Tag

Phishing

All articles tagged with #phishing

ConsentFix: Fast Token Theft Targets Microsoft 365 Sign-Ins
technology8 days ago

ConsentFix: Fast Token Theft Targets Microsoft 365 Sign-Ins

A new attack variant called ConsentFix hijacks Microsoft 365 OAuth sign‑in flows by tricking users into dragging a localhost callback link, stealing OAuth tokens and granting attackers ongoing access to email and other services without passwords or MFA. Attackers use trusted phishing lures, map targets via LinkedIn, and publicly share the blueprint, lowering the bar for criminals. Defenses require more than awareness—look for abnormal PowerShell activity, unusual logins, and strengthen endpoint/identity monitoring to detect session/token theft before damage occurs.

Kali365 Phishing Kit Bypasses MFA to Target Microsoft 365 Accounts
technology13 days ago

Kali365 Phishing Kit Bypasses MFA to Target Microsoft 365 Accounts

The FBI warns of Kali365, a phishing-as-a-service kit that bypasses multi-factor authentication by tricking victims into approving a device-code sign-in, enabling attackers to harvest OAuth tokens and access Outlook, Teams, and OneDrive; security guidance includes never entering unsolicited device codes, navigating directly to Microsoft rather than using links, monitoring sign-ins and devices, revoking suspicious sessions, keeping MFA enabled, and reporting incidents.

Phishing, romance scams and AI-made investment traps: how to spot and stop them
finance19 days ago

Phishing, romance scams and AI-made investment traps: how to spot and stop them

UK Finance reports a record 4 million fraud cases last year, and the article outlines three common scams: phishing attempts that steal bank details via text messages and delivery links; romance scams where fraudsters pose as potential partners to extract money; and AI-assisted investment scams that use generated images or voice to push bogus opportunities. Protect yourself by typing URLs manually, never tapping unknown links or sharing One-Time Passcodes, performing reverse-image searches on dating profiles, and verifying investments through FCA’s official tools and resources like Take Five to Stop Fraud.

Phony AAA Email Scam Tricks Drivers With Bogus Federal Rule
cybersecurity19 days ago

Phony AAA Email Scam Tricks Drivers With Bogus Federal Rule

A fake AAA-themed email warnings about a supposed July 1, 2026 federal rule requiring an emergency-tool in every passenger vehicle is used to push readers to a suspicious link. AAA confirms they did not send the message. The piece outlines red flags—suspicious sender address, lack of proper branding, risky shared links, urgent language, and dubious legal references—and offers tips to verify with official sites and avoid clicking dangerous links.

Texas license vendor breach exposes data of over 3 million customers
technology21 days ago

Texas license vendor breach exposes data of over 3 million customers

A Texas Parks and Wildlife Department data breach via its license system vendor exposed personal data for 3,087,721 hunting and fishing license customers. Although Social Security numbers, dates of birth, and financial info were not affected, threat actors may have accessed driver’s license details, passport numbers, email addresses, phone numbers, and residential addresses, creating phishing and social-engineering risks. The TPWD is updating safeguards with the vendor and offering one year of free credit monitoring; affected individuals should monitor credit reports, consider freezes or fraud alerts, and stay vigilant for scams. There is no evidence that minors were targeted.

Chrome 0-Day in the Wild Dominates a Week of Exploits, Phishing, and Malware
cybersecurity26 days ago

Chrome 0-Day in the Wild Dominates a Week of Exploits, Phishing, and Malware

Chrome’s active exploitation of CVE-2026-11645 headlines a week of widespread security news, from UniFi OS flaws and an Oracle PeopleSoft compromise to a large Arch Linux AUR package taint, npm/PyPI malware campaigns, and phishing kits. The roundup also covers the Outsider phishing-as-a-service takedown, VPN/auth-bypass flaws, cloud-logging abuse, and ransomware campaigns (Gentlemen, Akira), illustrating attackers’ reliance on old code, weak defaults, and misconfigurations. Patch quickly, watch for unusual login activity, and strengthen defense-in-depth.

AI-powered phishing empire Outsider Enterprise dismantled in multi-agency takedown
technology27 days ago

AI-powered phishing empire Outsider Enterprise dismantled in multi-agency takedown

The FBI, with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese AI‑powered phishing‑as‑a‑service that operated thousands of fake sites and over a million fraudulent URLs to steal credit card data and passwords via AI‑assisted SMS campaigns impersonating trusted brands. Authorities seized admin servers, a Shopify storefront, a Telegram bot, and about $100,000 in USDT, while thousands of domains were redirected to an FBI splash page. Google reports 2.5 million SMS messages sent in two weeks, hundreds of thousands of victims affected, and roughly 3.8 million credit card records stolen, contributing to about $1.9 billion in losses. Google filed a civil suit and urged anti‑scam legislation (Stop SCAMS Act); Android defenses block more than 10 billion malicious messages monthly.

