Phishing Campaign Exploits Google Apps Script to Steal Credentials via Fake Invoice Pages

The phishing campaign begins with a spoofed email impersonating a legitimate company that provides disability and health equipment. The email contains a link to a fake invoice hosted on script[.]google[.]com, a legitimate Google domain.

New Browser Exploit Technique Undermines Phishing Detection

A new phishing technique known as Fullscreen Browser-in-the-Middle (BitM) attack is exploiting standard browser functionality to deceive users into submitting credentials on fake login pages.

Tycoon2FA and Dadsec PhaaS Platforms Linked in Advanced MFA-Bypass Phishing Campaigns

A new phishing campaign leveraging the Tycoon2FA Phishing-as-a-Service (PhaaS) platform has been linked to the threat actor Storm-1575, also known for the Dadsec platform.

CFOs, financial execs in crosshairs of ‘highly targeted’ spearphishing campaign

A highly targeted spearphishing campaign is actively targeting CFOs and financial executives in banks, investment firms, energy utilities, and insurance companies across Europe, Africa, Canada, the Middle East, and South Asia.

Threat Actors Weaponizing DCOM to harvest credentials on Windows systems

A new stealthy attack technique is leveraging Distributed Component Object Model (DCOM) objects on Windows systems to harvest credentials without deploying payloads or triggering traditional security alerts.

Phishing Campaign Spoofs Coursera to Steal Facebook Credentials via Fake Meta Certificate Offer

A sophisticated phishing campaign has been uncovered that impersonates Coursera and offers a free Meta Social Media Marketing certificate to lure victims into a multi-stage phishing trap.

Fake DigiYatra Website Was Targeting Indian Flyers With Lookalike Portal

A phishing campaign has been uncovered targeting Indian air travelers by impersonating the DigiYatra Foundation through a fraudulent website, digiyatra[.]in. This site harvests personal data under the guise of a legitimate flight booking service.

Hackers use fake Ledger apps to steal Mac users’ seed phrases

A series of sophisticated phishing campaigns are targeting macOS users by distributing fake Ledger Live applications designed to steal 24-word seed phrases used to access cryptocurrency wallets.

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

A newly identified phishing campaign is targeting mobile users by injecting malicious JavaScript into websites to redirect them to adult-content Progressive Web Apps (PWAs).

FBI: US officials targeted in voice deepfake attacks since April

The FBI has issued a public service announcement warning of a surge in AI-generated voice deepfake attacks targeting U.S. government officials since April 2025. These leverage advanced voice cloning technologies to impersonate senior officials.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags