#phishing
#phishing

Information security

Iran cybersnoops still LARPing as ransomware crooks in espionage ops

fromEntrepreneur

Why Trained Employees Are Still Falling for Phishing Attacks

AI-generated phishing messages are increasingly sophisticated, making them harder to detect and leading employees to fall for them despite training.

fromSecuritymagazine

35,000 Users Targeted in Phishing Campaign in Just Two Days

A sophisticated phishing campaign targeted over 35,000 users across 13,000 organizations in 26 countries, primarily in the U.S.

Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts

Hackers exploited Google AppSheet to send phishing emails, compromising 30,000 Facebook accounts globally.

8 hours ago

Hackers tipped off Dutch telco Odido about its own data breach

Odido learned two days late that a February hack caused a massive customer data breach, with phishing access and delayed discovery of stolen data.

fromFortune

2 days ago

Exclusive: Index Ventures backs Frame's $50 million bet that employees are still cybersecurity's weakest link | Fortune

AI-enabled phishing makes employees a primary attack surface, driving demand for realistic, company-specific human risk security training.

fromtheregister

Iran cybersnoops still LARPing as ransomware crooks in espionage ops

An Iranian intelligence cyber unit disguised as the Chaos ransomware gang conducted a state-sponsored espionage operation using sophisticated phishing techniques.

fromEntrepreneur

Why Trained Employees Are Still Falling for Phishing Attacks

AI-generated phishing messages are increasingly sophisticated, making them harder to detect and leading employees to fall for them despite training.

fromSecuritymagazine

35,000 Users Targeted in Phishing Campaign in Just Two Days

A sophisticated phishing campaign targeted over 35,000 users across 13,000 organizations in 26 countries, primarily in the U.S.

Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts

Hackers exploited Google AppSheet to send phishing emails, compromising 30,000 Facebook accounts globally.

Privacy professionals

BWH Hotels guests warned after reservation data checks out with cybercrooks

ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs

ADT's home security systems were not compromised, but customer data including names and partial Social Security numbers was exposed in a data breach.

fromEngadget

France news

France's national agency for managing IDs and passports suffered a data breach last week

Privacy professionals

Booking.com confirms hackers accessed customers' data | TechCrunch

Booking.com warns of possible reservation data exposure

Booking.com warns customers of potential data exposure due to unauthorized access, affecting reservation details but not financial information.

ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump

ShinyHunters leaked 12.4 million CarGurus records containing personal and financial data, enabling targeted social engineering and phishing attacks against users.

fromtheregister

2 days ago

BWH Hotels guests warned after reservation data checks out with cybercrooks

BWH Hotels reported a third-party breach exposing guest contact and reservation data from October 2025 to April 2026, with no payment details involved.

ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs

ADT's home security systems were not compromised, but customer data including names and partial Social Security numbers was exposed in a data breach.

France news

fromEngadget

France's national agency for managing IDs and passports suffered a data breach last week

France Titres confirmed a security breach exposing personal data, including names and contact information, with potential for phishing attacks.

Booking.com confirms hackers accessed customers' data | TechCrunch

Hackers accessed Booking.com customers' personal data, including names, emails, and booking details, prompting notifications to affected users.

Booking.com warns of possible reservation data exposure

Booking.com warns customers of potential data exposure due to unauthorized access, affecting reservation details but not financial information.

Information security

ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump

Over 500 Organizations Hit in Years-Long Phishing Campaign

Operation HookedWing has stolen over 2,000 credentials from 500+ organizations using long-running, adaptive phishing infrastructure and targeted lures across many sectors.

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

A large-scale credential theft campaign targeted over 35,000 users using legitimate email services and code of conduct-themed lures.

2 days ago

Over 500 Organizations Hit in Years-Long Phishing Campaign

Operation HookedWing has stolen over 2,000 credentials from 500+ organizations using long-running, adaptive phishing infrastructure and targeted lures across many sectors.

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

A large-scale credential theft campaign targeted over 35,000 users using legitimate email services and code of conduct-themed lures.

more#credential-theft

If you see this iCloud message on your iPhone, don't click it-it's a scam

Phishing messages impersonate Apple to trick iPhone users into clicking links that steal Apple ID and payment details or deliver malware.

fromwww.theguardian.com

Your photos will be deleted': Apple users warned over nasty' iCloud storage scam

Scam emails impersonating Apple threaten users about full iCloud storage to steal personal and bank details.

