Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms
Written by: Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, Tyler McLellan Introduction From January through May 2026, Mandiant identified a financiall...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1566 — Phishing (Initial Access)
Clear filter198 articles found
The Good, the Bad and the Ugly in Cybersecurity – Week 23
US Treasury sanctions Iran's largest crypto exchange, PRC-linked TA4922 expands phishing to Europe and Africa, attackers exploit Palo Alto VPN bypass.
New malspam campaign uses Google DoubleClick to deliver DesckVB RAT
The campaign begins with a phishing email containing an HTML attachment.
Cybercriminals Are Targeting the FIFA World Cup 2026
FortiGuard Labs research shows how cybercriminals are exploiting the demand for the FIFA World Cup 2026 through phishing, fake tickets, malware, impersonatio...
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K.
Chinese Cybercrime Group in Spotlight for Record Campaign Pace
Relying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities. The post Chinese Cybercrime Grou...
Phishing Attacks Pivot to Infostealer Malware Over Fake Login Pages
Cybercriminal tactics are evolving as phishing campaigns increasingly shift away from fake login pages toward infostealer malware designed to quietly harvest...
Kali365 PhaaS Expands to Okta, MAX Messenger Attacks
The Kali365 phishing-as-a-service (PhaaS) platform has significantly expanded its operational scope, moving beyond Microsoft 365 token theft to target Okta s...
Payouts King Ransomware Bypasses EDR via Obfuscation and Direct Syscalls
Payouts King ransomware has emerged as a notable post-BlackBasta threat, leveraging advanced obfuscation and direct system calls to evade endpoint detection ...
Fake Chrome Web Store Copyright Alerts Used to Steal Google Logins
Hackers are actively targeting Chrome extension developers with a sophisticated phishing campaign that impersonates official Chrome Web Store copyright enfor...
Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site script...
Error 524 Decoy Campaign Uses Brand Impersonation to Phish Mobile Users
A large-scale smishing and phishing campaign argeting mobile users worldwide by impersonating more than 260 brands across 72 countries, leveraging a sophisti...
A small Slovenian team handles 6,000 cyber incidents a year
Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen a...
SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT
The campaign commences with a spear-phishing email containing a ZIP archive with a malicious LNK file written in Pashto, designed to exploit the familiarity ...
Microsoft Entra pushes passkeys, tightens identity security
Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organization...
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan'...
New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)
For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG ("Scalable Vector Graphic") is a web-friendly vector file format u...
Hackers Use Spearphishing to Deploy AZUREVEIL Adaptix C2 Agent
Hackers are actively deploying a sophisticated malware framework dubbed AZUREVEIL, an Adaptix-based command-and-control (C2) agent, through a targeted spearp...
Meta’s AI Bot Misused by Hackers to Take Over Instagram Accounts
Attackers have exploited a critical vulnerability in Meta’s AI-powered Instagram support chatbot to hijack user accounts without needing passwords, phishing,...
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the...