-
Scammers are hijacking popular security tools like Cloudflare to hide fake Microsoft 365 login pages. Learn how this new invisible phishing campaign bypasses antivirus software and how you can stay safe.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent Microsoft 365 credential harvesting campaign shows how attackers are exploiting CloudFlare’s protective features to shield malicious phishing sites from security scanners and threat researchers. CloudFlare is widely used by organizations to im…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers from FearsOff discovered on October 9, 2025, that re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated AsyncRAT campaign exploiting Cloudflare’s free-tier services and TryCloudflare tunneling domains to evade detection while delivering remote access trojan payloads through multi-stage infect…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, la…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Since early 2025, cybersecurity analysts have witnessed a marked evolution in the tactics and tooling of MuddyWater, the Iranian state-sponsored Advanced Persistent Threat (APT) group. Historically known for broad Remote Monitoring and Management (RMM)…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An industrial-scale phishing campaign exploiting Google Cloud and Cloudflare infrastructure operated in plain sight for more than three years, targeting Fortune 500 companies and siphoning millions in potential revenue while evading detection. Deep Spe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
