< ciso
brief />
Tag Banner

All news with #phishing tag

695 articles · page 7 of 35

Teen Allegedly Linked to Scattered Spider Faces Extradition

🔒 A 19-year-old allegedly tied to Scattered Spider was arrested in Helsinki and is facing U.S. extradition on counts including wire fraud, conspiracy, and computer intrusion. Prosecutors say he participated in multiple social-engineering intrusions from March 2023 through 2025 that used help-desk impersonation to reset MFA and exfiltrate data. Court filings and social-media posts reportedly tied the suspect to luxurious spending and to taunting law enforcement, underscoring how poor operational security and public boasting can accelerate investigations. The case highlights the ongoing threat of phone-based account takeover and the need for stronger, phishing-resistant controls.
read more →

Global Crackdown: 276 Arrested, $701M Seized, 9 Centers

🔒 A coordinated international operation led by Dubai Police alongside the FBI and China's Ministry of Public Security arrested 276 suspects, shut nine crypto scam centers, and restrained more than $701 million in cryptocurrency tied to investment fraud. The schemes employed pig butchering and romance-baiting lures and relied on trafficked workers forced to run scam compounds. Authorities seized hundreds of fraudulent domains and a Telegram recruitment channel, sanctioned Cambodian actors, flagged an Android Malware-as-a-Service, and credited Operation Level Up with notifying nearly 9,000 victims and saving about $562 million.
read more →

Telegram Mini Apps Abused for Crypto Scams, Malware

⚠️ Researchers uncovered a large-scale fraud operation leveraging Telegram Mini Apps to run crypto scams and distribute Android malware. The infrastructure, identified by the FEMITBOT API string, uses Telegram bots to launch embedded Mini Apps that present phishing pages inside the app's WebView and impersonate well-known brands. Campaigns display fake dashboards, countdowns, and withdrawal prompts that demand deposits or referrals, and some prompt users to download APKs hosted on the same domains to avoid mixed-content warnings; Android users should not sideload APKs and should be cautious with bots asking for funds or app installs.
read more →

ConsentFix v3 Automates OAuth Abuse Targeting Azure

🔐 ConsentFix v3 is an automated evolution of prior OAuth consent phishing techniques that targets Microsoft Azure environments by abusing pre-trusted first-party apps and the OAuth2 authorization code flow. Attackers conduct reconnaissance to harvest employee names, roles, and emails, host convincing phishing pages on Cloudflare Pages and DocSend, and use Pipedream webhooks to collect and immediately exchange authorization codes for refresh tokens. Phishing is often highly personalized and delivered via PDFs to evade filters. Captured tokens are imported into post-exploitation tools to access mail, files, and other resources permitted by the token.
read more →

30,000 Facebook Accounts Hacked via AppSheet Phishing Relay

🔐 A Vietnamese-linked operation used a Google AppSheet address as a phishing relay to distribute credential-harvesting pages and compromise roughly 30,000 Facebook accounts. Guardio, calling the scheme AccountDumpling, says stolen accounts are resold via an illicit storefront after exfiltration to Telegram channels. Lures hosted on Netlify, Vercel and Google Drive, plus Canva-generated PDFs, were used to harvest passwords, 2FA codes, IDs and business data, leaving many victims locked out.
read more →

Bluekit phishing kit adds AI assistant and 40+ templates

🔵 Bluekit is a newly observed phishing kit that bundles more than 40 templates targeting services such as Outlook, Gmail, Yahoo, ProtonMail, iCloud, GitHub and Ledger. It includes an AI Assistant panel supporting models like Llama, GPT‑4.1, Claude, Gemini and DeepSeek to help draft campaign copy. Varonis found the assistant produces scaffold-like outputs that require cleanup. The platform centralizes domain purchase, phishing page setup, campaign management, granular anti-analysis controls and real-time victim session monitoring, with stolen data exfiltrated via Telegram.
read more →

