Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA ...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1566 — Phishing (Initial Access)
Clear filter133 articles found
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distrib...
Help on the line: How a Microsoft Teams support call led to compromise
A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop th...
Rapid7 Guidance on Observed Microsoft Teams Phishing Campaigns
The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Tea...
Researchers Warn of Global Surge in Fake Shipment Tracking Scams
Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform
Interpol's 'Operation Synergia III' Nets 94 Arrests in Major Cybercrime Sweep
A new law enforcement operation against phishing and ransomware operators led to the takedown of 45,000 malicious IP addresses
Insights: Increased Risk of Wiper Attacks
We are observing an increase of wiper attacks by the Iran-linked Handala Hack group (aka Void Manticore) through phishing and misuse of Microsoft Intune. The...
Iran’s Cyber Playbook in the Escalating Regional Conflict
Following our recent published advisories, this publication is intended to outline a summary of the cyber activities associated with the tension. Based on th...
How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down
In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA - one of the world's most prolifi...
Cisco Webex Services Cross-Site Scripting Vulnerability
A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed thi...
Global Takedown Neutralizes Tycoon2FA Phishing Service
Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran
Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations ...
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks Intensify
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse...
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn research...
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo
Spam and phishing in 2025
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lu...
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files
AI Drives Doubling of Phishing Attacks in a Year
Cofense claims AI is making phishing emails more personalized and sophisticated