Flux RSS

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [...]

Police found cameras pointing at infrastructure Indian authorities have reportedly ordered an audit of the nation’s CCTV cameras, after police uncovered what they claim was a Pakistan-backed surveillance operation.…

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]

Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA

Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins RSAC 2026 Voice phishing surged last year to become the second most common method used by cybercriminals to gain initial access to their victims' IT estate – and the No. 1 tactic used when breaking into cloud environments.…

PLUS: US takes down Iranian propaganda sites; Marketing company asks 'Why Do We Have Your Information?' And more! Infosec In Brief Russian intelligence-affiliated parties are posing as customer support services on commercial messaging applications such as Signal to compromise accounts and conduct phishing attacks, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned last Friday.…

Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform

Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS

2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities

Malicious NuGet package mimicking Stripe's library targeted developers

Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information

CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective

A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances

A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal

Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics

New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo