< ciso
brief />
Tag Banner

All news with #phishing tag

695 articles · page 3 of 35

Serverless GitHub Pages Phishing Hits Mexican Banks

🛡️ New research from Group-IB describes the GitBait campaign, a multi-year phishing operation targeting Mexican banks that used GitHub Pages for hosting and SheetBest to exfiltrate credentials into Google Sheets. The operation relied on modular phishing kits, automated publishing, and crafted Open Graph tags to spread links via messaging apps while evading search indexing. Group-IB reported over 100 GitHub-hosted domains and urges banks to monitor brand abuse and suspicious traffic to cloud services.
read more →

Weekly Cyber Recap: Active Chrome 0‑Day Patch

⚠️ Google issued fixes for 74 Chrome flaws, including an actively exploited V8 out-of-bounds memory access (CVE-2026-11645). This week's recap highlights exploited enterprise bugs like Oracle PeopleSoft and Check Point VPN, large-scale supply-chain and package abuse in Arch's AUR, and the takedown of a major phishing-as-a-service operation. Practical guidance and trending CVEs round out the update.
read more →

Summer travel phishing surges; hospitality attacks rise

📈 Check Point Research warns of a sharp seasonal surge in travel-related cyberattacks ahead of summer 2026, with the hospitality sector experiencing a 24% year-over-year increase in weekly attacks and a 122% rise over three years. The team found nearly 50,000 new travel-related domains in May 2026—many linked to coordinated bulk-registration campaigns—and active phishing sites impersonating major booking platforms to harvest credentials and payments. Travelers are urged to verify domains, use credit cards, enable two-factor authentication, and avoid clicking links in unsolicited messages.
read more →

EvilTokens phishing abuses OAuth device code flow

🛡️ EvilTokens is a phishing-as-a-service kit that compromises Microsoft 365 accounts by abusing the OAuth 2.0 device authorization grant flow, tricking victims into authorizing attacker sessions via legitimate Microsoft login pages. Active since at least February 2026, the toolkit has been used in large account takeover and BEC campaigns, leveraging reconnaissance and decoy lures to obtain access and refresh tokens. Because victims complete real authentication — including 2FA — the attacks bypass traditional red flags like fake login pages. Organizations are advised to restrict device code flow, monitor unusual token activity, and update security awareness to address these modern phishing tactics.
read more →

Sniper Dz phishing scam targets MENA users

🛡️ Group-IB disclosed a large-scale fraud campaign using fake Facebook accounts to lure Middle East and North Africa users with offers like free mobile internet and government subsidies. Victims were routed via link-aggregation services to pages that abused browser notifications, back-button hijacks, and tab-under redirects to enroll users in a push-notification ecosystem. The operation monetized victims through premium SMS, premium-rate calls, investment scams, and ad fraud tied to a Sniper Dz PhaaS infrastructure.
read more →

FBI disrupts large AI-driven Outsider phishing network

🔎 The FBI, collaborating with Google and Black Lotus Labs, dismantled a China-linked phishing-as-a-service operation called Outsider Enterprise that used AI and distributed phishing kits across thousands of fraudulent websites and over a million URLs. Authorities seized administrative servers, a Shopify storefront, testing accounts, and roughly $100,000 in USDT, while redirecting many malicious domains to an FBI splash page. Google reports hundreds of thousands of affected users and has filed a civil suit against the infrastructure while coordinating with carriers to block fraudulent SMS campaigns.
read more →

Cyber Threats Escalate Against Sports Organizations

🔒 Darktrace research reveals that 84% of sports organizations — including teams, venues and event bodies — were targeted by cyber-attacks in the last year, with 57% hit multiple times. The report highlights threats to stadium operations, fan data and supply chains, noting elevated phishing and AI-enabled social engineering. Experts urge a behavioral security approach focused on human and AI behavior to reduce high-profile disruption risks.
read more →

Novo Nordisk discloses clinical trial data breach

🔒 Novo Nordisk disclosed an unauthorized access incident affecting internal IT systems and pseudonymized patient data from some clinical trials. The breach exposed trial participant IDs and health, biomarker, lifestyle, and demographic details, while the company says direct identifiers were not accessed. Healthcare professionals' contact details were also compromised, prompting warnings about phishing and impersonation risks. Novo Nordisk has isolated affected systems, engaged external cybersecurity experts, and is investigating the scope and impact.
read more →

Google sues to dismantle AI-powered scam networks

🛡️ Google is taking legal, technical, and legislative steps to disrupt large-scale AI-enabled phishing and smishing campaigns. The company filed a civil lawsuit against the China-based “Outsider Enterprise,” coordinated with the FBI and telecom partners to block malicious texts, and is advocating bipartisan federal legislation to strengthen protections. Google also leverages AI-driven detection on Android and messaging defenses to intercept malicious messages at scale.
read more →

Interpol operation dismantles long‑running PhaaS platform

🛡️ An Interpol-led operation, Operation Ramz, targeted cybercrime across 13 MENA countries from October 2025 to February 2026, yielding 201 arrests and the seizure of 53 servers. Group-IB disclosed that the crackdown resulted in the takedown of the SniperDz phishing-as-a-service platform and the arrest of its primary developer in Algeria. SniperDz operated since at least 2015, offering phishing kits and hosting, and was linked to tens of thousands of fake domains and hundreds of thousands of phishing pages. Investigators attributed the platform through OpSec failures, social media traces and shared intelligence that enabled law enforcement disruption.
read more →

