< ciso
brief />
Tag Banner

All news with #phishing tag

694 articles · page 2 of 35

US offers $10M for info on hackers targeting Signal and WhatsApp

🔔 The U.S. Department of State is offering up to $10 million through its Rewards for Justice program for information identifying members of UNC5792 and UNC4221, two groups tied to Russian intelligence and military services. The bounty follows FBI and CISA updates that these groups conducted phishing campaigns targeting Signal and WhatsApp users, including attempts to steal Signal Backup Recovery Keys by impersonating support agents. Targets included U.S. and NATO officials, journalists, NGOs, and researchers.
read more →

236,000 DCloud Uni‑App Sites Fuel Investment Scams

🛡️ Infoblox reports that over 236,000 domains use DCloud Uni‑App templates to power investment scams, including fake crypto exchanges, wallet drainers, gambling sites, and WhatsApp phishing pages. The malicious sites span continents, target multiple languages, and have been active since mid‑2022, with some operators stripping framework fingerprints to evade detection. While many domains use mainstream hosting providers, a subset relies on bulletproof hosting and centralized template sales may explain coordinated activity.
read more →

Why attackers target your email inbox aggressively

📧 Email accounts act as hubs for identity verification, password resets and long-term records, making them prime targets for cybercriminals. Attackers use phishing, account takeover, forwarding rules and abused tokens to maintain access, intercept codes and harvest sensitive information. Corporate inbox breaches can lead to data theft, ransomware or expensive fraud, while sophisticated tools like GenAI increase phishing success rates. Regularly review security settings, use MFA or passkeys, and remain vigilant to reduce risk.
read more →

FBI warns of Russian targeting Signal backup keys

🔔 The FBI has issued a public service announcement warning that multiple clusters of Russian intelligence actors, including FSB officers and military hackers, are targeting high-risk users to steal Signal Backup Recovery Keys. The campaign uses phishing messages masquerading as messaging app support to elicit verification codes, account PINs, and recovery keys. Victims include government officials, military personnel, journalists and Ukrainian officials. Users are advised to only trust official support channels and to generate a new recovery key to invalidate older backups.
read more →

FBI warns Russian actors stealing Signal backup keys

🔐 The FBI and CISA warn that Russian-linked threat actors have shifted phishing tactics to steal Signal Backup Recovery Keys, enabling access to users' historical messages. The campaign, tracked as UNC5792 and UNC4221, targets high-value individuals including officials, journalists, and military personnel. Attackers impersonate Signal support, trick users into enabling backups and then request the recovery key to restore data to attacker-controlled devices. Authorities advise that official support never asks for codes or recovery keys and recommend reporting incidents to the FBI or CISA.
read more →

Fraudulent OpenAI organization invites target security firms

🔔 Push Security discovered a campaign where attackers create fraudulent OpenAI tenants impersonating real companies and send legitimate-looking invites to employees. The invites originate from OpenAI notification addresses, pass authentication checks, and assign recipients Owner privileges within the fake organization. Attackers used Gmail accounts to pose as company executives and even attached a billing card to the tenant, likely to reduce suspicion. Push Security warns employees could be tricked into submitting sensitive data into the workspace and advises verification and monitoring of SaaS memberships.
read more →

Shop app abused to deliver callback phishing scams

🛒 Researchers warn that threat actors are abusing Shop, Shopify’s order-tracking app, by adding fake purchase receipts to users' histories to trick them into calling scam phone numbers. Fraudulent receipts impersonate brands like Apple, PayPal, Norton, and McAfee, and aim to collect credentials, payment details, OTPs, or persuade victims to install remote access software. Users are advised to verify charges with their bank rather than call numbers on suspicious receipts.
read more →

Bluekit adopts browser-in-the-middle for login theft

🛡️ The Bluekit phishing-as-a-service platform has added browser-in-the-middle (BitM) capabilities and nearly 70 new hostnames, enabling attackers to load legitimate login pages and capture valid session tokens. Netcraft found Bluekit uses the open-source rrweb library to serialize and stream page DOM data over WebSockets while fetching assets through phishing infrastructure. The kit also includes advanced anti-analysis features such as randomized CSS filters, large rotating obfuscated JavaScript bundles, custom CAPTCHAs, browser fingerprinting, and WebRTC IP-mismatch checks.
read more →

AI Enables Faster, Cheaper, Harder-to-Detect Attacks

🛡️ A ReliaQuest report finds AI is making cyber-attacks cheaper, faster to scale, easier to customize and harder to spot while not fundamentally altering attacker tradecraft. Initially used for polishing phishing and basic scripting in 2024, by mid-2025 AI had expanded into deepfakes, AI-assisted scripts and an underground market for tools. Today AI appears embedded in workflows—generating phishing pages, web shells, and obfuscating code—and as the lure itself, with attackers leveraging trusted AI brands to trick users.
read more →

Reframing Trust: A CISO’s Risk-Tiering Model

🔍 Security awareness training that taught employees to spot obvious phishing cues is no longer sufficient. AI-generated attacks and legitimate-looking infrastructure have erased the surface signals users were trained to rely on, making sustained human vigilance unrealistic. The article argues for applying Daniel Kahneman’s fast/slow thinking at the organizational level to map and re-tier processes, keeping fast lanes where justified and revoking them where risk has changed.
read more →

