North Korea Uses GitHub as C2 in New LNK Phishing Campaign
A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) inf...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1566 — Phishing (Initial Access)
Clear filter133 articles found
Global Microsoft device code phishing facilitated by novel EvilTokens kit
BleepingComputer reports that organizations around the world, particularly in the U.S.
Phishing campaign delivers Casbaneiro and Horabot banking trojans
The threat actor, identified as Brazilian cybercrime group Augmented Marauder and Water Saci, employs a unique delivery mechanism involving WhatsApp, ClickFi...
Threat actor abuse of AI accelerates from tool to cyberattack surface
Generative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass. The post Threat actor abuse of AI accele...
Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing
Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, t...
EvilTokens abuses Microsoft device code flow for account takeovers
A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia rese...
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign
Hackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security ...
RFQ Malware Campaign Uses DOCX, RTF, JS, and Python
Hackers are abusing DOCX, RTF, JavaScript, PowerShell, and Python to deliver an in‑memory Cobalt Strike beacon in a stealthy spear‑phishing campaign that imp...
Remcos RAT Attack Uses Obfuscated Scripts, Trusted Windows Tools
Remcos RAT operators are abusing obfuscated scripts and trusted Windows binaries to deliver a stealthy, largely fileless infection chain that runs almost ent...
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced feat...
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was imper...
Bogus LinkedIn message alerts enable credential siphoning
Malicious actors have been distributing fraudulent LinkedIn alert messages for potential job opportunities to facilitate credential exfiltration in a new phi...
Report sheds more light on Phantom Stealer
Attacks involving the .NET-based Phantom Stealer, which has been bundled with a crypter and a remote access tool under the Phantom Project cybercrime kit, ha...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans lik...
Security awareness is not a control: Rethinking human risk in enterprise security
Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essen...
New Ukrainian CERT-spoofing phishing campaign delivers RAT
Ukrainian government entities, healthcare providers, financial providers, security firms, educational institutions, and software development companies have b...
Illicit LNK files deploy Russian CTRL toolkit
Illicit LNK files deploy Russian CTRL toolkit The Hacker News reports that malicious Windows LNK files masquerading as private key folders have been tapped t...
EvilTokens ramps up device code phishing targeting Microsoft 365 users
Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availabili...