Security News

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
2025-04-22 10:50

In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and...

Phishers abuse Google OAuth to spoof Google in DKIM replay attack
2025-04-20 17:31

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent...

Phishers are increasingly impersonating electronic toll collection companies
2025-04-03 11:20

Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been...

Phishers cast wide net with spoofed Google Calendar invites
2024-12-18 00:58

Not that you needed another reason to enable the 'known senders' setting Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected...

Phishers send corrupted documents to bypass email security
2024-12-03 12:04

Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email...

Phishers reach targets via Eventbrite services
2024-10-29 12:54

Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets. “Since July, these attacks have increased 25% week over week,...

Microsoft creates fake Azure tenants to pull phishers into honeypots
2024-10-19 14:32

Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. [...]

Mind your header! There's nothing refreshing about phishers' latest tactic
2024-09-12 09:15

It could lead to a costly BEC situation Palo Alto's Unit 42 threat intel team wants to draw the security industry's attention to an increasingly common tactic used by phishers to harvest victims'...

Microsoft 365 users targeted by phishers abusing Microsoft Forms
2024-07-29 09:09

There has been an uptick in phishing campaigns leveraging Microsoft Forms this month, aiming to trick targets into sharing their Microsoft 365 login credentials. Malicious forms leading to phishing pages impersonating Microsoft 365 and Adobe.

Phishers target FCC, crypto holders via fake Okta SSO pages
2024-03-04 12:44

A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.