Phishing Page 1

Hackers Abuse Fake CircleCI Notifications Creadential Stealing Git Hub

Hackers abuse fake CircleCI notifications to steal GitHub accounts

Researchers have observed threat actors abusing the CircleCI notification feature to initiate a phishing attack. In this issue, it was reported that the adversaries had impersonated the CircleCI integration and delivery platform to execute their malicious intents. The malicious messages will inform the recipients that the terms and privacy policy of the spoofed company have...
Continue Reading
Humanitarian Groups Targeted RedAlpha APT Phishing Chinese Hackers

Humanitarian groups and other firms targeted by RedAlpha APT

Critical organisations worldwide have been warned about an ongoing credential theft phishing campaign executed by the China-based RedAlpha advance persistent threat (APT) group. This phishing campaign has been going on for the past three years and targets global government firms, think tanks, and humanitarian groups. The initial activities detected from the RedAlpha APT were in...
Continue Reading
Evernote Fake Website Impersonation Phishing Scheme Healthcare Trojan Cyber Threat

Evernote used as a fake website in a new phishing scheme

Authorities warn about a new phishing campaign utilising the popular notepad website, Evernote, to be a fake website that will hold a downloadable trojan file to hack into systems and collect victims’ credentials. This latest campaign was found to target the healthcare sector. As observed from the campaign, the victims are sent an email message,...
Continue Reading
PhaaS Platform Robin Banks Phishing Kits Dark Web Malicious Websites

A PhaaS platform, Robin Banks, offered phishing kits on the dark web

The latest dark web investigations spotted a phishing-as-a-service (PhaaS) platform, dubbed Robin Banks, launched by its operators to offer ready-made phishing kits that help their clients pose as financial institutions and other well-known brands to target victims. Hackers could choose from numerous organisations offered by the PhaaS platform, including popular ones like Netflix, Capital One,...
Continue Reading
New York US DMV Department of Motor Vehicles Threat Warning Phishing SMS Scams Fraud Prevention

New York’s DMV warns its customers regarding phishing scams

The New York State Department of Motor Vehicles (DMV) has published a threat advisory to warn its customers about a phishing scam that can steal sums by exfiltrating credentials. Based on reports, the phishing scam attempts to steal its targeted victims’ credentials and other essential information. The phishing attack includes spam messages containing malicious links...
Continue Reading
Luna Moth Hacking Group Extortion Ransomware Payloads Social Engineering Phishing Fraud Prevention

Luna Moth group extorts from victims without ransomware payloads

A new ransom group dubbed Luna Moth is said to have been utilising social engineering tactics, remote access trojans (RATs), and other legitimate commercially available software to be able to hack into their victims’ computers and extort ransom payments in exchange for their data. According to the reports published about Luna Moth, its operators execute...
Continue Reading
Crypto Platform Axie Infinity Compromised Links Spear Phishing Cybersecurity LinkedIn

Crypto platform Axie Infinity links compromise to spear-phishing

From the findings based on Axie Infinity’s cybersecurity compromise last March, researchers disclosed that it could have been initiated from a spear-phishing-based fake LinkedIn employment offer that caused the hack on the popular crypto play-to-earn platform. Since the attack, limited information was released on the investigation, including how the US authorities attributed it to the...
Continue Reading
XFiles Infostealer Follina Vulnerability Infect Malware Targets

XFiles infostealer used the Follina vulnerability to infect targets

The infostealer malware dubbed XFiles has made its rounds of cybercriminal activities after researchers noticed that it had exploited the Follina critical flaw. Based on reports, the vulnerability (CVE-2022-30190) was abused by the malware operators to infect targeted devices with malicious payloads. A cybersecurity solutions vendor has spotted the new infostealer malware that used Follina...
Continue Reading

A new WhatsApp scam offers fake job opportunities to defraud victims

WhatsApp fraudsters have expanded their scam campaigns by defrauding job hunters that aspire to be employed in the UK. The threat actors spoof an agent from the UK government that offers free visas and other work benefits to people willing to fly to the country for work. These fraudsters use the WhatsApp social messaging app...
Continue Reading
New Attack Tactic Exploit MS WebView2 Evade MFA Protocol

A new attack tactic can exploit the MS WebView2 and evade MFA protocol

Researchers recently discovered a new phishing strategy that could exploit the Microsoft Edge WebView2 applications to exfiltrate and steal authentication cookies. Subsequently, malicious phishing operators can utilise these authentication cookies to avoid the MFA functionality and login accounts effortlessly. A cybersecurity researcher has developed this new phishing method called “WebView2-Cookie-Stealer.” The devised phishing attack includes...
Continue Reading
1 2 3 29