FBI Links Cybercriminals to Sharp Rise in Cargo Thefts

🔒The FBI warned transportation and logistics firms of a marked increase in cyber-enabled cargo thefts, estimating losses in the U.S. and Canada could reach nearly $725 million in 2025. Criminals are using phishing, typosquatting domains, and account compromise to post fraudulent load listings and impersonate carriers, rerouting high-value shipments. The bureau urged multi-factor authentication, dual-channel verification of shipment requests, and reporting incidents to IC3 and local law enforcement.
read more →

Q1 2026 Email Threat Landscape: Phishing Trends and Defenses

🔐 Microsoft Threat Intelligence observed ~8.3 billion email-based phishing threats in Q1 2026, with volumes easing from about 2.9 billion in January to 2.6 billion in March. QR code phishing more than doubled and CAPTCHA-gated phishing surged, while link-based delivery rose to 78% and credential theft dominated payloads. Disruption of the Tycoon2FA PhaaS reduced activity but adversaries adapted; Microsoft Defender detections and mitigations are recommended.
read more →

ThreatsDay: SMS blaster busts and supply‑chain shocks

🔍 This ThreatsDay bulletin highlights a week of converging risks: Canadian authorities dismantled an SMS blaster operation that spoofed cellular towers, while a malicious npm brandsquat (published as tanstack) exfiltrated local .env files during install. Researchers also flagged networks of browser extensions legally selling browsing and viewing data, the first documented abuse of the Komari admin agent in intrusions, and mass exposure of RDP/VNC servers—underscoring the importance of basic hygiene, credential rotation, and coordinated defensive response.
read more →

Robinhood Onboarding Flaw Used to Send Phishing Emails

🔒 Threat actors abused a flaw in Robinhood's account creation flow to inject arbitrary HTML into account confirmation emails, producing convincing Unrecognized Device warnings that directed recipients to a phishing site. The messages originated from noreply@robinhood.com and passed SPF and DKIM checks, which made them appear legitimate. Robinhood confirmed there was no systems breach or impact to customer funds and removed the vulnerable Device: field to remediate the issue. Recipients are advised to delete the emails and verify any suspicious alerts through the official app or website.
read more →

Canada Arrests Three Over SMS Blaster Phishing Device

📱 Canadian police arrested three men for operating an SMS blaster in Toronto that impersonates cellular towers to push phishing texts to nearby phones. Investigators said Project Lighthouse began in November 2025; searches on March 31 in Markham and Hamilton recovered multiple devices. Authorities estimate about 13 million instances of network entrapment and warn SMS is insecure, advising users to avoid following text links and use encrypted channels for sensitive communications.
read more →

FTC: Americans Lost Over $2.1B to Social Media Scams in 2025

📢 The FTC reports Americans lost more than $2.1 billion to social media scams in 2025, an eightfold increase since 2020. Facebook accounted for the largest share of reported losses across most age groups, while WhatsApp and Instagram trailed. The agency warns scammers exploit hacked accounts, targeted posts, and paid ads to reach victims at scale. Meta removed millions of scam ads and accounts and rolled out new warnings and protections.
read more →

Phishing Crypto-Wallet Clones on iOS and macOS Platforms

🔒 Kaspersky researchers discovered a campaign that placed 26 fake crypto-wallet apps in the Chinese App Store, impersonating popular wallets and using benign features to pass review. The malicious apps direct users to phishing pages that prompt installation of a provisioning profile, enabling sideloaded, trojanized wallet builds that request seed phrases. On macOS, infostealers like MacSync use ClickFix lures and can patch legitimate wallet apps to display fake recovery dialogs. The report includes concrete mitigation steps to protect seed phrases and devices.
read more →