GTA 6 Pre-Order Buzz Triggers Malware Warnings
technology1 month ago

GTA 6 Pre-Order Buzz Triggers Malware Warnings

GTA 6’s release hype has outpaced official pre-orders, leading to a wave of scams that promise free codes, beta keys, or exclusive trailers and deliver malware via fake installers and phishing sites. NordVPN Threat Intelligence found clone sites and trojan Android adware targeting fans, emphasizing that only official channels should be trusted for GTA 6 information and access.

FBI Warns Kali365 PhaaS Bypasses MFA on Microsoft 365
cybersecurity1 month ago

FBI Warns Kali365 PhaaS Bypasses MFA on Microsoft 365

The FBI issued a PSA about Kali365, a phishing‑as‑a‑service that exploits Microsoft’s OAuth device-code flow to hijack Entra and Microsoft 365 accounts, stealing session tokens and bypassing MFA. Kali365, distributed via Telegram, provides AI‑generated phishing lures, automated campaigns, and real‑time dashboards, with two attack modes: device‑code phishing and a Cookie Link adversary‑in‑the‑middle. Arctic Wolf observed global campaigns targeting Microsoft 365 environments, including creating malicious inbox rules and registering new devices. The FBI urges blocking device‑code authentication with Conditional Access, auditing usage, reporting incidents to IC3, and preserving phishing emails and suspicious activity. Device-code phishing has surged in 2026, with other PhaaS tools like EvilTokens and Tycoon2FA using similar methods.

Kash Patel’s Based Apparel Site Used as Mac Malware Lure with Fake Cloudflare Page
technology1 month ago

Kash Patel’s Based Apparel Site Used as Mac Malware Lure with Fake Cloudflare Page

Security researchers flag BasedApparel.com, Kash Patel’s apparel site, for hosting a ClickFix-style scam that shows a fake Cloudflare warning on macOS and instructs users to copy-paste a Terminal command. The copied text decodes to a hidden shell script that downloads malware capable of stealing browser credentials and crypto-wallet data, exfiltrating it to a hacker-controlled domain. The attack highlights how compromised legitimate sites can deliver infostealers via scareware, and Apple has added protections in macOS 26.4 against pasted Terminal commands; Based Apparel did not comment.

Stolen iPhones, Bigger Heists: The Underground Unlocking and Phishing Trade
technology1 month ago

Stolen iPhones, Bigger Heists: The Underground Unlocking and Phishing Trade

Researchers from Infoblox traced a thriving underground market that sells iPhone unlocking tools and phishing kits on Telegram and other services, linking dozens of groups to more than 10,000 phishing domains; unlocked stolen devices can fetch hundreds to thousands of dollars, incentivizing a supply chain that can let criminals access bank and crypto accounts via social engineering—even as Apple hardens Find My and other protections.

Mass phishing campaign exploits enterprise lures to steal credentials from 35k users across 26 countries
technology2 months ago

Mass phishing campaign exploits enterprise lures to steal credentials from 35k users across 26 countries

Microsoft disclosed a large-scale credential-stealing phishing campaign that targeted more than 35,000 users across 26 countries (92% in the U.S.), with victims in healthcare, financial services, and other sectors. Attackers used polished, enterprise-style emails about code-of-conduct reviews, sent via legitimate email services, and embedded PDFs that led to an AiTM (adversary-in-the-middle) phishing flow to harvest Microsoft credentials and tokens and bypass MFA. Victims encounter CAPTCHA checks and multiple intermediate pages before a final sign-in page, with the destination differing by device. The report also highlights rising QR-code phishing, ongoing BEC activity, and Tycoon 2FA PhaaS infrastructure shifting hosting to evade defenses, alongside two notable Q1 campaigns and a broader surge in phishing threats (about 8.3 billion from Jan–Mar 2026).

ConsentFix v3 automates OAuth abuse to hijack Azure accounts
technology2 months ago

ConsentFix v3 automates OAuth abuse to hijack Azure accounts

Security researchers describe ConsentFix v3, an automated phishing workflow that exploits the OAuth2 authorization code flow to steal tokens and hijack Microsoft/Azure accounts. The campaign uses Pipedream as the automation engine, hosts a spoofed Microsoft login on Cloudflare Pages, and exfiltrates the OAuth code to immediately exchange it for tokens, enabling access to emails and files even with MFA. Mitigations include token binding, behavioral detection rules, and app authentication restrictions; it remains unclear how widely this variant is being adopted.

AppSheet-Driven Phishing Campaign Exposes 30,000 Facebook Accounts
technology2 months ago

AppSheet-Driven Phishing Campaign Exposes 30,000 Facebook Accounts

A Vietnamese-linked operation hijacks Facebook accounts by using Google AppSheet as a phishing relay, targeting Business account owners to capture credentials and 2FA data, with roughly 30,000 victim records spread across several clusters (Netlify, CAPTCHA-gated pages, and Canva-generated PDFs) that feed the stolen data to Telegram channels and facilitate resale on underground markets; the campaign illustrates evolving tactics and the repurposing of trusted platforms in a dark, criminal economy.