Phishing
The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM.
Hi, what are you looking for?
The decentralized prediction market said hackers targeted some of its users through a compromise of a third-party vendor.
The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM.
Still under development, Bluekit provides users with automated domain registration and an AI Assistant.
Legitimate-looking emails coming from Robinhood systems lured recipients to phishing websites.
New analysis from Abnormal AI reveals how attackers have abandoned technical exploits to weaponize routine workflows and internal trust.
Threat actors are reusing Tycoon 2FA tools across other phishing kits following the platform’s disruption.
Attack volumes are back to pre-disruption levels, and the adversary tactics have remained unchanged.
Insufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser.
The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages, but the attack was unsuccessful.
Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds.
Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare.
The attackers are sending out fake alerts claiming unauthorized access or master password changes.
Domains set up by the threat actor suggest attacks aimed at Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, and WeWork.
Priced $2,000 - $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store.
Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks.
Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success.
Threat actors spoof legitimate domains to make their phishing emails appear to have been sent internally.