Xsolis data breach compromises 1.4M patient records

🔒 Xsolis, a U.S. healthcare technology provider, detected a targeted phishing attack that led to unauthorized access to parts of its network in January 2026. The company says files containing sensitive customer information—such as names, addresses, dates of birth, insurance details, Social Security numbers, and medical treatment data—were accessed, affecting 1,396,519 individuals. Xsolis contained the breach, engaged external cybersecurity experts, reset user passwords, enhanced monitoring, accelerated employee security training, and is notifying impacted individuals with offered identity monitoring services.
read more →

GTA 6 preorder scams exploit hype and crypto

🎮 Scammers have launched polished fake sites claiming to offer early access to Grand Theft Auto VI for a fee in cryptocurrency, ahead of Rockstar Games’ official June 25 preorder announcement. Malwarebytes warns these pages are unauthorized and often use urgency tactics, smooth payment flows and phishing to steal funds or credentials. Victims paying in crypto typically cannot recover funds; only Rockstar and authorized retailers should be trusted.
read more →

INTERPOL: Cybercrime Surge in Asia and South Pacific

🔍 INTERPOL warns of a dramatic rise in cybercrime across Asia and the South Pacific driven by rapid digitalization, organized criminal networks, and uneven cybersecurity maturity. Phishing is identified as the most widespread and costly threat, while ransomware, AI-driven scams, deepfakes, and banking trojans have also surged. Authorities are scaling cross-border cooperation and resilience efforts to counter these threats.
read more →

Prime Day 2026: Surge in Amazon-Themed Scams

🛡️ Check Point Research warns that Amazon Prime Day (June 23–26, 2026) is generating a large pre-event surge in phishing, fake storefronts, and domain-squatting operations. Between December 2025 and May 2026, thousands of Amazon-themed domains were registered, with many already flagged as malicious. Attackers are building multi-TLD campaigns, regional IDN spoofs, and convincing counterfeit product pages to steal credentials and payments.
read more →

World Cup 2026 Scams: Watch for Fake Streams

⚠️ Scammers are exploiting World Cup hype with fake streaming sites, fraudulent betting platforms, and counterfeit merchandise stores that harvest payments and personal data. Many sites demand extensive personal information or up-front payments, sometimes even in cryptocurrency, and use professional-looking pages to trick victims. Fans and bettors risk losing money and having credentials reused across accounts stolen; strong security measures and unique passwords are advised.
read more →

ThreatsDay: AI Abuse, Fileless Mac Attacks, and More

📰 This week's ThreatsDay roundup highlights a range of active campaigns and emerging risks, from DoH adoption in Windows Server 2025 to search-hijacking Chrome extensions and fileless macOS infections. Researchers uncovered abuse of shared AI chat features to deliver credential stealers, large-scale WhatsApp booking fraud, and memory-only stealers targeting banks. Vendors and agencies are responding with mitigations, advisories, and new product timelines to address quantum and AI-driven threats.
read more →

Cloudflare Celebrates 12 Years of Project Galileo

🎉 Project Galileo provides free cybersecurity services to over 3,400 websites belonging to journalists, human rights defenders, and nonprofits across 120 countries. Cloudflare published its first comprehensive report on cyberattacks targeting civil society, released 16 participant case studies, and announced new partners. The findings show civil society faces more frequent and intense attacks, including prolonged DDoS, higher exploitation attempts, and elevated phishing rates. Cloudflare calls for broader, affordable protections and will produce this report annually.
read more →

Cybercriminals Worried AI Will Displace Roles

🔎 Sophos CTU research finds cybercriminals debating the risks and benefits of AI tools across underground forums, marketplaces and messaging apps. Sellers are offering AI kits for phishing, malware automation, deepfake creation and social engineering, while some threat actors fear losing work to automated toolsets. The research highlights divided views, a spike in discussion after the release of Claude Mythos Preview, and advice for defenders to prioritize patching, MFA and visibility.
read more →

Fake Reputation Campaign Pushes Crypto Clipper

🛡️ Check Point Research found a coordinated campaign using paid posts, fake accounts, and a WordPress phishing hub to promote malicious warez. The operators pushed a Rust-based clipboard hijacker hidden in Solana and sniper bot packages targeting Windows and macOS, replacing crypto wallet addresses to steal funds. They used GitHub, SourceForge, YouTube, VirusTotal manipulation, and press release services to fabricate trust and inflate metrics.
read more →

Serverless GitHub Pages Phishing Hits Mexican Banks

🛡️ New research from Group-IB describes the GitBait campaign, a multi-year phishing operation targeting Mexican banks that used GitHub Pages for hosting and SheetBest to exfiltrate credentials into Google Sheets. The operation relied on modular phishing kits, automated publishing, and crafted Open Graph tags to spread links via messaging apps while evading search indexing. Group-IB reported over 100 GitHub-hosted domains and urges banks to monitor brand abuse and suspicious traffic to cloud services.
read more →