phishing

  • Blog

    Facebook rolls out passkey support to fight phishing attacks

    Passkeys can replace traditional passwords with your device’s own authentication methods. That way, you can sign in to Gmail, PayPal, or iCloud just by activating Face ID on your iPhone, your Android phone’s fingerprint sensor, or with Windows Hello on a PC. Built on WebAuthn (or Web Authentication) tech, two different keys are generated when you create a passkey: one…

    Read More »
  • Blog

    Threat actors abuse Google Apps Script in evasive phishing attacks

    Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials. This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is “carefully designed to look like a legitimate login screen.” “The attack uses an email masquerading as an invoice, containing a link…

    Read More »
  • Blog

    Employee phishing training is working – but don’t get complacent

    Increased phishing training is paying dividends for enterprises, according to new research, particularly in larger enterprises. Analysis from KnowBe4 shows awareness and resilience are improving based on what it describes as ‘Phish-prone Percentage’ (PPP) metrics. This tracks the percentage of employees likely to fall for social engineering or phishing attacks, the company said. According to the firm’s 2025 Phishing by…

    Read More »
  • Blog

    CoGUI phishing platform sent 580 million emails to steal credentials

    A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. The messages impersonate major brands like Amazon, Rakuten, PayPal, Apple, tax agencies, and banks. The activity culminated in January 2025, where 170 campaigns sent 172,000,000 phishing messages to targets, but the following months maintained…

    Read More »
  • Blog

    Healthcare organizations are turning a blind eye to phishing attacks

    The vast majority of phishing attacks against the healthcare sector go unreported to security teams, leaving organizations unable to fully learn from their mistakes. In a survey of 150 US-based healthcare IT leaders for secure email firm Paubox, six-in-ten said they had experienced at least one email security breach last year, and three-quarters that they expected even more security challenges…

    Read More »
  • Blog

    Windows NTLM hash leak flaw exploited in phishing attacks on governments

    A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. The flaw tracked as CVE-2025-24054 was fixed in Microsoft’s March 2025 Patch Tuesday. Initially, it was not marked as actively exploited and was assessed as ‘less likely’ to be. However, Check Point researchers report having…

    Read More »
  • Blog

    Don’t Fall for This New Gmail Phishing Scheme

    If you receive an email from Google that appears to be a legitimate security alert, do not proceed. Scammers are taking advantage of vulnerabilities in Google’s authentication protocols to send phishing messages that appear convincing enough to steal unsuspecting users’ account credentials. Here’s how to protect yourself. How this new Google phishing scam works As Android Authority reports, a developer…

    Read More »
  • Blog

    Midnight Blizzard deploys new GrapeLoader malware in embassy phishing

    Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. Midnight Blizzard, aka ‘Cozy Bear’ or ‘APT29,’ is a state-sponsored cyberespionage group linked to Russia’s Foreign Intelligence Service (SVR). According to Check Point Research, the new campaign introduces a previously unseen malware loader called ‘GrapeLoader,’ and a new variant of the ‘WineLoader’…

    Read More »
  • Blog

    Tycoon2FA phishing kit targets Microsoft 365 with new tricks

    Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. Tycoon2FA was discovered in October 2023 by Sekoia researchers, who later reported significant updates on the phishing kit that increased its sophistication and effectiveness. Trustwave now reports that the Tycoon 2FA threat actors have added several…

    Read More »
  • Blog

    ‘Phishing kits are a force multiplier’: Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackers

    While inflation is rising around the world, some things are getting cheaper – and one is the cost of launching a phishing attack. Phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25. This means that even criminals with minimal tech skills can easily steal personal…

    Read More »
Back to top button
close