phishing Archives • Page 3 of 17 • Daily CyberSecurity

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap OpenBao Vulnerability OIDC Session Hijacking

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap

Do Son March 30, 2026

The OpenBao community, the open-source initiative dedicated to managing and distributing sensitive data like secrets and certificates,...

ClickFix: The High-ROI “Living-off-the-Land” Trap Sweeping Windows and macOS ClickFix Social Engineering Living-off-the-Land (LotL) Attacks

ClickFix: The High-ROI “Living-off-the-Land” Trap Sweeping Windows and macOS

Do Son March 30, 2026

A sophisticated social engineering technique known as ClickFix has transitioned from a niche tactic into a standardized,...

Tax Audits and WhatsApp Clones: How “Silver Fox” is Redefining Cyber-Espionage in South Asia WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Tax Audits and WhatsApp Clones: How “Silver Fox” is Redefining Cyber-Espionage in South Asia

Do Son March 29, 2026

A new report from Sekoia’s Threat Detection & Research (TDR) team has detailed the curtain on Silver...

Google Forms Weaponized: New “PureHVNC” Campaign Targets Professionals via LinkedIn PureHVNC RAT Google Forms Phishing

Google Forms Weaponized: New “PureHVNC” Campaign Targets Professionals via LinkedIn

Do Son March 27, 2026

A sophisticated new malware campaign is turning a trusted business tool into a launchpad for cyber espionage....

Copyright Lures and “Fileless” Shadows: Inside the PureLog Stealer Campaign PureLog Stealer Fileless Malware

Copyright Lures and “Fileless” Shadows: Inside the PureLog Stealer Campaign

Do Son March 24, 2026

A highly organized malware campaign is currently stalking key industries by weaponizing something every professional fears: a...

Hijacked Accounts and AI Code: The Deadly New Playbook of Iranian APT ‘Boggy Serpens’ Boggy Serpens Iranian APT

Hijacked Accounts and AI Code: The Deadly New Playbook of Iranian APT ‘Boggy Serpens’

Do Son March 20, 2026

A new assessment from Unit 42 reveals a significant maturation in the tactics of Boggy Serpens, an...

Weaponizing Conflict: ThreatLabz Exposes Mustang Panda’s Rapid PlugX Campaign in the Middle East Mustang Panda PlugX Backdoor

Weaponizing Conflict: ThreatLabz Exposes Mustang Panda’s Rapid PlugX Campaign in the Middle East

Do Son March 16, 2026

Recently, cybersecurity researchers at ThreatLabz have uncovered a new campaign by a China-nexus threat actor. The operation,...

The Fake Job Trap: Microsoft Exposes the ‘Contagious Interview’ Campaign Targeting Developers Contagious Interview Invisible Ferret

The Fake Job Trap: Microsoft Exposes the ‘Contagious Interview’ Campaign Targeting Developers

Do Son March 12, 2026

A recent report from Microsoft Defender Experts sheds light on the “Contagious Interview” campaign, a sophisticated social...

The Dark Side of Telegram: How Cybercriminals Weaponize Bot APIs for Stealthy Data Exfiltration

Do Son March 12, 2026

While millions use Telegram for secure, instant messaging, a darker side of the platform is emerging in...

PlugX Evolves: New “Meeting Invitation” Phishing Campaign Leverages Trusted Security Software Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

PlugX Evolves: New “Meeting Invitation” Phishing Campaign Leverages Trusted Security Software

Do Son March 4, 2026

Cybersecurity researchers at LAB52 have released a detailed analysis of a new infection chain for the long-running...

The Fake Security Checkup: How a Rogue ‘Google’ App Hijacks Your Digital Life PWA Malware Google-prism

The Fake Security Checkup: How a Rogue ‘Google’ App Hijacks Your Digital Life

Do Son March 3, 2026

Imagine a pop-up warning you that your Google Account needs a security checkup. It looks flawless. It...

The Invisible Trap: How Hackers Weaponize the Internet’s Root Infrastructure (.arpa) to Bypass Security Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

The Invisible Trap: How Hackers Weaponize the Internet’s Root Infrastructure (.arpa) to Bypass Security

Do Son March 3, 2026

We all know the standard signs of a phishing email: bad spelling, urgent demands, and sketchy-looking “.com”...

The GTFire Scheme: How Cybercriminals are Weaponizing Google’s Trusted Services for Global Phishing GTFire Phishing Campaign Google Firebase Abuse

GTFire Phishing Campaign Google Firebase Abuse

The GTFire Scheme: How Cybercriminals are Weaponizing Google’s Trusted Services for Global Phishing

Do Son March 2, 2026

Modern cybercriminals are evolving, increasingly hiding their malicious activities within the very legitimate cloud services that businesses...

Unmasking 1Campaign: The Professionalized ‘Cloaking’ Service Powering Global Malvertising Scams 1Campaign Cloaking Platform Google Ads Malvertising

1Campaign Cloaking Platform Google Ads Malvertising

Unmasking 1Campaign: The Professionalized ‘Cloaking’ Service Powering Global Malvertising Scams

Do Son February 27, 2026

Varonis Threat Labs recently highlights a comprehensive toolkit designed to weaponize search engine advertising. Researchers uncovered 1Campaign,...

Silver Fox APT Unleashes ‘Winos 4.0’ Malware via BYOVD Attacks Winos 4.0 Malware Silver Fox APT RapperBot BVIEC cyberattack - CNC group DAMASCENED PEACOCK, malware analysis

Winos 4.0 Malware Silver Fox APT RapperBot BVIEC cyberattack - CNC group DAMASCENED PEACOCK, malware analysis

Silver Fox APT Unleashes ‘Winos 4.0’ Malware via BYOVD Attacks

Do Son February 24, 2026

According to a new threat intelligence report, a highly organized Advanced Persistent Threat (APT) group has launched...

Hackers Weaponize Facebook Ads with Fake Windows 11 Updates Fake Windows 11 Ads Info-Stealing Malware

Hackers Weaponize Facebook Ads with Fake Windows 11 Updates

Do Son February 24, 2026

Cybercriminals are leveraging the trust users place in their social media feeds to distribute stealthy information-stealing malware....

The CAPTCHA Trap: How a Fake “ClickFix” Prompt Unleashed Latrodectus & Supper Malware ClickFix CAPTCHA Latrodectus Malware

The CAPTCHA Trap: How a Fake “ClickFix” Prompt Unleashed Latrodectus & Supper Malware

Do Son February 23, 2026

The simple act of verifying you are not a robot has been weaponized into a devastating corporate...

The “I Paid Twice” Trap: New Booking.com Phishing Kit Targets Hotels & Guests Booking.com Fraud Hospitality Phishing

The “I Paid Twice” Trap: New Booking.com Phishing Kit Targets Hotels & Guests

Do Son February 18, 2026

A sophisticated financial fraud campaign has resurfaced, targeting the hospitality sector that victimizes both hotels and their...

Hackers Use Jira Notifications to Bypass Spam Filters Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft