Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S.
Phishing
20 articles
Russian Intelligence Services Target Commercial Messaging Application Accounts
CISA and the Federal Bureau of Investigation released a Public Service Announcement (PSA) warning about ongoing phishing campaigns by cyber actors associated...
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks a...
Tycoon2FA Phishing-as-a-Service Platform Persists Following Takedown
When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures
During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll forms, fi...
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once.
Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA ...
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distrib...
Help on the line: How a Microsoft Teams support call led to compromise
A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop th...
Researchers Warn of Global Surge in Fake Shipment Tracking Scams
Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform
Insights: Increased Risk of Wiper Attacks
We are observing an increase of wiper attacks by the Iran-linked Handala Hack group (aka Void Manticore) through phishing and misuse of Microsoft Intune. The...
Iran’s Cyber Playbook in the Escalating Regional Conflict
Following our recent published advisories, this publication is intended to outline a summary of the cyber activities associated with the tension. Based on th...
Global Takedown Neutralizes Tycoon2FA Phishing Service
Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran
Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations ...
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks Intensify
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse...
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn research...
Spam and phishing in 2025
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lu...
AI Drives Doubling of Phishing Attacks in a Year
Cofense claims AI is making phishing emails more personalized and sophisticated