Open Directory Exposes Three Evilginx Phishing Operators
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials
Barracuda observed new methods to disguise phishing links in Tycoon phishing attacks, which are designed to bypass automated email security systems
Sophos has observed cybercriminals ramping up their use of graphics files as part of email phishing attacks to bypass conventional security protections
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA
A new phishing attack uses corrupted Word docs to bypass security, luring victims with fake payroll and HR emails
Egress found that attackers are becoming more adept at bypassing email security, such as using compromised accounts and the use of commodity campaigns
SIM swapping and “adversary-in-the-middle” can bypass security for accounts on X (formerly Twitter)
Guardio Labs found that attackers exploited a configuration setting in Proofpoint’s email protection service, allowing outbound messages to bypass email protections
According to Enea, these campaigns use cloud storage platforms to host malicious websites, sending links via SMS to bypass firewalls
Darktrace reveals a novel phishing campaign where attackers leveraged legitimate Dropbox infrastructure to steal credentials before bypassing MFA
Proofpoint reveals surge in direct financial losses from attacks
The attack bypassed both SPF and DMARC email authentication checks
Social engineers are using Unicode techniques to bypass filters
Proofpoint warns of use of transparent reverse proxies