A sophisticated phishing campaign is targeting Apple Pay and Yahoo users. It leverages realistic email and web page impersonations to steal sensitive credentials, financial data, and personal information.

Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.

A new phishing tactic known as Precision-Validated Phishing is being leveraged by cybercriminals to enhance the effectiveness of credential theft campaigns. This technique uses real-time email validation.

A recent phishing campaign has been uncovered targeting Spotify users through a spoofed email that mimics official Spotify communications. The attackers embedded legitimate Spotify URLs within the email to lend credibility.

A recent phishing campaign exploits the timing of Q1 evaluations by impersonating internal HR communications to deceive employees. The campaign culminates in credential theft via a spoofed Microsoft login page.

A sophisticated phishing campaign is targeting individuals seeking U.S. travel authorization by impersonating the U.S. Customs and Border Protection (CBP) and the Electronic System for Travel Authorization (ESTA).

A recent phishing campaign leverages a dual-threat strategy combining credential harvesting and malware delivery. Disguised as a file deletion alert, the attack exploits user trust to deploy the ConnectWise RAT or steal Office365 credentials.

Researchers at Cofense warned of a growing number of phishing campaigns leveraging trusted online document platforms, such as Adobe, DocuSign, Dropbox, Canva, and Zoho, to evade secure email gateways (SEGs) and steal credentials.

A new phishing campaign exploited Microsoft Copilot's novelty by sending emails with spoofed invoices. These emails direct users to fake login pages that capture credentials, enhanced by Microsoft branding and a counterfeit MFA page.

Threat actors have taken phishing to the next level by weaponizing custom Microsoft 365 applications to request sensitive information from users. User is taken to a legitimate Microsoft authentication page, making the phishing attack more convincing.