ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Tycoon 2FA AiTM Kit Bypasses MFA on Entra ID and Google Workspace Accounts
A powerful phishing kit known as Tycoon 2FA has been making waves across the cybersecurity world since it first appeared in August 2023. The kit operates as a Phishing-as-a-Service (PhaaS) platform, meaning cybercriminal
How Top CISOs Increase Risk Visibility for Zero Critical Incidents
How many alerts in your SOC are truly business-critical, and how many only look urgent because the team lacks context? This is one of the hardest questions for CISOs today. Without clear visibility, teams can waste time
[Medium] CVE-2026-49059 – URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Fa...
Medium CVE-2026-49059 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0. CVSS: 4.
[Unknown] CVE-2026-48924 – Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect U...
Unknown CVE-2026-48924 Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks. CVSS: N/A · CWE: N/A View on NVD
Kali365 phishing kit bypasses MFA and steals Microsoft logins
The FBI has warned that attackers are using a new phishing kit to gain long-term access to Microsoft Outlook, Teams, and OneDrive accounts.
Hackers Abuse Trusted Google Domains to Hide Phishing Links From Email Gateways
Phishing attacks are nothing new, but attackers keep finding smarter ways to stay one step ahead of security tools. The latest campaign doing the rounds is a stark reminder that trust, especially the kind organizations p
The Credential Crisis: How Stolen Credentials Defeat Modern Security
As AI accelerates phishing, session hijacking, and credential abuse, security teams are racing to close the gap between attacker speed and defensive response. The post The Credential Crisis: How Stolen Credentials Defeat
CVE-2026-43935 - e107: Host Header Injection in e107 password reset enables phishing
CVE ID :CVE-2026-43935 Published : May 26, 2026, 4:16 p.m. | 50 minutes ago Description :e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page a
Phishing Services Use RCS and iMessage to Bypass Traditional SMS Security Filters
A new wave of phishing operations is quietly changing the way cybercriminals steal financial data from everyday people. Rather than relying on traditional SMS messages that carriers can easily flag and block, threat acto
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors
Iranian APT Uses SEO Poisoning to Deliver Fake SQL Developer Malware Installer
A well-known Iranian threat group has found a new way to push malware onto people’s machines. Instead of sending phishing emails, the group built a fake website that impersonated a real database software download page an
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authen
Microsoft Entra: Phishing-resistente Anmeldung per Passkey
<p>Microsoft erweitert die Authentifizierung in Microsoft Entra ID um eine zusätzliche Variante passwortloser Anmeldung auf Windows-Systemen. Die Funktion basiert auf FIDO2-Passkeys und integriert sich in den lokalen Con
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a
World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses
A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what security researchers originally thought. What began as a documented set of 79 fraudulent domains has ballooned into a network of
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, t
Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University
A newly uncovered cyber operation has raised concerns among security professionals after a coordinated wave of attacks targeted government institutions in Pakistan. The campaign, now tracked as Operation Dragon Whistle,
Dynamit-Phishing: Neue OAuth-Angriffe kapern Unternehmenszugänge in Sekunden
Mit der zunehmenden Verbreitung von Phishing-as-a-Service und zentralisierten Cloud-Identitäten dürfte die Bedrohung weiter wachsen.
FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA
The FBI has issued a new cybersecurity warning about a rapidly emerging phishing-as-a-service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users to steal access tokens and bypass multi-factor
One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domai