phishing
The ARToken phishing panel targets Microsoft 365 accounts
Accounts-payable staff at U.S. companies keep receiving invoice emails that look like they come from vendors they already work with. One landed at a life-sciences company in …
Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials
Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during …
Algerian national accused of running cybercrime marketplaces extradited to US
An Algerian national accused of running online marketplaces that sold phishing kits and fraud tools has been extradited from Spain to the United States to face bank fraud …
Phishing attack on healthcare firm Xsolis impacts 1.4 million people
Healthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network. The company develops AI-powered software for hospitals, …
Phishing hides in routine Microsoft 365 workflows
Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts …
PhishLumos: Exposing phishing campaigns that evade detection by hiding content
Phishing remains one of the most stubbornly persistent threats in cybersecurity: humans are tired, distracted, trusting, and susceptible to urgency and authority in ways that …
Cybercriminals are moving away from mass phishing campaigns
Phishing activity declined by roughly 20% in both 2024 and 2025, according to research from Zscaler’s ThreatLabz team. The drop followed years of growth that pushed …
New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials
A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication …
LinkedIn-themed phishing abuses Adobe’s A/B testing platform
A newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe. The attack from the …
Chinese phishing gangs grow into a force to be reckoned with
Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat …
Microsoft 365 users targeted by new phishing threat that bypasses MFA
Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 …
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach …