Proofpoint Archives • Daily CyberSecurity

Sophisticated TA4922 Cybercrime Operations Expand Globally Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Sophisticated TA4922 Cybercrime Operations Expand Globally

Do Son June 9, 2026

The Rising Threat of TA4922 A prominent cybersecurity research group recently exposed a highly active threat cluster...

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA Device Code Phishing EvilTokens PhaaS

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA

Do Son May 19, 2026

A once-obscure technique for bypassing multifactor authentication is exploding across the threat landscape, supercharged by AI “vibe...

Cyber-Actors are “Laundering Trust” to Hijack the Global Supply Chain Load Board Phishing Signing-as-a-Service

Cyber-Actors are “Laundering Trust” to Hijack the Global Supply Chain

Do Son April 20, 2026

Proofpoint researchers have detailed the curtain on a sophisticated cyber-operation targeting the transportation industry, revealing a month-long...

Attackers Weaponize Mailbox Rules to Control Your Inbox M365 Persistence Malicious Mailbox Rules

Attackers Weaponize Mailbox Rules to Control Your Inbox

Do Son April 15, 2026

In the modern landscape of Microsoft 365 security, the most dangerous threat might not be a sophisticated...

From Taiwan to Tehran: How TA416 Pivots its PlugX Backdoor to Global Flashpoints TA416 PlugX Backdoor

From Taiwan to Tehran: How TA416 Pivots its PlugX Backdoor to Global Flashpoints

Do Son April 8, 2026

A new intelligence report from Proofpoint reveals that TA416, a sophisticated threat actor aligned with Chinese state...

Hackers are Using “Legit” IT Tools to Hijack the 2026 Tax Season 2026 Tax Phishing RMM Abuse

Hackers are Using “Legit” IT Tools to Hijack the 2026 Tax Season

Do Son April 5, 2026

As the 2026 tax season reaches its peak, cybersecurity researchers have identified a massive surge in digital...

Developer Alert: “CursorJack” Technique Weaponizes Deeplinks to Hijack Cursor IDE CursorJack Cursor Vulnerability

Developer Alert: “CursorJack” Technique Weaponizes Deeplinks to Hijack Cursor IDE

Do Son March 20, 2026

Security researchers at Proofpoint Threat Research have detailed a novel exploitation method dubbed CursorJack, which targets the...

Iran-Aligned TA453 Weaponizes ‘Operation Epic Fury’ for Cyber Espionage Operation Epic Fury TA453 Phishing

Iran-Aligned TA453 Weaponizes ‘Operation Epic Fury’ for Cyber Espionage

Do Son March 12, 2026

In the wake of the February 2026 military strikes known as Operation Epic Fury, a new front...

The Fake IT Threat: “TrustConnect” Malware-as-a-Service Masquerades as Legitimate RMM Software TrustConnect Malware Fake RMM MaaS

The Fake IT Threat: “TrustConnect” Malware-as-a-Service Masquerades as Legitimate RMM Software

Do Son February 23, 2026

A new report from Proofpoint sheds light TrustConnect, detailing the rise of a new Malware-as-a-Service (MaaS) that...

Hidden in Plain Sight: TA584 Deploys “Tsundere Bot” & Invisible Registry Keys TA584 Tsundere Bot Invisible Registry Persistence

Hidden in Plain Sight: TA584 Deploys “Tsundere Bot” & Invisible Registry Keys

Do Son February 2, 2026

TA584, a sophisticated Initial Access Broker (IAB) known for paving the way for ransomware gangs, has dramatically...

Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts Device Code Phishing, Microsoft 365 OAuth

Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts

Do Son December 22, 2025

Cybercriminals have found a new way to turn corporate security protocols against themselves, weaponizing a legitimate Microsoft...

Fully Autonomous Cybercrime: TA585 Uses ClickFix Phishing and Own Infrastructure to Deploy Premium MonsterV2 RAT TA585 Autonomous, MonsterV2 RAT

Fully Autonomous Cybercrime: TA585 Uses ClickFix Phishing and Own Infrastructure to Deploy Premium MonsterV2 RAT

Do Son October 15, 2025

Proofpoint has identified a new and highly self-reliant cybercriminal threat actor, tracked as TA585, which operates with...

The Silent Spy: How Chinese Hackers are Exploiting U.S.-China Policy Chinese espionage groups APT35 Phishing, Stormshield CTI

The Silent Spy: How Chinese Hackers are Exploiting U.S.-China Policy

Do Son September 18, 2025

State-aligned Chinese threat actor TA415 (also tracked as APT41, Brass Typhoon, Wicked Panda) has launched a series...

Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns Stealerium, infostealer

Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns

Do Son September 4, 2025

Proofpoint threat researchers have uncovered a surge in campaigns distributing Stealerium-based malware, an open-source infostealer first released...

AI’s Dark Side: How a New Website Builder Is Fueling a Surge in Cybercrime AI cybercrime, phishing

AI’s Dark Side: How a New Website Builder Is Fueling a Surge in Cybercrime

Do Son August 21, 2025

Artificial intelligence is lowering the barrier to cybercrime. According to a new report by Proofpoint, threat actors...

Phishing-Resistant No More? New Attack Bypasses FIDO Passkeys with Downgrade Trick FIDO passkeys, downgrade attack

Phishing-Resistant No More? New Attack Bypasses FIDO Passkeys with Downgrade Trick

Do Son August 14, 2025

FIDO-based passkeys are widely regarded as one of the strongest defenses against phishing and account takeover (ATO)...

The OAuth Phishing Trap: Proofpoint Exposes AiTM Attacks That Bypass MFA to Hijack Cloud Accounts Fake Microsoft landing page, capturing MFA

The OAuth Phishing Trap: Proofpoint Exposes AiTM Attacks That Bypass MFA to Hijack Cloud Accounts

Do Son August 2, 2025

Proofpoint has revealed a persistent wave of adversary-in-the-middle (AiTM) phishing campaigns that exploit Microsoft OAuth applications to...

The Trust Trap: Phishing Attacks Weaponize Security Tools by Abusing Proofpoint & Intermedia Link Wrapping A Microsoft phishing page designed to harvest credentials

A Microsoft phishing page designed to harvest credentials

The Trust Trap: Phishing Attacks Weaponize Security Tools by Abusing Proofpoint & Intermedia Link Wrapping

Do Son August 1, 2025

The Cloudflare Email Security team has exposed a wave of phishing attacks that abuse link wrapping services—typically...

New RFQ Scams Hit Businesses: Fraudsters Steal Goods via Net Financing & Fake Procurement FIFA website spoofing scams FBI World Cup alert Pig Butchering Scam Jingliang Su Sentencing Meta China Scam Ads, Zuckerberg Revenue Conflict Trading Bot Scam BEC Scam Rental Payment Fraud