2FA phishing
-
Leroy Merlin notifies French customers after data breach
Leroy Merlin has notified customers in France that personal data including names, contact details, postal addresses, dates of birth and loyalty information were exposed in a cyberattack; the company said banking data and passwords were not affected and that it has taken steps to contain the incident.
-
Calendly-themed phishing campaign spoofs top brands to hijack ad manager accounts
Security researchers found a targeted phishing campaign using fake Calendly invites and brand impersonation to steal Google Workspace and Facebook business credentials and seize advertising manager accounts for malvertising and other attacks.
-
Kaspersky: Tomiris APT increasingly uses Telegram and Discord as command-and-control channels
Kaspersky researchers reported that the Tomiris threat actor has targeted diplomatic and government entities, increasingly using public services like Telegram and Discord as command-and-control channels and deploying multi-language implants and open-source C2 frameworks.
-
OpenAI notifies some API customers after Mixpanel analytics vendor hacked
OpenAI said some ChatGPT API customers had limited identifying information exposed after a smishing-driven compromise of analytics vendor Mixpanel; no chats, API requests, credentials or payment data were exposed and both companies have taken mitigation steps while investigations continue.
-
FBI says cybercriminals stole $262 million in account-takeover schemes since January
The FBI said cybercriminals impersonating banks have stolen more than $262 million in account-takeover attacks since January, with the IC3 receiving over 5,100 complaints; attackers use phishing, social engineering and fraudulent websites to capture credentials and move funds to cryptocurrency wallets.
-
Harvard discloses Alumni Affairs data breach after voice phishing attack
Harvard said systems used by its Alumni Affairs and Development office were accessed in a phone-based phishing attack discovered on Nov. 18, 2025, exposing contact and fundraising-related information for alumni, donors, students and staff; the university said no Social Security numbers, passwords, payment card or other financial data were in the compromised systems.
-
Google: APT24 Used New ‘BADAUDIO’ Malware in Years-Long Espionage Campaign
Google Threat Intelligence Group says a China-nexus actor tracked as APT24 used a previously undocumented downloader called BADAUDIO in a campaign from November 2022 into 2025, employing watering holes, supply-chain compromises and spear-phishing to deliver backdoors and second-stage payloads.
-
Mandiant ties UNC1549 to long-running campaign using TWOSTROKE and DEEPROOT against aerospace and defence
Google-owned Mandiant linked a cluster it tracks as UNC1549 to a campaign from late 2023 through 2025 in which suspected Iranian espionage actors used backdoors including TWOSTROKE and DEEPROOT to target aerospace, aviation and defence organisations by exploiting third-party credentials, VDI breakouts and targeted phishing.
-
Princeton University discloses November 10 database breach affecting alumni and donors
Princeton University said a database was compromised on November 10 after a phishing attack on an employee, exposing names, contact details and biographical information of alumni, donors, students and staff; the university said the database did not generally contain Social Security numbers, passwords or financial information and has blocked the attackers’ access.
-
Researchers: ClickFix social‑engineering used to deliver Amatera stealer and NetSupport RAT
Researchers say operators are using ClickFix social‑engineering to install the Amatera stealer and, conditionally, NetSupport RAT; eSentire and other vendors have published analyses and indicators tied to multiple concurrent phishing campaigns.
