2FA phishing
-
1Campaign cloaking service helps malicious Google Ads evade detection
1Campaign is a cloaking service that helps malicious Google Ads pass automated screening and remain online for years. One observed campaign filtered 99.4% of visitors while redirecting a small fraction to attacker-controlled pages.
-
UnsolicitedBooker uses LuciDoor and MarsSnake to target Central Asian telecoms
UnsolicitedBooker deployed LuciDoor and MarsSnake backdoors against telecom companies in Kyrgyzstan and Tajikistan using phishing and multiple loaders between September 2025 and January 2026.
-
Polish police dismantle Facebook phishing ring that seized more than 100,000 logins
Polish cybercrime officers dismantled a phishing ring that seized Facebook accounts and BLIK codes. Investigators identified 11 members, seized over 100,000 logins and passwords, and more than 400 charges have been filed.
-
Abandoned Outlook add-in hijacked to phish about 4,000 Microsoft accounts
An abandoned Outlook add-in listed in Microsoft’s store was hijacked to host phishing pages that stole credentials from about 4,000 users, a technical analysis found. Users should remove the add-in and reset passwords.
-
Researchers identify first malicious Outlook add-in that stole over 4,000 credentials
Researchers found the first malicious Outlook add-in in the wild, where a hijacked add-in domain hosted a fake sign in page and captured more than 4,000 credentials, exposing gaps in marketplace content monitoring.
-
TriZetto breach may have exposed PHI for more than 700,000, Oregon providers to notify patients
An intrusion into TriZetto Provider Solutions discovered in October 2025 may have exposed protected health information for more than 700,000 people. Local Oregon providers will notify thousands of patients about exposed records.
-
New MaaS Stanley promises phishing extensions on Chrome Web Store
A technical analysis found the Stanley MaaS offers Chrome extensions that overlay phishing iframes and promises to pass Chrome Web Store review. The service includes auto-install, persistent C2 polling, geotargeting, and a paid Luxe plan.
-
Phishing campaign in India deploys Blackmoon variant and SyncFuture TSM
Security researchers found a phishing campaign targeting Indian taxpayers that uses fake Income Tax Department notices to deliver a multi stage backdoor which installs a Blackmoon variant and SyncFuture TSM for persistent remote access.
-
Multi-stage phishing campaign in Russia delivers Amnesia RAT and ransomware via GitHub and Dropbox
A multi-stage phishing campaign observed in Russia delivers Amnesia RAT and Hakuna Matata ransomware. The chain uses GitHub and Dropbox for payload staging and disables Defender before stealing data and encrypting files.
-
Phishing campaign leverages stolen credentials to deploy legitimate RMM for persistent access
Researchers reported a dual-wave phishing campaign that harvests Outlook, Yahoo and AOL credentials to register with LogMeIn and deploy LogMeIn Resolve via a signed executable named GreenVelopeCard.exe to maintain persistent remote access.
