Cybercrime
-
Mirage2FA phishing kit uses HTML smuggling to target Microsoft 365 users
Fortra identified Mirage2FA, a phishing kit that uses HTML smuggling and obfuscated JavaScript to mimic Microsoft 365 sign-in pages and steal credentials during MFA prompts in an email campaign tied to cheacker[.]store.
-
Microsoft flags photo ZIP phishing campaign targeting hotels in Europe and Asia
Microsoft said a phishing campaign has targeted hotels and other hospitality organizations in Europe and Asia since April 2026, using photo-themed ZIP files to install a Node.js implant and gain access to front-desk machines.
-
DraftKings hacker ‘Snoopy’ gets 18 months in prison
A Minnesota man known as Snoopy was sentenced to 18 months in prison for his role in a 2022 DraftKings account hacking scheme that prosecutors said compromised 60,000 accounts and stole $600,000.
-
Fake GTA 6 early access sites push crypto scam and malware, reports say
Fake websites are using interest in Grand Theft Auto VI to sell nonexistent early access for cryptocurrency, security researchers say. The scam can also install malware on PC and Android devices.
-
Malwarebytes warns of parcel mule job scams posing as remote work
Malwarebytes says scammers are using fake remote job offers, including “Parcel Expert” roles, to recruit parcel mules who receive and forward stolen goods from home. The company warns of fraud, identity theft and possible law enforcement contact.
-
Mistic backdoor tied to ransomware access broker in attacks on multiple sectors
A new backdoor called Mistic has been used since April in attacks on insurance, education, IT and professional services firms, with researchers linking it to a ransomware access broker that sells network access.
-
U.S. seizes cloud account tied to HuiOne money laundering network
U.S. authorities seized a cloud account used by HuiOne Group subsidiaries and imposed new sanctions tied to Prince Group. Officials said the move targeted infrastructure that helped move billions of dollars from fraud and scam operations.
-
LastPass says Salesforce customer data exposed in Klue supply chain attack
LastPass said hackers used OAuth tokens stolen in the Klue supply chain attack to reach customer data in its Salesforce environment. The company said vaults were not affected and warned about phishing risk.
-
Malicious npm packages found posing as PostCSS tools to deliver Windows RAT
Researchers found three malicious npm packages posing as PostCSS tools that delivered a Windows remote access trojan. The campaign used a multi-stage install chain to steal Chrome credentials, run commands and contact an external server.
-
WhatsApp VBScript campaign uses fake documents to spread RMM software
Malicious VBScript files are being spread through WhatsApp messages to install legitimate remote management software, with a Kaspersky technical analysis saying the campaign is active in Malaysia and at least 11 other countries.
