Sunday, April 13, 2025

Phishing

Tycoon 2FA Phishing Kit Uses Advanced Evasion Techniques to Bypass Endpoint Detection Systems

The notorious Tycoon 2FA phishing kit continues its evolution with new strategies designed to slip past endpoint detection systems.This development was highlighted in a recent analysis, showcasing several...

Chinese eCrime Group Targets Users in 120+ Countries to Steal Banking Credentials

Smishing Triad, a Chinese eCrime group, has launched an extensive operation targeting users across more than 121 countries.This campaign, primarily focused on stealing banking...

GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks

The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and...

Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA

Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments,...

Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens

The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as Scattered Spider.Active since at least 2022, this group...

Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors

The cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors....

New GIFTEDCROOK Stealer Targets Government Organizations to Exfiltrate Sensitive Data

Cybersecurity experts have uncovered an alarming escalation in cyber-espionage operations targeting Ukrainian critical sectors, as outlined in CERT-UA's latest alert, CERT-UA#14303.The campaign, attributed...

Morphing Meerkat: A PhaaS Utilizing DNS Reconnaissance to Generate Targeted Phishing Pages

Originally discovered in 2020 as a Phishing-as-a-Service (PhaaS) platform, Morphing Meerkat has since evolved into a sophisticated cybercriminal tool.Initially capable of mimicking login...

AI Surpasses Elite Red Teams in Crafting Effective Spear Phishing Attacks

In a groundbreaking development in the field of cybersecurity, AI has reached a pivotal moment, surpassing elite human red teams in the creation of...

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and bulk email providers to facilitate cryptocurrency-related scams.The...

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation.These scams, which have been hitting...