Phishing Attack

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have uncovered a sustained and carefully targeted spear‑phishing operation that abused the npm package ecosystem as a delivery platform for credential theft. According to findings published by Socket, the campaign involved the upload of 27 malicious npm packages using six different publisher aliases. Rather than infecting systems directly, the attackers repurposed npm package hosting and content […]

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials Read More »

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme

The U.S. Department of Justice (DoJ) has announced the seizure of a fraudulent web domain and its associated database that were used to support a large scale bank account takeover operation targeting American victims. According to officials, the seized domain web3adspanels[.]org functioned as a backend control panel where cybercriminals stored and managed stolen online banking credentials. Visitors

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme Read More »

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned threat group has been identified for a phishing campaign targeting Microsoft 365 users by exploiting device code authentication flows to steal credentials and conduct account takeovers. The campaign, active since September 2025, is tracked by Proofpoint under the designation UNK_AcademicFlare. Attackers have primarily targeted email accounts associated with government and military organizations,

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers Read More »

Nigeria Arrests RaccoonO365 Phishing Developer Tied to Microsoft 365 Attacks

Authorities in Nigeria have confirmed the arrest of three high profile internet fraud suspects connected to large scale phishing operations, including the primary developer behind the RaccoonO365 phishing as a service platform. The arrests were announced by the Nigeria Police Force National Cybercrime Centre following a joint investigation with Microsoft and the Federal Bureau of

Nigeria Arrests RaccoonO365 Phishing Developer Tied to Microsoft 365 Attacks Read More »

Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App

A new Android malware campaign linked to the North Korean threat actor Kimsuky has been uncovered, using QR code based phishing techniques to distribute an updated variant of malware known as DocSwap. The activity was analyzed by South Korean cybersecurity firm ENKI, which reported that the attackers are impersonating a major logistics provider in South

Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App Read More »

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign

The Russian state sponsored cyber threat actor widely known as APT28 has been linked to a long running credential harvesting campaign aimed at users of UKR[.]net, a popular Ukrainian webmail and news service. The activity was uncovered by the Insikt Group, the threat intelligence division of Recorded Future, and was observed between June 2024 and

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign Read More »

New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails

A new wave of phishing attacks linked to Operation ForumTroll has been observed targeting academic professionals in Russia, according to cybersecurity researchers at Kaspersky. The activity was detected in October 2025, marking a shift in the threat actor’s focus from organizations to individual scholars. Security analysts noted that the campaign primarily targets experts in political

New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails Read More »

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector

Cybersecurity researchers have revealed an active phishing operation targeting multiple sectors across Russia, with a strong focus on finance and accounting organizations. The campaign distributes Phantom Stealer through malicious ISO optical disc images attached to phishing emails. The activity, tracked as Operation MoneyMount ISO, was uncovered by analysts at Seqrite Labs. While finance and accounting

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector Read More »

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale

Cybersecurity researchers are warning about a new wave of highly advanced phishing kits that are enabling large scale credential theft by combining automation, artificial intelligence, and multi factor authentication bypass techniques. The newly observed toolkits, known as BlackForce, GhostFrame, InboxPrime AI, and Spiderman, represent a growing shift toward industrialized phishing operations. BlackForce Targets MFA Using

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale Read More »

Matrix Push C2 Uses Browser Notifications for Fileless and Cross Platform Phishing Attacks

Cybersecurity analysts have identified a new trend in phishing operations, where browser notifications are being misused to push malicious links through a command and control platform known as Matrix Push C2. According to a recent report from BlackFog researcher Brenda Robb, the framework operates entirely within the browser environment, using push alerts, fake system style

Matrix Push C2 Uses Browser Notifications for Fileless and Cross Platform Phishing Attacks Read More »