Security News > 2024 > September > Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

2024-09-16 04:23
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials. "Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto
News URL
https://thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html
Related news
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions (source)
- New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Phishing-as-a-service operation uses DNS-over-HTTPS for evasion (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)