Microsoft 365 users targeted by new phishing threat that bypasses MFA
Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in Ap...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
367 articles found
Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in Ap...
The U.S.
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity.
A recent phishing campaign dubbed “Operation Dragon Whistle” highlights an evolving trend in cyberattacks: threat actors abusing legitimate developer tools a...
Hackers are increasingly adopting stealthy delivery techniques, and a newly uncovered spear-phishing campaign shows how nested macOS-like folder structures c...
Modern crypto drainers don't hack wallets. They trick users into approving malicious transactions.
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S.
A growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering,...
Bitdefender Mobile Security for iOS is a security and privacy application for iPhone and iPad that helps protect against phishing attempts, online scams, uns...
Disclosure: This article was provided by ANY.RUN.
A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat p...
Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fa...
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 org...
A large-scale international cybercrime operation led by INTERPOL has resulted in 201 arrests and the takedown of 53 malicious servers linked to phishing, mal...
Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at leas...
A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Tex...
More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa. [.
Operation Ramz, the first of its kind in the region, targeted phishing services, malware, and scams over a four-month period, identifying 382 suspects and ne...
Operation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams. The post Interpol leads cybercrime crackdown across 13 c...
The Tycoon2FA phishing kit has adapted to leverage OAuth 2.0 device authorization grant flows, enabling it to compromise Microsoft 365 accounts.