The post Cybercriminals Abuse IRS and Tax Filing Lures to Push Malware in New Campaigns appeared first on Cyber Security News ...
Read OriginalResearchers at WatchGuard have identified a new phishing campaign targeting companies in Venezuela. Using malicious SVG image files…
Read Original