Advertisement
Storm-2755 Targets Canadian Employees in Payroll Pirate Campaigns
Microsoft warns of Storm-2755, a financially motivated threat actor hijacking employee accounts to redirect salary payments via sophisticated phishing.
Detect Obfuscated JavaScript Phishing Delivered via RAR Archives
Security researchers identify a new phishing campaign using heavily obfuscated JavaScript within RAR archives to bypass traditional endpoint detection.
OAuth 2.0 Device Code Phishing Surge: Protecting M365 and Google
Device code phishing attacks have surged 37x this year. Learn how adversaries abuse the OAuth 2.0 Device Authorization Grant to bypass MFA and hijack accounts.
EvilTokens Fuels Microsoft Device Code Phishing & BEC
New EvilTokens service automates Microsoft device code phishing, enabling account takeover and sophisticated business email compromise (BEC) attacks. Learn how to defend.
UAC-0255 Impersonates CERT-UA to Distribute AGEWHEEZE Malware
UAC-0255 targeted 1 million emails with a phishing campaign impersonating CERT-UA to deploy the AGEWHEEZE RAT. Learn about the TTPs and mitigation steps.
AitM Phishing Campaign Targets TikTok Business via Turnstile Evasion
Security researchers have identified a sophisticated AitM phishing campaign using Cloudflare Turnstile to hijack TikTok for Business accounts for malvertising.
Silnikau Sentenced: BitPaymer Ransomware Botnet Operator Receives 2 Years
Russian national Maksim Silnikau sentenced for managing a botnet used in BitPaymer ransomware attacks targeting 72 U.S. companies and demanding $100 million.
SmartApeSG Campaign: Multi-RAT Distribution via Malicious Archives
Analysis of the SmartApeSG campaign leveraging phishing, LNK files, and scripts to distribute Remcos RAT, NetSupport RAT, StealC, and Sectop RAT. Learn mitigation.
_Wavebreakmedia_Ltd_IFE-210813_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Lumma Stealer Phishing Campaign: Avoiding Copyright Notice Decoys
Phishing campaign targets healthcare and government sectors with copyright infringement decoys to deliver Lumma Stealer via legitimate cloud services.
Russian Intelligence Phishing Targets Signal and WhatsApp Accounts
FBI and CISA warn that Russian state-sponsored actors are using sophisticated phishing to compromise high-value Signal and WhatsApp accounts.
Russian Intelligence Phishing Targets Signal and WhatsApp Users
The FBI warns of sophisticated phishing campaigns by Russian intelligence targeting Signal and WhatsApp users to harvest credentials and bypass encryption.
Tycoon2FA PaaS Persists: 2FA Bypass & Mitigation Strategies
Runtime Rebel analyzes Tycoon2FA, a persistent Phishing-as-a-Service platform actively bypassing 2FA. Learn its implications and essential mitigation steps.