Artificial Intelligence AI-Powered Polymorphic Phishing Is Changing the Threat Landscape Combined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates. Stu SjouwermanApril 24, 2025
Email Security Legacy Google Service Abused in Phishing Attacks A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections. Ionut ArghireApril 22, 2025
Artificial Intelligence AI Now Outsmarts Humans in Spear Phishing, Analysis Shows Agentic AI has improved spear phishing effectiveness by 55% since 2023, research shows. Kevin TownsendApril 9, 2025
Email Security CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign ‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages. Ionut ArghireApril 7, 2025
Phishing Morphing Meerkat Phishing Kits Target Over 100 Brands A threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages. Ionut ArghireMarch 28, 2025
Uncategorized Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing Analysis reveals a 140% increase in browser phishing, including a 130% increase in zero-hour phishing attacks. Kevin TownsendMarch 20, 2025
Phishing Scareware Combined With Phishing in Attacks Targeting macOS Users A long-running campaign phishing for credentials through scareware recently switched to targeting macOS users. Ionut ArghireMarch 19, 2025
Phishing Microsoft 365 Targeted in New Phishing, Account Takeover Attacks Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns. Ionut ArghireMarch 17, 2025
Phishing Microsoft Warns of Hospitality Sector Attacks Involving ClickFix A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering. Eduard KovacsMarch 13, 2025
Nation-State Russian State Hackers Target Organizations With Device Code Phishing Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign. Ionut ArghireFebruary 17, 2025
Phishing Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams Researchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams. Eduard KovacsFebruary 6, 2025
Phishing PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts Fortinet warns of a phishing campaign that uses legitimate links to take over the victims’ PayPal accounts. Ionut ArghireJanuary 10, 2025
Phishing Defense Giant General Dynamics Says Employees Targeted in Phishing Attack General Dynamics says several benefits accounts were hacked after threat actors targeted employees in a phishing campaign. Ionut ArghireDecember 26, 2024
Phishing Organizations Warned of Rise in Okta Support Phishing Attacks Okta has warned customers that it has seen an increase in phishing attacks impersonating its support team. Eduard KovacsDecember 17, 2024
Data Breaches Phishing: The Silent Precursor to Data Breaches Phishing is more than a mere nuisance—it is a formidable precursor to destructive data breaches. Torsten GeorgeDecember 12, 2024
Cybercrime Eight Suspected Phishers Arrested in Belgium, Netherlands Belgian and Dutch authorities arrested eight individuals for their alleged involvement in phishing, online scams, and money laundering operations. Ionut ArghireDecember 9, 2024
Cybercrime 50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law Enforcement Europol announced an operation targeting a cybercrime marketplace and phishing websites, including the arrests of two suspects. Eduard KovacsDecember 5, 2024
Cybercrime Microsoft Disrupts ONNX Phishing Service, Names Its Operator Microsoft has seized 240 phishing-related websites and has disrupted the ONNX service, which the company says is run by an Egyptian man. Eduard KovacsNovember 22, 2024
Cybercrime GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains GoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users. Kevin TownsendNovember 12, 2024
Cybercrime US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing Kolade Akinwale Ojelade was sentenced to 26 years in prison in the US for compromising email accounts through phishing and stealing millions. Ionut ArghireNovember 4, 2024