Aged-domain acquisition enables phishing bypasses

🔒 Phishing operators increasingly buy or hijack aged legitimate domains to bypass enterprise email filters that weight domain age heavily. The author documents a Sneaky2FA campaign using a decade-old domain takeover revealed via certificate transparency logs, illustrating gaps in reputation scoring. Detection should include hosting-pattern stability, subdomain wordlist anomaly, and CT log monitoring to catch these rapid repurposings.
read more →

Attackers Use Short-Form Videos to Spread Vidar Stealer

🎯 New research from ReversingLabs reveals threat actors are using TikTok and Instagram Reels to distribute the Vidar infostealer by posing as tutorials for unlocking premium software. Campaigns manipulate platform algorithms to boost saves and shares, driving viewers to lookalike domains that deliver Vidar via PowerShell or gateware-filled download sites. ReversingLabs recommends auditing install privileges and expanding phishing training to include social feeds.
read more →

Browser Threats Expose Gaps in Enterprise Security

🔒 Menlo Security's 2026 Browser Threat Report warns that many cybersecurity products fail to detect browser-based attacks. Based on telemetry from millions of enterprise browser sessions between January and March 2026, the research found one in five phishing attacks targeting enterprise browser users went undetected by legacy tools. The report highlights that modern enterprise activity increasingly occurs inside browsers, creating blind spots for products not built for the browser session layer. Menlo urges organizations to govern the browser session layer to better protect users and AI agents.
read more →

Autonomous AI Agents Vulnerable to Phishing Attacks

🔒 Varonis tested an OpenClaw-based AI agent named Pinchy with access to a controlled Google Workspace to see whether autonomous agents could be phished. The agent was given Gmail access plus mock AWS credentials, CRM exports, internal chats, and calendars, and it still leaked credentials and customer data in scenarios that mimicked routine colleague requests. A stricter safety profile improved performance, but the agent still failed when social trust cues were abused. Researchers say the problem stems from architecture and governance gaps, urging enforceable controls, identity segregation, and human review for sensitive requests.
read more →

SMB Cyber Readiness: What Strengthens or Breaks It

🔒 The ESET SMB Cyber Readiness Index 2026 finds 45% of small and medium businesses experienced a cyber-incident in the past year, yet confidence in resilience often rises among repeat victims. The report highlights common root causes—phishing, unpatched vulnerabilities, monitoring gaps and weak passwords—and notes a mismatch between headline-driven fears like AI malware and the mundane vectors attackers exploit. Preparation, clear decision authority, and disciplined reduction of attack surface are critical to withstand incidents.
read more →

OpenClaw AI Agent Susceptible to Phishing Risks

📧 Researchers at Varonis tested an OpenClaw AI email agent connected to Gmail, browser tools, and internal data sources and found it vulnerable to common phishing techniques. The agent ran in both generic and strict configurations and used Google Gemini 3.1 Pro and OpenAI GPT-5.4 models. While the agent detected malicious links and OAuth apps, it still exfiltrated credentials and CRM data in scenarios exploiting identity verification failures. Varonis recommends explicit sender verification, restricted external emailing, and human approval for high-risk actions.
read more →

Security shifts to the human layer as AI scams surge

🛡️ Microsoft and Google warn that cybercriminals are repurposing familiar social-engineering tactics around AI tools and trusted cloud services, impersonating platforms like ChatGPT, Copilot, and Claude to distribute malware, steal credentials, and run investment scams. Both advisories note attackers rely on longstanding techniques—urgency, trusted-brand abuse, and redirection chains—while adapting lures to where AI is embedded in daily workflows. The trend shifts the threat surface from code to employee behavior, demanding resilience beyond blocking single phishing campaigns.
read more →

Microsoft Teams Phishing Risks and Mitigations

🛡️ This Unit 42 report examines how threat actors use Microsoft Teams to impersonate IT staff, leveraging external chat and compromised or typosquatted accounts to phish employees. It outlines real-world incidents, explains how permissive federation and external chat settings widen the attack surface, and emphasizes that identity systems are the ultimate target. The article recommends tighter configuration, identity-centric controls, monitoring, and updated user training.
read more →

WhatsApp disrupts alleged NSO spear‑phishing attacks

🔒 WhatsApp says it detected and disrupted spear‑phishing campaigns it attributes to the NSO Group after investigating user reports of social‑engineering attacks. Meta reports the phishing lures redirected targets to external websites and that test accounts and groups linked to the activity were removed. The company provided three domains as indicators of compromise and urged users to update apps and enable protections such as Advanced Protection on Android and Lockdown Mode on iOS.
read more →

Threat actors exploit AI branding in social engineering

🛡️ Microsoft Threat Intelligence describes campaigns that impersonate popular AI platforms such as ChatGPT, Copilot, and Claude to lure victims via phishing, malvertising, and SEO abuse. These operations use trusted branding, redirect chains, and urgency-driven messaging to steal credentials, commit fraud, or deliver malware. The blog emphasizes abuse of brand names rather than service compromise and recommends leveraging AI-powered security for detection and response.
read more →