This phishing email warns recipients that their ad accounts have violated EU GDPR or Meta’s ad policies. They are encouraged to click a “Check More Details” button, which leads to a fake Meta page with a support chatbot.

In this latest case of "cascading fraud," the cybercriminals abuse the Semrush brand, a popular software-as-a-service (SaaS) platform used for SEO, online advertising, content marketing, and competitive research.

The campaign leveraged the windows[.]net platform’s trusted reputation, randomized subdomains, professional design, and anti-bot measures like CAPTCHAs to evade detection, intensifying in late 2024 and early 2025.

Scammers leverage Reddit communities associated with cryptocurrency traders to post about free access to TradingView through cracked versions. These downloads end up infecting users with info-stealer malware.

By leveraging legitimate Microsoft domains and tenant misconfigurations, attackers conduct Business Email Compromise (BEC) operations, tricking users to provide information while maintaining a high degree of legitimacy.

A new report from JUMPSEC’s Detection and Response Team (DART) uncovers a disturbing trend: cybercriminals are increasingly exploiting health-related fears to carry out sophisticated phishing attacks.

The phishing emails targeted multiple US and European industries, including government, healthcare, supply chain, and retail. Some of the emails seen by Proofpoint use RFPs and contract lures to trick recipients into opening the links.

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code.

The incident is part of a trend of scammers impersonating high-profile ransomware actors and claiming to have exfiltrated sensitive data to extort payments from targeted businesses.

Cybercriminals use deceptive tactics to target individuals and organizations during Ramadan, employing fraudulent donation requests, fake giveaways, and cryptocurrency schemes.