Apple

fromFast Company

4 days ago

If you see this iCloud message on your iPhone, don't click it-it's a scam

Phishing messages impersonate Apple to trick iPhone users into clicking links that steal Apple ID and payment details or deliver malware.

fromwww.theguardian.com

Your photos will be deleted': Apple users warned over nasty' iCloud storage scam

Scam emails impersonating Apple threaten users about full iCloud storage to steal personal and bank details.

Unmasking SHub Stealer: A Deep Dive into a Sophisticated macOS Info-Stealer Masquerading as GitHub...

A phishing page mimics GitHub Desktop for macOS and uses an obfuscated Terminal command to deliver an aggressive macOS information stealer.

New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch

Meta patched two WhatsApp vulnerabilities affecting iOS, Android, and Windows users, enhancing security against risky files and links.

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

A China-based cybercrime group is targeting organizations in Russia and India with a new malware called ABCDoor via phishing emails.

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

US gets second Scattered Spider-linked guilty plea

A Scottish man pleaded guilty to a phishing and SIM-swap scheme, stealing over $8 million in cryptocurrency.

fromwww.independent.co.uk

Scottish man faces 22 years in US prison for $8m virtual currency scam

A Scottish man pleaded guilty to hacking and stealing over $8 million in virtual currency through phishing attacks.

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit, preventing over $20 million in fraud.

FBI: Cybercrime Losses Neared $21 Billion in 2025

Cyber-enabled crime losses increased by 26% in 2025, nearing $21 billion, with investment fraud being the most significant contributor.

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

A China-based cybercrime group is targeting organizations in Russia and India with a new malware called ABCDoor via phishing emails.

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

US gets second Scattered Spider-linked guilty plea

A Scottish man pleaded guilty to a phishing and SIM-swap scheme, stealing over $8 million in cryptocurrency.

fromwww.independent.co.uk

Scottish man faces 22 years in US prison for $8m virtual currency scam

A Scottish man pleaded guilty to hacking and stealing over $8 million in virtual currency through phishing attacks.

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit, preventing over $20 million in fraud.

FBI: Cybercrime Losses Neared $21 Billion in 2025

Cyber-enabled crime losses increased by 26% in 2025, nearing $21 billion, with investment fraud being the most significant contributor.

OpenAI announces new advanced security for ChatGPT accounts, including a partnership with Yubico | TechCrunch

OpenAI launched Advanced Account Security with Yubico to enhance protection against phishing for ChatGPT users.

Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails

Robinhood users received phishing emails that appeared legitimate, exploiting a flaw in the account creation process to steal login credentials.

Robinhood Vulnerability Exploited for Phishing Attacks

Cybercriminals exploited Robinhood's account creation process to send phishing emails, but no personal information or funds were compromised.

Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails

Robinhood users received phishing emails that appeared legitimate, exploiting a flaw in the account creation process to steal login credentials.

Robinhood Vulnerability Exploited for Phishing Attacks

Cybercriminals exploited Robinhood's account creation process to send phishing emails, but no personal information or funds were compromised.

more#robinhood

Germany politics

fromThe Local Germany

Germany launches spying probe into Signal attacks targeting MPs

German prosecutors investigate phishing attacks on lawmakers, linked to Russia, highlighting the need for vigilance against espionage threats.

fromInfoWorld

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.

#email-security

Deliverability

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

fromTNW | Businessapps

IRONSCALES brings AI email agents & threat intelligence to RSAC

IRONSCALES aims to transform email security from reactive to preemptive with new AI-driven threat intelligence initiatives.

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

fromTNW | Businessapps

IRONSCALES brings AI email agents & threat intelligence to RSAC

IRONSCALES aims to transform email security from reactive to preemptive with new AI-driven threat intelligence initiatives.

The shadowy SIM farms behind those incessant scam texts - and how to stay safe

SIM farms are used by cybercriminals for financial fraud, spam, phishing, and online product scalping.

fromMail Online

Urgent warning to all 1.8b Gmail users over new account takeover scam

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.

British Scattered Spider Hacker Pleads Guilty in the US

Buchanan admitted to conducting SMS phishing attacks, bombarding a victim company's employees with hundreds of messages linking to phishing sites designed to harvest credentials and personally identifiable information (PII).

