phishing

Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools
A new Android spyware operation called RedWing, linked to Russian threat actors, is being offered as a subscription service on Telegram. This Malware-as-a-Service (MaaS) product requires no coding skills and allows attackers to rent tools for stealing credentials, intercepting SMS messages, recording audio and video, and even launching DDoS attacks. RedWing relies on social engineering and user-granted permissions rather than exploiting device vulnerabilities.

Big Brand Jobs Scam Targets Marketing Pros' Google Accounts
A sophisticated phishing campaign is targeting marketing professionals by using fake job offers from major brands. This scheme employs nested redirects to bypass detection and aims to steal Google account credentials.

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did no

Two arrested over credit card phishing – as the Netherlands is named Europe’s worst for payment fraud
Two individuals were arrested over a phishing operation that harvested credit card details. The arrests come as the Netherlands is named the worst country in Europe for payment fraud.

Webinar tomorrow: Why modern email attacks require a new approach to defense
A webinar examines why modern email attacks require new defenses. It highlights behavioral AI for detecting phishing, business email compromise, and account takeover while reducing alert fatigue.

Google Is Suing Chinese Scammers Who Are Using Gemini
Google has filed a lawsuit against a Chinese criminal organization known as Outsider Enterprise. The group is accused of providing "phishing-as-a-service" through Telegram and allegedly leveraging Google's Gemini platform for their fraudulent operations.

Phishing poses as big-brand job interview to steal Google accounts
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. [...]

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The mult

New Avalon Malware Framework Packs CrownX Ransomware Capabilities
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines c

Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS
Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability.

Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula
Cybersecurity researchers have identified a new campaign by the banking Trojan Ousaban, primarily targeting users in Spain and Portugal. The malware, previously active in Brazil, is distributed via a sophisticated phishing PDF that leads victims to a malicious webpage. This page employs environmental and geo-fencing checks to ensure only intended targets download the payload, which includes a VBS script and the Ousaban executable. The Trojan then establishes persistence, decrypts banking-related strings using a custom algorithm, and communicates with command-and-control servers through dynamically generated hostnames.

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365
Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoi

Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)
This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It's pretty popular, so a

Phishers Gain Persistence at EU, Asia Hospitality Orgs
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.

Fake shops target shoppers across Europe with fake Samsung deals, counterfeit goods and World Cup scams
Cybercriminals are orchestrating sophisticated, multinational fake online shop operations across Europe, impersonating major brands like Samsung, Nike, and Amazon. These scams leverage social media, WhatsApp, and email to trick consumers into purchasing counterfeit goods, sharing personal information, or falling victim to World Cup-themed promotions. The operations are highly organized, utilizing rotating domains, misleading redirects, and localized content to evade detection and maximize reach.

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed
What if your AI coding assistant could be tricked into stealing your own company's secrets - by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. Me