ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
ConsentFix debrief: Insights from the new OAuth phishing attack
ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techn
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWa
FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing
The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the co
Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally
Phishing actors exploit complex routing and misconfigurations to spoof domains
Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages. The post Phishing actors exploit complex routing
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins
Another well-crafted phishing campaign uses Google Cloud Integration Application infrastructure to bypass email filters.
APT36 Malware Campaign Targeting Windows LNK Files to Attack Indian Government Entities
APT36, also known as Transparent Tribe, has launched a new malware campaign that targets Indian government and strategic entities by abusing Windows LNK shortcut files. The attack starts with spear‑phishing emails that c
New Spear-Phishing Attack Targeting Security Individuals in Israel Region
Israel’s National Cyber Directorate recently issued an urgent alert about a targeted spear-phishing attack aimed at people working in security and defense-related areas. The campaign uses WhatsApp messages that pretend t
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). "This sophisticated a
Silver Fox Hackers Attacking Indian Entities with Income Tax Phishing Lures
Chinese threat actors operating under the name Silver Fox are targeting Indian organizations through sophisticated phishing campaigns that impersonate legitimate income tax documents. The attack campaign uses authentic-l
New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins
A Spanish-speaking phishing operation targeting Microsoft Outlook users has been active since March 2025, using a sophisticated kit that shows clear indicators of AI-assisted development. The campaign, tracked through a
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential th
Indian Income Tax-Themed Attacking Businesses with a Multi-Stage Infection Chain
Cybercriminals have increasingly weaponized the Income Tax Return (ITR) filing season to orchestrate sophisticated phishing campaigns targeting Indian businesses. By exploiting public anxiety surrounding tax compliance a
Feds Seize Password Database Used in Massive Bank Account Takeover Scheme
The cybercriminals attempted to steal $28 million from compromised bank accounts through phishing. The post Feds Seize Password Database Used in Massive Bank Account Takeover Scheme appeared first on SecurityWeek.
Hackers Using Phishing Tools to Access M365 Accounts via OAuth Device Code
Threat actors are now targeting Microsoft 365 accounts using a growing attack method known as OAuth device code phishing. This technique takes advantage of the OAuth 2.0 device authorization flow, a legitimate Microsoft
Phishing-Trends 2026: Unternehmen müssen sich wappnen
Welche neuen Phishing-Techniken 2026 auf Unternehmen zukommen und worauf sie sich vorbereiten sollten, erläutern die Threat-Analysten von Barracuda.
Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform
The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. [...]
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover attacks. The activity
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. [...]
Hackers Targeting HubSpot Users in Targeted Phishing Attack
An active phishing campaign is currently targeting HubSpot users through a sophisticated combination of social engineering and infrastructure compromise. The attack leverages business email compromise tactics, paired wit