ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint
Microsoft warns of a multi-stage phishing and BEC campaign hitting energy firms, abusing SharePoint links and inbox rules to steal credentials. Microsoft reports an active multi-stage phishing campaign targeting energy s
‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing
Priced $2,000 - $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store. The post ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek.
North Korea–linked KONNI uses AI to build stealthy malware tooling
Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Research uncovered an active phi
‘SyncFuture’ Campaign Weaponizing Legitimate Enterprise Security Software to Deploy Malware
In December 2025, threat researchers uncovered an alarming espionage operation targeting residents of India through sophisticated phishing campaigns. The attack, dubbed SyncFuture, demonstrates how cybercriminals can abu
New Phishing Attack Leverages Vercel Hosting Platform to Deliver a Remote Access Tool
A sophisticated phishing campaign active between November 2025 and January 2026 has been exploiting Vercel’s legitimate hosting platform to distribute remote access tools to unsuspecting victims. The attack chain combine
1Password adds pop-up warnings for suspected phishing sites
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. [...]
1Password adds pop-pup warnings for suspected phishing sites
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. [...]
Hackers Use ‘rn’ Typo Trick to Impersonate Marriott in New Phishing Attack
A sophisticated “homoglyph” phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter “m” with the combination “rn” (r + n), creating fake we
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures delivered via business-theme
Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign
Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised
ShinyHunters claim to be behind SSO-account data theft attacks
The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platfor
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compro
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms
Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑shari
Hackers Can Use GenAI to Change Loaded Clean Page Into Malicious within Seconds
A new and alarming threat has emerged in the cybersecurity landscape where attackers combine artificial intelligence with web-based attacks to transform innocent-looking webpages into dangerous phishing tools in real tim
Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks. The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek.
New Phishing Kit As-a-service Attacking Google, Microsoft, and Okta Users
A dangerous new generation of phishing kits designed specifically for voice-based attacks has emerged as a growing threat to enterprise users across major technology platforms. Okta Threat Intelligence discovered multipl
Beware of PNB MetLife Payment Gateway that Steals Your Details and Direct to UPI Payments
A sophisticated phishing campaign targeting PNB MetLife insurance customers has surfaced, deceiving victims through fake payment gateway pages that steal personal information and redirect them to fraudulent UPI transacti
Okta SSO accounts targeted in vishing-based data theft attacks
Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credenti
Fake LastPass maintenance emails target users
LastPass is warning users about phishing emails that pressure users to back up their vaults within 24 hours.
LastPass warnt vor Phishing-Kampagne
LastPass warnt eindringlich vor einer derzeit laufenden Phishing-Welle. Die Drahtzieher wollen Zugriff auf die Passwort-Vaults.