Phishing

PhishWP, a newly discovered WordPress plugin, is being used by cybercriminals to maliciously convert legitimate websites into phishing traps, putting user data at risk. Cybercriminals created the WordPress plugin PhishWP. It generates fake payment pages...

A malicious copycat of the popular "EditThisCookie" extension has been discovered stealing login credentials and engaging in phishing activities. The legitimate EditThisCookie extension, which had over 3 million users and 11,000 ratings, was recently...

A new phishing-as-a-service (PaaS) platform called "FlowerStorm" has emerged, targeting Microsoft 365 users. This platform has quickly gained traction following the unexpected disruption of its predecessor, Rockstar2FA, in November 2024. Rockstar2FA, an updated version of...

A sophisticated phishing campaign targeting European companies. The attack, which peaked in June 2024, aims to harvest Microsoft Azure cloud credentials and compromise victims' cloud infrastructure. The campaign primarily targets automotive, chemical, and industrial compound...

Okta, a leading identity and access management platform, has issued a warning about an increase in sophisticated phishing attacks targeting its customers by impersonating the company's support team. These attacks are part of a...

A sophisticated phishing campaign exploiting fake Microsoft SharePoint notifications to distribute the Xloader malware. This malicious operation, recently intercepted by Sublime Security, highlights the growing threat of cybercriminals leveraging legitimate platforms to bypass traditional defenses. The...

Google Calendar, with over 500 million active users worldwide and availability in 41 languages, has long been celebrated for its efficiency in organizing schedules and managing time. However, its popularity has also made it...

A sophisticated attack campaign targeting organizations in Japan and other East Asian countries. The threat actor, identified as APT-C-60, is employing a clever social engineering tactic that exploits job application processes to infiltrate corporate...

Cybercriminals leverage high-profile events, such as global sporting championships, by registering fake domains to launch phishing and scam attacks. Researchers uncover suspicious domain registration campaigns, especially when event-specific terms or phrases are used in recently...

Phishing attacks continue to pose a significant threat to various industries, with cybercriminals employing sophisticated tactics to deceive recipients. A recent analysis by Cofense Intelligence, covering data from Q3 2023 to Q3 2024, has identified...