Security News > 2024 > September > Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

2024-09-16 04:23
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials. "Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto
News URL
https://thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html
Related news
- How cybercriminals exploit psychological triggers in social engineering attacks (source)
- Phishing-as-a-service operation uses DNS-over-HTTPS for evasion (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
- Phishing kits now vet victims in real-time before stealing credentials (source)
- iOS devices face twice the phishing attacks of Android (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)