26 FakeWallet Apps on Apple App Store Target Seed Phrases

🔒Researchers uncovered 26 malicious iOS apps, dubbed FakeWallet, impersonating popular cryptocurrency wallets on the Apple App Store since at least fall 2025. The apps, available to users whose Apple accounts are set to China, redirect victims to trojanized wallet builds or phishing pages to capture recovery phrases and private keys. Kaspersky found the campaign uses typosquatting, library injection, OCR modules, and enterprise provisioning to install payloads. Apple removed many of the apps after disclosure.
read more →

Forever Student Mindset: AI, Phishing, and Q1 2026 Trends

🔍 Cisco Talos highlights Q1 2026 incident response trends, noting phishing has reclaimed the top initial access vector and adversaries are using AI platforms like Softr to rapidly create convincing credential-harvesting pages. Talos IR reported zero completed ransomware deployments this quarter due to swift mitigation, though pre-ransomware activity still accounted for 18% of engagements. The team warns attackers increasingly abuse legitimate developer tools and cloud APIs to quietly hunt exposed secrets, complicating detection. Organizations should enforce MFA with restricted self-enrollment, centralize logging in a SIEM, and prioritize patch management to preserve forensic evidence and reduce risk.
read more →

Tax Season Phishing Targets Individuals and Crypto Users

🛡️Scammers are creating convincing fake tax authority websites worldwide to harvest credentials, steal personal data, and distribute malware embedded in downloaded “documents.” These portals also run fraudulent paid services that collect taxpayer identifiers and financial details for later abuse. Cryptocurrency holders are specifically targeted with fake verification flows that request seed phrases or wallet connections, leading to immediate theft. Kaspersky cautions against using cloud-hosted AI for tax preparation and recommends sticking to verified official channels, encrypting sensitive files, and employing reputable security tools.
read more →

Silent Subject Phishing Targets VIPs and Evades Filters

📧 Cybersecurity firm Cyberproof has identified a surge of “silent subject” phishing attacks in Q1 2026 that deliberately omit email subjects to evade filters and trigger recipient curiosity. These campaigns target executives and high-value accounts, delivering links, QR codes and attachments that often redirect to spoofed sites or mobile interactions. Attackers rotate domains, use shortened URLs and deploy legitimate tools like Datto RMM to persist. Organizations are advised to enforce MFA, inspect full sender addresses and deploy advanced content-aware email defenses.
read more →

IR Trends Q1 2026: Phishing and public administration

🔒 Talos IR’s Q1 2026 analysis finds phishing reemerged as the top initial access vector, with public administration and health care tied as the most targeted sectors. Investigations documented abuse of AI-enabled services like Softr to build credential-harvesting pages and the first observed intrusion by Crimson Collective exploiting exposed developer secrets. Pre-ransomware activity rose but no encryptions occurred due to early mitigation. Talos emphasizes properly configured MFA, patching, and centralized logging.
read more →

French ANTS Confirms Data Breach; Hacker Claims Sale

🛡️ France's government agency ANTS confirmed a data breach after a threat actor claimed to have stolen citizen records in an intrusion last week. The agency says exposed fields may include login IDs, full names, email addresses, dates of birth, unique account identifiers and, for some individuals, postal addresses, places of birth and phone numbers. ANTS has notified CNIL, the Paris prosecutor and involved ANSSI, is informing affected users and warns the data could be used for phishing and social engineering.
read more →

Scattered Spider Member 'Tylerb' Pleads Guilty in US

🔒 Tyler Robert Buchanan, a 24-year-old British national and senior member of the cybercrime group Scattered Spider, has pleaded guilty to wire fraud conspiracy and aggravated identity theft for his role in 2022 SMS-phishing attacks. He admitted launching tens of thousands of phishing texts that enabled intrusions at companies including Twilio, LastPass, DoorDash and Mailchimp. Prosecutors say the campaign fueled SIM-swap thefts that siphoned at least $8 million in cryptocurrency from U.S. investors. Buchanan faces a statutory maximum of 22 years; sentencing is set for August 21, 2026.
read more →