-
The Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform, which emerged in August 2023, has become a formidable adversary against organizational se…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The discovery of a large-scale NPM ecosystem compromise in September 2025 has renewed focus on email security as the critical first line of defense against supply chain attacks. Threat actors successfully compromised multiple high-profile NPM developer…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have discovered a sophisticated phishing technique that weaponizes invisible Unicode characters embedded within email subject lines using MIME encoding—a tactic that remains largely unknown among email security professionals. The d…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated phishing campaign orchestrated by the notorious Gamaredon threat group, specifically targeting government entities through exploitation of a critical WinRAR vulnerability. The attack leverages CV…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new phishing attack discovered in early February 2025 is successfully bypassing Secure Email Gateways (SEGs) and evading perimeter defenses through an ingenious combination of random domain selection, dynamic UUID generation, and browse…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign is targeting Microsoft account holders by using a clever twist on OAuth authentication prompts. Instead of asking users to hand over their passwords directly, attackers are tricking people into granting permission to malicious a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated and widespread smishing campaign originating from China has emerged as a significant threat to users worldwide. Researchers have attributed the ongoing attack to a group known as the Smishing Triad, which has demonstrated unprecedented …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In 2025, attackers are noted tried-and-true approaches—like password-protect…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are leveraging Microsoft Azure Blob Storage to craft highly convincing phishing sites that mimic legitimate Office 365 login portals, putting Microsoft 365 users at severe risk of credential theft. This method exploits trusted Microsoft infrastructure, making the attacks harder to spot as the fraudulent pages appear secured by official SSL certificates issued by […] The post New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
