2FA phishing
-
CERT-UA impersonation phishing campaign spread AGEWHEEZE malware
A phishing campaign impersonating Ukraine’s CERT-UA spread AGEWHEEZE malware to organizations and individuals in March, though officials said only a small number of personal devices were infected.
-
Phishing campaign uses Casbaneiro and Horabot to target Latin America and Europe
A phishing campaign is using court summons-themed emails, WhatsApp automation and ClickFix tactics to spread Casbaneiro and Horabot across Latin America and Europe, according to a BlueVoyant technical analysis.
-
Phishing campaign targets TikTok for Business accounts with bot-blocking pages
A phishing campaign is targeting TikTok for Business accounts with bot-blocking pages that redirect through Google Storage and use a Cloudflare Turnstile check, then present fake login pages designed to capture credentials and session cookies.
-
Aura confirms breach exposed nearly 900,000 marketing contacts
Aura confirmed a breach that exposed nearly 900,000 marketing contacts, including names and emails. The company says 35,000 were customers and that SSNs and financial data were not compromised.
-
INTERPOL operation dismantles 45,000 malicious IPs in 72-country cyber crackdown
INTERPOL announced the takedown of 45,000 malicious IPs and servers in a 72-country operation that led to 94 arrests and 212 devices seized. India’s CBI carried out searches in a related transnational online investment fraud probe.
-
Dutch advisory links Russian actors to Signal and WhatsApp account hijacking campaign
A Dutch AIVD advisory links Russian state-sponsored actors to phishing that hijacks Signal and WhatsApp accounts of officials and journalists. Attacks use fake support chatbots and malicious QR codes to seize or link devices and monitor messages.
-
New Russian-linked campaign uses BadPaw loader to deploy MeowMeow backdoor in Ukraine
A new cyber campaign targeted Ukrainian organizations using a .NET loader named BadPaw that deploys a MeowMeow backdoor after a phishing ZIP archive and HTA lure, with sandbox checks and persistence tactics.
-
Microsoft warns OAuth redirect abuse used to deliver malware to government targets
Microsoft warned that phishing campaigns are abusing OAuth redirect features to deliver malware to government and public sector targets, using malicious OAuth apps, ZIP payloads, PowerShell and DLL sideloading. Organizations are advised to limit consent and review app permissions.
-
Microsoft warns of OAuth redirect abuse used to deliver malware to public sector
Microsoft warned that attackers are abusing OAuth redirect features to bypass phishing defenses and direct government and public sector users to attacker controlled domains that deliver malware or intercept credentials.
-
Starkiller phishing suite proxies live login pages to bypass MFA
Researchers disclosed Starkiller, a phishing suite that proxies live login pages through attacker controlled headless browsers to capture keystrokes, session tokens and MFA codes. The toolkit centralises deployment and uses URL masking to hide destinations.