Privacy professionals

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Attacker-controlled text in emails can manipulate Microsoft Copilot summaries through cross-prompt injection attacks, inserting deceptive alerts into trusted AI interfaces that users find more convincing than suspicious emails.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

Information security

Fake Linux Foundation leader using Slack to phish devs

Information security

Fake Claude Website Distributes PlugX RAT

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

The FBI dismantled a global phishing operation, W3LL, targeting over 17,000 victims and facilitating over $20 million in fraud.

fromwww.housingwire.com

FBI: Real estate fraud losses hit $275M in 2025

AI-generated scams are increasingly targeting seniors, resulting in significant financial losses through phishing, investment fraud, and cryptocurrency schemes.

Hack-for-hire group caught targeting Android devices and iCloud backups | TechCrunch

A hack-for-hire group is targeting journalists and officials in the Middle East and North Africa using phishing and spyware tactics.

fromZDNET

How a burner email can protect your inbox - setting one up one is easy and free

A burner email address protects against spam and phishing by providing a temporary, disposable option for account creation.

Cryptocurrency

fromnews.bitcoin.com

Elon Musk's X to Auto-Lock Accounts Posting Crypto for First Time

X introduces auto-lock for accounts making first crypto posts to combat phishing attacks.

#scam

fromIrish Independent

Deliverability

Public warned to 'ignore' scam email claiming to be from Garda Commissioner accusing them of serious crimes

NYC politics

fromHoodline

Brooklyn Drivers Slammed With Scam 'Enforcement Action' Texts, NYPD Warns

Brooklyn drivers are targeted by a scam text claiming enforcement action, urging immediate payment to avoid penalties.

fromIrish Independent

Deliverability

Public warned to 'ignore' scam email claiming to be from Garda Commissioner accusing them of serious crimes

NYC politics

fromHoodline

Brooklyn Drivers Slammed With Scam 'Enforcement Action' Texts, NYPD Warns

Brooklyn drivers are targeted by a scam text claiming enforcement action, urging immediate payment to avoid penalties.

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

Cryptocurrency

fromnews.bitcoin.com

Kraken User Loses $18.2M in Crypto Social Engineering Attack as Funds Move via Thorchain: ZachXBT

A coordinated theft involved phishing tactics, rapid asset transfers, and laundering of approximately $1.8 million in ether through decentralized protocols.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Russian state-sponsored group TA446 is using the DarkSword exploit kit to target iOS devices through phishing emails.

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using AitM phishing to compromise TikTok for Business accounts, targeting business accounts for malvertising and malware distribution.

fromInfoQ

Securing the AI Stack: From Model to Production

AI has transformed phishing into a high-velocity threat, requiring modern defenses to adopt similar layered tactics.

Lightning-fast exploits mean patch fast, says Cisco Talos

Strengthening MFA policies and enhancing anti-phishing training are critical as attackers exploit vulnerabilities rapidly and effectively.

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications targeting individuals of high intelligence value.

Apple Mail's 'Trusted Sender' Label Misused in New Phishing Scheme

Apple Mail's 'trusted sender' label can mislead users, allowing phishing scams to exploit perceived familiarity without verifying sender legitimacy.

#online-scams

fromThe Mercury News

Larry Magid: Beware of online scams

Americans lost at least $16.6 billion to scams in 2024, with older adults over 60 losing more than $4.8 billion, primarily through phishing and romance scams that exploit trust and technology unfamiliarity.

fromwww.mercurynews.com

US news

Larry Magid: Beware of online scams

fromThe Mercury News

Larry Magid: Beware of online scams

fromwww.mercurynews.com

US news

Larry Magid: Beware of online scams

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Russian state-sponsored APT28 deployed two new malware families, BadPaw and MeowMeow, targeting Ukrainian entities through phishing emails with Ukrainian-language lures about border crossing appeals.

fromComputerworld

OAuth phishers make 'check where the link points' advice ineffective

Attackers use phishing emails with malicious OAuth links containing broken parameters to redirect users to attacker-controlled destinations through legitimate identity providers.

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

It launches a headless Chrome instance - a browser that operates without a visible window - inside a Docker container, loads the brand's real website, and acts as a reverse proxy between the target and the legitimate site. Recipients are served genuine page content directly through the attacker's infrastructure, ensuring the phishing page is never out of date.

Information security