November 21, 2024 at 12:08PM Microsoft and the Justice Department seized over 240 domains linked to ONNX, a phishing-as-a-service platform targeting thousands of victims globally since 2017. ONNX was the leading provider of phishing kits in 2024, enabling sophisticated attacks that bypassed security measures. Operations ceased after the owner’s identity was revealed. ### Meeting Takeaways … Read more
August 28, 2024 at 03:03AM Cybersecurity researchers have identified a new QR code phishing campaign using Microsoft Sway to host fake pages, exploiting legitimate cloud services. These attacks have targeted users in Asia and North America, particularly in technology, manufacturing, and finance sectors. The phishing tactic involves tricking users into scanning QR codes to steal … Read more
August 27, 2024 at 10:05AM A massive QR code phishing campaign exploited Microsoft Sway to host landing pages, targeting Microsoft 365 users primarily in Asia and North America. The attacks dramatically surged in July 2024, contrasting minimal activity in the first half of the year. Tactics included using QR codes to direct users to malicious … Read more
July 11, 2024 at 06:39AM A new email phishing campaign targeting Spanish language victims delivers a remote access trojan called Poco RAT since February 2024. The attacks primarily aim at mining, manufacturing, hospitality, and utilities sectors. The malware uses various tactics such as finance-themed lures and legitimate services abuse to evade detection. Additionally, the article … Read more
November 21, 2023 at 06:24AM QR code-based phishing techniques, known as “quishing,” are becoming popular among cybercriminals. By embedding malicious links in QR codes, attackers can bypass spam filters and evade detection. CAPTCHAs are also being exploited in phishing attacks to mask credential-harvesting forms on fake websites. Additionally, steganography is being used to hide malicious … Read more