Top 10 Best Multi-Factor Authentication (MFA) Providers in 2026
In the digital realm of 2026, the traditional password stands as a flimsy barrier against an onslaught of sophisticated cyber threats. From phishing campaign...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1566 — Phishing (Initial Access)
Clear filter133 articles found
Financial cyberthreats in 2025 and the outlook for 2026
In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC mal...
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware
Hackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocke...
How phishing changed in 2025 and what to expect in 2026 and beyond
Phishing evolves into AI-driven, multi-channel scams abusing trusted platforms.
AI-enabled device code phishing campaign exploits OAuth flow for account takeover
A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code A...
Threat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing Campaigns
Threat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi‑stage phishing campaign that b...
How Mimecast brings enterprise-grade email protection to API deployment
In this Help Net Security video, Andrew Williams, Senior Product Manager at Mimecast, walks through the company’s API-based email security protection for Mic...
Upswell of device code phishing intrusions reported
BleepingComputer reports that device code phishing intrusions have increased by 37.5 times so far this year.
Phishing LNK files and GitHub C2 power new DPRK cyber attacks
DPRK-linked hackers use GitHub C2s, starting attacks via phishing LNK files that drop a PDF and PowerShell script in South Korea. North Korea-linked threat a...
Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins
New Phishing scam uses fake missile alerts and the ongoing conflict involving Iran to target users with QR codes and fake government emails to steal Microsof...
Inside an AI‑enabled device code phishing campaign
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond tradi...
Scammers use fake traffic violation texts with QR codes for phishing
This latest scam is a variation of previous toll and parking ticket scams, but instead of links, it features an image of a fake court notice with an embedded...
5 email threats to watch as identity and AI attacks evolve
Attacks on email that exploit OAuth consent, lateral phishing, and AI payroll fraud top the list.
How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonl...
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S.
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year.
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal ta...
Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA
The campaign leverages a newly-discovered phishing kit called VENOM.
Trusted Platforms Exploited to Steal Philippine Banking Credentials
Hackers are increasingly exploiting trusted online platforms to launch sophisticated phishing campaigns targeting bank users in the Philippines. Despite ongo...
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom