ConsentFix exploits browser-based OAuth flows to hijack Microsoft accounts. Understanding its mechanisms can help protect against this evolving phishing threat.
An Illinois individual faces charges for a phishing scam that compromised approximately 600 Snapchat accounts. The scheme involved stealing private
While click rates often dominate phishing discussions, real threats emerge post-compromise. Material Security advocates prioritizing containment strategies and examining post-access
Misconfigured email routing creates an opening for attackers using Phishing-as-a-Service platforms like Tycoon2FA to steal credentials. Such tactics enable attackers
In a newly identified cybersecurity threat, attackers are imitating Booking.com to infiltrate European hotels. Employees are manipulated into installing malware
Recent phishing operations exploit Google Cloud Application Integration, sending fake Google emails that deceive users into trusting malicious messages.
Silver Fox targets India, using tax-themed phishing to spread ValleyRAT, including DLL hijacking in attacks.
Grubhub customers received deceptive messages, seemingly from a company email, promising tenfold bitcoin returns. This scam misled users into transferring
Authorities took significant action by seizing a password database used in a phishing attack that attempted a $28 million bank
Three individuals in Nigeria, targeting Microsoft 365 users via Raccoon0365, have been detained. Learn about the phishing-as-a-service method they used.
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.