What makes phishing so effective is the psychological pressure scammers build into every message. They create urgency — your account will close, a delivery failed, or suspicious activity needs ...

Poorly written emails with spelling mistakes and obvious deception were once a clear marker of phishing attacks. These unrefined and isolated scams ...

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade ...

The latest example is detailed by researchers at Aryaka, who this week described a campaign by an unnamed threat actor who is distributing resumés containing a malicious ISO file to HR departments. It ...

A Europol-led sting against the infamous Tycoon2FA MFA-bypass phishing service has been successful, with operations disrupted and ringleaders and cyber criminal users identified.

A threat actor has found a new way to evade phishing detection defenses: Manipulate the .arpa top-level domain (TLD) and IPv6-to-IPv4 tunneling to host phishing content on domains that shouldn’t ...

Russian hackers allegedly pose as "Signal support" and try to phish victims. The scheme has already compromised the messages of Dutch government employees.

Fake CAPTCHA attacks spiked by 563% last year: How to spot them before it's too late ...

Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale ...

Signal has commented on the Russian phishing attacks, for example on government officials. The incidents are taken very seriously.