Tuesday, June 10, 2025

Phishing

New SharePoint Phishing Campaigns Employing Deceptive Lick Techniques

Security analysts at CyberProof’s Security Operations Center (SOC) have identified a sharp rise in phishing campaigns leveraging Microsoft SharePoint to bypass modern detection systems. Unlike traditional phishing attempts that rely...

Beware of Fake Zoom Client Downloads Granting Attackers Access to Your Computer

In the wake of the COVID-19 pandemic, collaborative tools like Microsoft Teams, Zoom, and WebEx have become indispensable for remote work, enabling seamless communication...

830 Organizations Hacked via Glitch-hosted Phishing Attack Uses Telegram & Fake CAPTCHAs 

Netskope Threat Labs reported a staggering 3.32-fold increase in traffic to phishing pages hosted on the Glitch platform, a browser-based web development tool that...

Outlook Users Targeted by New HTML-Based Phishing Scheme

A recent phishing campaign has revealed a sophisticated technique that exploits Microsoft Outlook’s unique handling of HTML emails to conceal malicious links from corporate...

SCATTERED SPIDER Hackers Target IT Support Teams & Bypass Multi-Factor Authentication

A cybercriminal group known as SCATTERED SPIDER has emerged as a formidable threat, targeting sectors like hospitality, telecommunications, finance, and retail with unprecedented sophistication. This...

APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform

The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised...

HuluCaptcha: Fake Captcha Kit Tricks Users into Executing Code via Windows Run Command

Security researchers have identified a sophisticated phishing campaign leveraging a fake CAPTCHA verification system dubbed "HuluCaptcha" that covertly executes malicious code through the Windows...

Haozi’s Plug-and-Play Phishing Attack Steals Over $280,000 From Users

Netcraft security researchers have identified a significant resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) operation, distinguished by its cartoon mouse mascot and frictionless cybercrime...

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575, also known as "Dadsec." Since...

Threat Actors Exploit Nifty[.]com Infrastructure in Sophisticated Phishing Attack

Threat actors have orchestrated a multi-wave phishing campaign between April and May 2025, leveraging the legitimate infrastructure of Niftycom, a prominent Japanese Internet Service...

UTG-Q-015 Hackers Launch Massive Brute-Force Attacks on Government Web Servers

The hacker group UTG-Q-015, first identified in December 2024 for mounting attacks on major websites like CSDN, has escalated its malicious activities, targeting government...