Topic: phishing campaign
-
Rust Developers Targeted in New Phishing Campaign
A new phishing campaign is targeting Rust developers via emails that mimic official security breach notifications from the Rust Foundation, attempting to steal GitHub credentials. The fraudulent messages directed users to a fake login portal, but officials confirmed no actual breach occurred and ...
Read More » -
New Salty2FA Phishing Kit Raises Sophistication Alarm
The Salty2FA phishing kit uses advanced tactics like session-based subdomain rotation, legitimate platform abuse, and precise corporate branding to create highly convincing fraudulent login pages. It incorporates Cloudflare’s Turnstile and obfuscated JavaScript to evade automated analysis and com...
Read More » -
MonsterRAT: Stealthy Malware Threatens Windows Systems
A sophisticated phishing campaign distributes the previously undocumented MonsterRAT malware, which targets Windows systems and grants attackers full administrative control through a multi-stage infection process. The attack uses phishing emails disguised as business correspondence to deliver the...
Read More » -
Phishing Alert: Fake NDAs Sent Via "Contact Us" Forms Target Manufacturers
A sophisticated phishing campaign targets industrial and supply chain firms using deceptive "Contact Us" forms and prolonged professional emails to bypass security and build trust. Attackers use fake NDAs and malicious ZIP files to deploy the "MixShell" backdoor, which employs DNS tunneling for s...
Read More » -
New Phishing Attack Deploys RATs Using UpCrypter Evasion
A global phishing campaign uses personalized emails and fake websites to distribute malicious downloads, employing the UpCrypter loader to deploy remote access trojans for prolonged unauthorized access. The attack involves HTML attachments redirecting to deceptive sites, with variations like voic...
Read More » -
UK Immigration Sponsors Warned of Home Office Phishing Scam
UK businesses sponsoring foreign workers are targeted by phishing scams impersonating Home Office emails, aiming to steal login credentials from the Sponsorship Management System (SMS). The scam involves convincing fake emails with urgent warnings, tricking victims into entering credentials on fr...
Read More » -
ScreenConnect Admins Alerted to Spoofed Login Attacks
ScreenConnect administrators are targeted by a phishing campaign using fake security alerts to steal login credentials and bypass multi-factor authentication, aiming to compromise Super Admin accounts. Attackers employ the EvilGinx framework to create convincing phishing portals that capture sess...
Read More »