A sophisticated phishing campaign has been observed leveraging legitimate services such as DocuSign, Webflow, and Google to deceive users and conduct system reconnaissance.

A new variant of the long-running "sextortion" scam campaign has emerged, featuring increased ransom demands, spoofed email addresses, and references to Pegasus spyware. The email usually starts with “Hello pervert.”

A new phishing campaign is redirecting users from gaming sites, social media, and sponsored ads to fake Booking.com websites. These malicious sites use deceptive CAPTCHA prompts to hijack the user's clipboard and install the AsyncRAT malware.

Cybercriminals are exploiting trusted platforms like Google to target Intuit QuickBooks users. They are creating highly convincing fake login pages designed to pilfer sensitive information, including usernames, passwords, and even OTPs.

Scammers leverage Reddit communities associated with cryptocurrency traders to post about free access to TradingView through cracked versions. These downloads end up infecting users with info-stealer malware.

Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically that the malware infection can also lead to ransomware attacks.

The Docusign Application Programming Interface (API) allows scammers to send emails that come from genuine Docusign accounts, and they can use templates to impersonate reputable companies.

In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert multi-factor authentication (MFA).

The attackers are using a clever technique to evade detection by security systems. They have cloned the website of a German university that uses Cisco AnyConnect and are using it as a “white page” to fool ad detection systems.

Scammers use malicious ads on Google Search to steal login credentials from users trying to access Microsoft’s advertising platform. The phishing page shows a fake error message prompting users to reset their password and attempts to bypass 2FA.