Threat Actors Leverage Document Publishing Sites for Ongoing Credential and Session Token Theft

Threat actors are exploiting legitimate digital document publishing (DDP) sites to host phishing lures, making it harder for traditional security controls to detect and block these attacks.

Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign

The use of legitimate Dropbox infrastructure in the phishing campaign allowed the attackers to effectively evade detection by email security tools and bypass MFA protocols.

Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools

The Tycoon and Storm-1575 threat groups use stealthy tactics, social engineering, and phishing techniques to bypass MFA protections and target Microsoft 365 credentials at large US school districts.

CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack

A sophisticated phishing kit with novel tactics targets cryptocurrency platforms and the FCC through a combination of email, SMS, and voice phishing, successfully stealing high-quality data from mobile device users in the United States.

Airbnb Scammers Pose as Hosts, Redirect Users to Fake Tripadvisor Site

The scammers use emails and fake websites to trick users into making off-platform bookings and sharing their payment card details. Airbnb warns against off-platform activity and urges users to be cautious of emails and websites impersonating it.

European Retailer Pepco Loses $16.8 Million Due to Phishing Attack

While customer, supplier, and colleague information was not compromised, the incident may have involved a social engineering attack known as business email compromise (BEC).

LabHost Cybercrime Service Lets Anyone Phish Canadian Bank Users

LabHost offers three membership tiers targeting banks and online services, along with a real-time phishing management tool called LabRat that enables cybercriminals to steal 2FA protection.

Hackers Exploit 14-Year-Old CMS Editor on Government and Educational Sites for SEO Poisoning

The deprecated FCKeditor plugin is being abused to create open redirects on university, government, and corporate websites, allowing threat actors to poison search engine results with malicious content.

Over 13,000 Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails

The threat actors hijack abandoned subdomains and domains of well-known companies, allowing the emails to bypass spam filters and appear legitimate. Brands like MSN, VMware, and eBay have been unwittingly involved.

China Warns of Fake Digital Yuan Wallets

Fake wallet apps for China's digital currency are circulating, leading to warnings from the Ministry of Industry and Information Technology about potential scams and data theft.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags