Category: Phishing, Security

Enterprise security teams face an immediate escalation in phishing threats as the notorious Darcula toolkit has now started weaponizing generative AI to create highly convincing phishing pages at unprecedented speed and scale. Researchers at cybersecurity firm Netcraft detected this alarming development on April 23, documenting how the platform has evolved to enable even novice attackers…

Read more →

A new phishing campaign, PoisonSeed, has been targeting CRM and email providers to obtain email lists for bulk cryptocurrency spamming. Silent Push, the cybersecurity firm that uncovered the elaborate campaign, linked it to a couple of recent phishing incidents — Troy Hunt’s MailChimp attack, and Coinbase phishing email tricks — representing two legs of the…

Read more →

A new phishing campaign targeting Mac systems employs scareware tactics to steal Apple IDs and passwords from unsuspecting users. Identified by LayerX Labs, the attack involves compromised websites displaying fake security warnings claiming that the user’s computer has been “compromised” and “locked,” and prompting users to enter username and password. “Apple Security Warning. MacOS has…

Read more →

In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application. Successful execution of the Click-fix campaign, which has reportedly targeted over 12,000 GitHub repositories, can allow attackers full control over the affected accounts and codes. Cybersecurity researcher Luc4m first reported the…

Read more →

In a smart campaign, Russian cybercriminals are turning trusted online stores into phishing pages that capture sensitive details through convincing payment interfaces. According to a research by the cybersecurity firm Slashnext, the Russian miscreants have built a WordPress plugin, PhishWP, which creates fake payment pages that look like trusted services, such as Stripe. “WordPress is…

Read more →