Security news aggregator

Latest coverage for Phishing

Phishing uses deceptive messages to steal credentials or deliver malware, while user verification, MFA, and email filtering reduce the risk.

2321 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Phishing is deceptive communication—by email, text, phone, or a fake website—that impersonates a trusted person or service to make someone disclose credentials, approve a transaction, reveal sensitive information, or run harmful software. Attackers use it to bypass technical controls by persuading a legitimate user to perform an action, and may target employees, customers, administrators, or suppliers.

Its impact can include account takeover, unauthorized payments, exposure of personal or business data, and access to internal systems. The most effective control for stolen-password phishing is phishing-resistant multi-factor authentication, such as hardware-backed passkeys or security keys, which binds authentication to the legitimate site. Organizations should also filter and authenticate messaging where possible, use password managers, restrict risky actions, train users to verify unusual requests through a separate channel, and provide rapid reporting so suspected credentials or sessions can be revoked.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 2321
Bank Info Security 15 hours, 6 minutes ago

ISMG Editors: AI Phishing Kits Go Mainstream

Also: Potential Fallout From HIPAA Rule Delay, AI Identity Governance ChallengesIn this week's panel, four ISMG editors discussed the rise of artificial intelligence-powered phishing toolkits, potential fallout from the U.S. government's decision to delay a major overhaul of the HIPAA Security Rule and what security leaders see as the defining AI security challenges of 2026.

Bank Info Security 3 days, 15 hours ago

Phishing Toolkits Harvest Entra Tokens in Real Time

Jalisco Device Code Phishing Tool Use Also Tied to EvilTokens and Kali365 CustomersSophisticated phishing-as-a-service toolkits are driving a surge in phishing attack volume, experts warn, by giving users highly automated tools for personalizing lures and accessing previously niche tactics for generating valid authentication tokens for persistent access.

Microsoft Security Research 4 days, 12 hours ago

Defending SaaS-based applications against ShinyHunters OAuth abuse

Microsoft Threat Intelligence identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing), supply-chain compromise, and misconfigured guest access targeting SaaS-based applications. The post Defending SaaS-based applications against ShinyHunters OAuth abuse appeared first on Microsoft Security Blog.

A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts

Dutch police suspect local hackers behind the Odido breach that exposed 6M customers after a phishing attack and seek public help identifying them. Dutch police have identified strong indications that Dutch nationals were involved in the February 2026 cyberattack on telecom provider Odido, which resulted in data from more than six million customers being stolen […]

Loading more headlines...