Stay guarded with the latest phishing attack trends, prevention tips, and security news to protect your personal and organizational information.
Search across headline titles and summaries.
Background for this topic.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking on a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
In the context of information security, phishing is a significant threat as it relies on human vulnerability to circumvent security measures. These attacks can have devastating results, from unauthorized access to confidential data to substantial financial losses. Organizations and individuals must employ comprehensive security awareness training and implement robust security protocols to recognize and defend against phishing schemes.
Weekly headline count for the current query.
Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing.
China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT
Hacking voting machines is so 2017. Phishing, impersonation pose the real election risks
Monday hit like a cron job with anger issues
A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent
Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers Signal Phishing Campaign Targets Journalists and […]
Attackers are texting Signal users posing as Support, asking for backup recovery keys. Once obtained, they can decrypt the entire message history, not just future chats. A phishing campaign is currently targeting Signal users with text messages that impersonate Signal Support and ask them to hand over their backup recovery key. The message looks urgent, […]
Researchers Estimate Losses Ranging From Hundreds of Millions to BillionsA Chinese-language phishing-as-a-service platform scammed between $470 million to $1 billion from soccer fans ahead of the 2026 FIFA World Cup starting next month. Domain-by-domain takedowns will not stop this, Group-IB warned.
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks
An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]
Fraudsters Tokenize Stolen Cards Into Attacker WalletsGoogle Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP interception to bypass multifactor authentication and provision stolen payment cards into attacker-controlled digital wallets worldwide.
Health-ISAC Warns About Weak Governance and Credential MisuseHumans make mistakes. They fall for phishing scams and click on malicious links. Machines aren't necessarily better: Delegating decisions to agentic artificial tools can significantly intensify cybersecurity risks, warns a healthcare association.
Group-IB uncovered Ghost Stadium phishing and 4300 fake FIFA World Cup domains targeting fans
Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026
Monday recap. Same mess, new week