Threat actors are reusing Tycoon 2FA tools across other phishing kits following the platform’s disruption.
The post Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks appeared first on SecurityWeek.
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
Attack volumes are back to pre-disruption levels, and the adversary tactics have remained unchanged.
The post Tycoon 2FA Fully Operational Despite Law Enforcement Takedown appeared first on SecurityWeek.
Russian APT Exploits Zimbra Vulnerability Against Ukraine
Insufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser.
The post Russian APT Exploits Zimbra Vulnerability Against Ukraine appeared first on SecurityWeek.
Security Firm Executive Targeted in Sophisticated Phishing Attack
The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages.
The post Security Firm Executive Targeted in Sophisticated Phishing Attack appeared first on SecurityWeek.
Starbucks Data Breach Impacts Employees
Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds.
The post Starbucks Data Breach Impacts Employees appeared first on SecurityWeek.
Internet Infrastructure TLD .arpa Abused in Phishing Attacks
Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare.
The post Internet Infrastructure TLD .arpa Abused in Phishing Attacks appeared first on SecurityWeek.
LastPass Warns of New Phishing Campaign
The attackers are sending out fake alerts claiming unauthorized access or master password changes.
The post LastPass Warns of New Phishing Campaign appeared first on SecurityWeek.
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
Domains set up by the threat actor suggest attacks aimed at Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, and WeWork.
The post Over 100 Organizations Targeted in ShinyHunters Phishing Campaign appeared first on SecurityWeek.
‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing
Priced $2,000 – $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store.
The post ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek.
Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks.
The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek.
