FILTERED

20+ entries

BleepingComputerApril 5, 2026
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]
Phishing
USA
BleepingComputerApril 4, 2026
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. [...]
Phishing
BleepingComputerApril 4, 2026
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...]
Phishing
BleepingComputerApril 1, 2026
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. [...]
Phishing
BleepingComputerApril 1, 2026
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. [...]
Phishing
Vulnerability
BleepingComputerMarch 26, 2026
TikTok for Business accounts targeted in new phishing campaign
Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [...]
Phishing
BleepingComputerMarch 25, 2026
Bubble AI app builder abused to steal Microsoft account credentials
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]
Phishing
BleepingComputerMarch 23, 2026
Tycoon2FA phishing platform returns after recent police disruption
The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. [...]
Phishing
BleepingComputerMarch 21, 2026
Microsoft Azure Monitor alerts abused for callback phishing attacks
Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. [...]
Phishing
BleepingComputerMarch 20, 2026
FBI links Signal phishing attacks to Russian intelligence services
The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. [...]
Phishing
USA
BleepingComputerMarch 10, 2026
Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys
Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. [...]
Phishing
BleepingComputerMarch 9, 2026
FBI warns of phishing attacks impersonating US city, county officials
The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. [...]
Phishing
USA
BleepingComputerMarch 8, 2026
EU court adviser says banks must immediately refund phishing victims
Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault. [...]
Phishing
USA
BleepingComputerMarch 8, 2026
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. [...]
Phishing
BleepingComputerMarch 6, 2026
Fake Claude Code install guides push infostealers in InstallFix attacks
Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. [...]
Phishing
BleepingComputerMarch 5, 2026
2026 Browser Data Reveals Major Enterprise Security Blind Spots
The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware's 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based phishing, extensions, and social engineering drive new security blind spots. [...]
Phishing
BleepingComputerMarch 4, 2026
Bitwarden adds support for passkey login on Windows 11
Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication. [...]
Phishing
BleepingComputerMarch 4, 2026
Fake LastPass support email threads try to steal vault passwords
Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts. [...]
Phishing
BleepingComputerMarch 4, 2026
Europol-coordinated action disrupts Tycoon2FA phishing platform
An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month. [...]
Phishing
BleepingComputerMarch 3, 2026
Compromised Site Management Panels are a Hot Item in Cybercrime Markets
Compromised cPanel credentials are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure. Flare explains how analyzing 200,000 underground posts reveals a commoditized market for hacked site management panels. [...]
Phishing

Traffic violation scams switch to QR codes in new phishing texts

Axios npm hack used fake Teams error fix to hijack maintainer account

Device code phishing attacks surge 37x as new kits spread online

New EvilTokens service fuels Microsoft device code phishing attacks

Routine Access Is Powering Modern Intrusions, a New Threat Report Finds

TikTok for Business accounts targeted in new phishing campaign

Bubble AI app builder abused to steal Microsoft account credentials

Tycoon2FA phishing platform returns after recent police disruption

Microsoft Azure Monitor alerts abused for callback phishing attacks

FBI links Signal phishing attacks to Russian intelligence services

Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys

FBI warns of phishing attacks impersonating US city, county officials

EU court adviser says banks must immediately refund phishing victims

Hackers abuse .arpa DNS and ipv6 to evade phishing defenses

Fake Claude Code install guides push infostealers in InstallFix attacks

2026 Browser Data Reveals Major Enterprise Security Blind Spots

Bitwarden adds support for passkey login on Windows 11

Fake LastPass support email threads try to steal vault passwords

Europol-coordinated action disrupts Tycoon2FA phishing platform

Compromised Site Management Panels are a Hot Item in Cybercrime Markets