2FA phishing
-
Astaroth banking trojan leverages GitHub to restore command-and-control, McAfee says
McAfee Labs reported that the Astaroth banking trojan campaign uses GitHub-hosted images with steganography to update configurations and maintain access after C2 takedowns; the campaign targets Brazil and other Latin American countries and is delivered via DocuSign-themed phishing emails.
-
Smishing texts impersonate New York tax agency to steal inflation refund details
Smishing texts impersonating the New York Department of Taxation and Finance are urging recipients to submit payment and personal details to claim “Inflation Refunds,” BleepingComputer reported; state officials said the refunds are automatic and advised people not to provide information and to report suspected scams.
-
Researchers find 175 npm packages used to host phishing infrastructure in ‘Beamglea’ campaign
Researchers say 175 npm packages were used to host redirect scripts and HTML payloads for a credential-phishing campaign called Beamglea that has been downloaded about 26,000 times and targeted more than 135 companies worldwide.
-
Microsoft: Storm-2657 Used Phishing to Redirect University Payrolls via Workday Accounts
Microsoft said a gang known as Storm-2657 has used phishing and adversary-in-the-middle links to steal MFA and compromise university Workday-linked accounts since March 2025, altering payroll configurations to redirect salary payments and spreading further phishing inside and across campuses.
-
New FileFix Variant Uses Cache Smuggling to Evade Security, Researchers Say
A new FileFix phishing variant uses cache smuggling to store a malicious ZIP in browser cache and run it via a hidden PowerShell command, letting it evade many security products, researchers said.
-
Ukraine agency says Russian-linked hackers used AI to aid cyber attacks in H1 2025
Ukraine’s SSSCIP said Russian-linked hackers increased use of AI in cyber attacks in H1 2025, recording 3,018 incidents and using AI-generated phishing and malware while exploiting webmail flaws and abusing legitimate cloud services.
-
Google launches AI Vulnerability Reward Program with bounties up to $30,000
Google this week launched an AI Vulnerability Reward Program offering up to $30,000 for high-quality reports on flaws in its AI products, covering Search, Gemini, Workspace and other AI systems and laying out tiered payouts for issues such as rogue actions and data exfiltration.
-
XWorm backdoor resurfaces with ransomware module and dozens of plugins
Researchers at Trellix told BleepingComputer that new XWorm variants 6.0, 6.4 and 6.5 are circulating in phishing campaigns, include more than 35 plugins and a ransomware module that encrypts user files and drops ransom instructions.
-
Trend Micro: SORVEPOTEL self‑propagating malware spreads via WhatsApp, hits Brazil hard
Trend Micro researchers said a self‑propagating malware campaign called SORVEPOTEL is spreading via WhatsApp and email to Windows desktops, concentrating in Brazil; it propagates through malicious ZIP attachments and PowerShell, aims for rapid spread rather than data theft, and has led to mass spam and account suspensions.
-
Renault and Dacia inform UK customers of data exposure after third‑party breach
Renault and Dacia told UK customers that personal data held by a third‑party provider was taken in a cyberattack, exposing names, contact details and vehicle identifiers; Renault said banking data was not exposed and declined to name the supplier or say how many customers were affected.
