Advertisement
Security Firm Executive Targeted via DKIM-Signed Phishing
A sophisticated phishing campaign bypassed security filters using DKIM-signed emails and Cloudflare-protected landing pages to target a security executive.
Phishing Credential Exfiltration via EmailJS and React Frameworks
Security analysis of a sophisticated React-based phishing kit that leverages the EmailJS service for stealthy exfiltration of user credentials.
OAuth Exploitation and EDR Termination: New Bulletin Analysis
Analysis of current threats including OAuth token theft, EDR termination techniques, Signal phishing, and 'Zombie ZIP' archive evasion strategies.
Weaponizing SOC Workloads: How Modern Phishing Exhausts Analysts
Attackers are shifting from employee deception to operational disruption by weaponizing phishing investigation workloads to overwhelm SOC analysts.
Daily Threat Brief: Persistent Vulnerabilities & Defense Fundamentals
Analyzing the ongoing cybersecurity challenges highlighted in the SANS ISC Stormcast. Focus on persistent vulnerabilities, phishing, and essential defense strategies for
Abusing .arpa Infrastructure TLDs for Phishing Campaigns
Threat actors are leveraging the .arpa infrastructure TLD and DNS management controls to mask malicious content and increase phishing success rates.
Abusing .arpa DNS and IPv6 to Bypass Phishing Defenses
Threat actors exploit .arpa domains and IPv6 reverse DNS for phishing evasion, bypassing email security gateways and domain reputation checks. Defenders need updated
LastPass Phishing Campaign Targets Master Passwords via Fake Alerts
LastPass warns of a new phishing campaign using fraudulent security alerts to steal master passwords. Learn how to identify and mitigate these vault threats.
Compromised Site Management Panels: A Commoditized Cybercrime Threat
Underground markets commoditize compromised cPanel and other site management panels, fueling phishing and scam infrastructure. Learn to secure web admin interfaces.
Alabama Man Pleads Guilty to Extortion via Social Media Hijacking
Devin Deandre Moore admits to hijacking hundreds of accounts for sextortion. Analysis of the TTPs used in this large-scale digital extortion campaign.
Meta Files Lawsuits Against Global Celeb-Bait Scam Networks
Meta takes legal action against advertisers in Brazil, China, and Vietnam, disabling accounts and domains used in large-scale celebrity-bait fraud schemes.
Diesel Vortex Phishing Campaign Targets Logistics Sector
Financially motivated Diesel Vortex group targets US & European freight and logistics with extensive phishing campaign, using 52 domains to steal credentials.