FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 a...
Phishing
20 articles
Facebook scam targets users over 40 with fake Aldi meat box offers
Malwarebytes has identified a phishing scheme circulating on Facebook that preys on individuals aged 40 and above.
World Cup Phishing Surge: 203 Malicious IPs Detected
The scale of phishing activity targeting the 2026 FIFA World Cup has expanded dramatically, with new research revealing a far broader and more complex threat...
FBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal Logins
The U.S.
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
Modern crypto drainers don't hack wallets. They trick users into approving malicious transactions.
Indian Student Data Weaponized in Phishing and Financial Fraud Campaigns
A growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering,...
Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin
Bitdefender Mobile Security for iOS is a security and privacy application for iPhone and iPad that helps protect against phishing attempts, online scams, uns...
Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools
Disclosure: This article was provided by ANY.RUN.
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fa...
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 org...
Kimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense Officials
Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at leas...
Public Instagram posts provide raw material for AI phishing campaigns
A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Tex...
Tycoon2FA phishing kit evolves with device-code attacks on Microsoft 365
The Tycoon2FA phishing kit has adapted to leverage OAuth 2.0 device authorization grant flows, enabling it to compromise Microsoft 365 accounts.
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap ...
Product showcase: McAfee + ChatGPT integration turns doubt into a scam check
McAfee + ChatGPT integration brings real-time scam detection in conversations and gives users an easier way to verify suspicious content before clicking or r...
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. [.
Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases.
Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishin...
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber...
Signal enhances security with new features to combat phishing attacks
The messaging app is implementing several new features to protect users from scams, particularly those impersonating Signal Support.