Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hostin...
20 articles
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hostin...
An emergent supply-chain attack vector they term “phantom squatting,” in which large language models (LLMs) routinely hallucinate plausible but nonexistent d...
EvilTokens phishing hides takeover clues until browser execution leaving SOC teams needing deeper visibility to validate threats faster and reduce account risk.
A wave of phishing emails sent to Booking.
AVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vaul...
ESET reported that Gamaredon conducted 35 distinct spear-phishing campaigns targeting Ukrainian governmental and military institutions in 2025, primarily in ...
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cro...
A new phishing-as-a-service (PHaaS) platform called Bluekit is letting cybercriminals steal user accounts using a tricky method.
U.S.
The FBI claims Russian spies are targeting Signal backup keys
DCloud Uni-App has become a mass-production layer for fraud, with more than 236,000 distinct scam domains tied to a sprawling ecosystem of fake exchanges, wa...
Rokarolla, a sophisticated Android banking trojan distributed via malicious websites that masquerade as trusted applications such as TikTok, Google Chrome an...
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax tar...
Scammers are increasingly exploiting Shopify’s ecosystem and its Shop order-tracking app to deliver fraudulent invoices directly into users’ purchase histori...
The kit includes Cloaked.gg, which displays benign sites to detected scanners and sandboxes.
Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' order histories to trick them in...
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle...
It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, truste...
Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark...