Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: phishing Clear Filter

Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service

bleepingcomputer.com Unknown 2025-09-20 11:20:05

Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials. In early September 2025, in coordination with Cloudflare's Cloudforce One and Trust and Safety teams, Microsoft's Digital Crimes Unit (DCU) disrupted the cybercrime operation by seizing 338 websites and Worker accounts linked to RaccoonO365. The cybercrime group behind this service (also tracked by Microsoft as

Topics: cloudflare dcu microsoft phishing raccoono365
Read More
Shop Amazon

New VoidProxy phishing service targets Microsoft 365, Google accounts

bleepingcomputer.com Unknown 2025-09-25 05:23:32

A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. The platform uses adversary-in-the-middle (AitM) tactics to steal credentials, multi-factor authentication (MFA) codes, and session cookies in real time. VoidProxy was discovered by Okta Threat Intelligence researchers, who describe it as scalable, evasive, and sophisticated. The attack begi

Topics: microsoft okta phishing service voidproxy
Read More
Shop Amazon

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

zdnet.com Charlie Osborne 2025-10-03 23:06:38

Elyse Betters Picaro / ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways A phishing email was at the heart of the attack. NPM team quickly removed backdoored versions. 18 packages hit, with 2B+ downloads every week. A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. 'I've been pwned' On Sept. 8, Josh Junon, a package maintainer whose account was at the center of the attack, revealed

Topics: email junon npm packages phishing
Read More
Shop Amazon

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

bleepingcomputer.com Unknown 2025-10-05 23:47:51

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack. One of the package maintainers whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website imp

Topics: ansi attack downloads phishing week
Read More
Shop Amazon

iCloud Calendar abused to send phishing emails from Apple’s servers

bleepingcomputer.com Unknown 2025-10-06 16:10:29

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes. Earlier this month, a reader shared an email with BleepingComputer that claimed to be a payment receipt for $599 charged against the recipient's PayPal account. This email included a phone number if the recipient wanted to discuss the payment or make changes to it. "Hello Cu

Topics: apple calendar com email phishing
Read More
Shop Amazon

6 browser-based attacks all security teams should be ready for in 2025

bleepingcomputer.com Unknown 2025-10-10 10:01:11

What security teams need to know about the browser-based attack techniques that are the leading cause of breaches in 2025. “The browser is the new battleground.” “The browser is the new endpoint”. These are statements you’ll run into time and again as you read articles on websites like this one. But what does this actually mean from a security perspective? In this article, we’ll explore what security teams are trying to stop attackers from doing in the browser, breaking down what a “browser-b

Topics: attackers browser malicious phishing security
Read More
Shop Amazon

Google says Gmail security is “strong and effective” as it denies major breach

arstechnica.com Unknown 2025-10-14 15:39:44

The sky is falling, and Gmail has supposedly been hacked to bits by malicious parties unknown. Or has it? Reports circulated last week claiming that Gmail was the subject of a major data breach, citing a series of warnings Google has distributed and increasing reports of phishing attacks. The hysteria was short-lived, though. In a brief post on its official blog, Google says that Gmail's security is "strong and effective," and reports to the contrary are mistaken. This story seems to have devel

Topics: breach gmail google phishing reports
Read More
Shop Amazon

'2.5 billion Gmail users at risk'? Entirely false, says Google

zdnet.com Lance Whitney 2025-10-15 11:55:54

SOPA Images / LightRocket via Getty Images Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Google did not issue a warning about a major security breach. But hackers have been targeting Salesforce data in the cloud. Always be alert for phishing and vishing attacks. Worried about reports that a major security breach has impacted your Gmail account? Well, apparently, those claims are much ado about nothing. Also: How to encrypt any email - in Outlook, Gmail, and o

Topics: gmail google phishing security users
Read More
Shop Amazon

Google debunks claims of major Gmail security alert

androidauthority.com Unknown 2025-10-16 19:36:13

Edgar Cervantes / Android Authority TL;DR Google says reports of a mass Gmail security warning are false. Some outlets reporting on phishing data last week framed it as a mass Gmail security alert. The company insists Gmail protections remain strong, but advises using passkeys and learning to spot phishing emails. Online threats are scary enough without false or overhyped alarms adding to the confusion. Last week, several outlets claimed that Gmail had issued a major warning to all 2.5 billi

Topics: gmail google outlets phishing security
Read More
Shop Amazon

AI website builder Lovable increasingly abused for malicious activity

bleepingcomputer.com Unknown 2025-11-03 06:11:05

Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. The malicious sites created through the platform impersonate large and recognizable brands, and feature traffic filtering systems like CAPTCHA to keep bots out. While Lovable has taken steps to better protect its platform from abuse, as AI-powered site generators increase in number, the barrier to entering cy

Topics: lovable phishing platform site sites
Read More
Shop Amazon

Hackers steal Microsoft logins using legitimate ADFS redirects

bleepingcomputer.com Unknown 2025-11-04 16:33:54

Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. The method lets attackers bypass traditional URL-based detection and the multi-factor authentication process by leveraging a trusted domain on Microsoft's infrastructure for the initial redirect. Legitimacy of a trusted redirect Researchers at Push Security, a company that provides protection solut

Topics: adfs microsoft phishing push security
Read More
Shop Amazon

Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

krebsonsecurity.com Unknown 2025-11-11 14:27:05

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks. This so-called ‘ramp and dump‘ scheme borr

Topics: brokerage merrill mobile phishing said
Read More
Shop Amazon

Booking.com phishing campaign uses sneaky 'ん' character to trick you

bleepingcomputer.com Unknown 2025-11-13 16:23:45

Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese hiragana character, ん, which can, on some systems, appear as a forward slash and make a phishing URL appear realistic to a person at a casual glance. BleepingComputer has further come across an Intuit phishing campaign using a lookalike domain using the letter L instead of 'i' in Intuit. Booking.com phishi

Topics: booking com email intuit phishing
Read More
Shop Amazon

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

bleepingcomputer.com Unknown 2025-11-17 05:14:23

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. These weaker login channels are vulnerable to adversary-in-the-middle phishing attacks that employ tools like Evilginx, enabling attackers to snatch valid session cookies and hijack the accounts. Although the attack doesn't prove a vulnerability in FIDO itself, it shows that the syste

Topics: authentication fido login phishing user
Read More
Shop Amazon

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

news.ycombinator.com Unknown 2025-11-17 05:26:02

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. These weaker login channels are vulnerable to adversary-in-the-middle phishing attacks that employ tools like Evilginx, enabling attackers to snatch valid session cookies and hijack the accounts. Although the attack doesn't prove a vulnerability in FIDO itself, it shows that the syste

Topics: authentication fido login phishing user
Read More
Shop Amazon

The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks

bleepingcomputer.com Unknown 2025-11-23 09:17:28

Attackers don’t need exploits; they need TRUST. Changes in attack methods reflect changes in generations. Gen Z, a generation known for prioritizing ease and efficiency, is now entering the cybersecurity landscape on both sides. Some are protecting data, and others are stealing it. With the rise of AI and no-code platforms in attackers’ phishing toolkits, building trust and deceiving users has never been easier. Threat actors are blending default-trusted tools with free, legitimate services to

Topics: attackers file phishing user varonis
Read More
Shop Amazon

Galaxy phones will soon gain voice phishing detection with One UI 8

androidauthority.com Unknown 2025-11-29 20:29:34

Samsung already offers a Smart Call feature to fight spam calls, but voice phishing attacks have emerged as a new threat. This sees criminals use AI to copy someone else’s voice in a bid to swindle their loved ones. Now, Samsung has announced a feature to address this tactic. Samsung announced on its Korean-language Community forum that it will offer a ‘Voice Phishing Suspected Call Alert’ feature in stable One UI 8: When calling an unknown number, we detect and notify you in real time using A

Topics: feature ll phishing samsung voice
Read More
Shop Amazon

Mozilla warns of phishing attacks targeting add-on developers

bleepingcomputer.com Unknown 2025-12-08 05:00:15

Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository. Mozilla's add-on platform hosts over 60,000 browser extensions and more than 500,000 themes used by tens of millions of users worldwide. According to Mozilla's advisory, these phishing emails are impersonating the AMO team and claim that the targeted developer accounts require updates to maintain access to development features. "The developer c

Topics: accounts add developer mozilla phishing
Read More
Shop Amazon

Attackers exploit link-wrapping services to steal Microsoft 365 logins

bleepingcomputer.com Unknown 2025-12-06 12:24:48

A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. The attacker exploited the URL security feature from cybersecurity company Proofpoint and cloud communications firm Intermedia in campaigns from June through July. Some email security services include a link wrapping feature that rewrites the URLs in the message to a trusted domain and passes them through a scan

Topics: email link malicious phishing wrapping
Read More
Shop Amazon

Hackers target Python devs in phishing attacks using fake PyPI site

bleepingcomputer.com Unknown 2025-12-14 15:57:50

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a repository for Python packages, accessible at pypi.org, that offers a centralized platform for developers to distribute and install third-party software libraries. It hosts hundreds of thousands of packages and is the default source for Python's package management tools. "PyPI has not been hacked, but user

Topics: email phishing pypi python users
Read More
Shop Amazon

How attackers are still phishing "phishing-resistant" authentication

bleepingcomputer.com Unknown 2025-12-18 10:50:59

As awareness grows around many MFA methods being “phishable” (i.e. not phishing resistant), passwordless, FIDO2-based authentication methods (aka. passkeys) like YubiKeys, Okta FastPass, and Windows Hello are being increasingly advocated. This is a good thing. The most commonly used MFA factors (like SMS codes, push notifications, and app-based OTP) are routinely bypassed, with modern reverse-proxy “Attacker-in-the-Middle” phishing kits the most common method (and the standard choice for phishi

Topics: access attacker attacks mfa phishing
Read More
Shop Amazon

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

bleepingcomputer.com Unknown 2026-01-03 21:41:49

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ large-volume phishing attacks for financial fraud. In the past, distributing emails containing crypto seed phrases used to drain cryptocurrency wallets. In the recent phishing attack observed by Expel, the PoisonSeed threat actors

Topics: authentication device key phishing security
Read More
Shop Amazon

Phishers built fake Okta and Microsoft 365 login sites with AI - here's how to protect yourself

zdnet.com Radhika Rajkumar 2026-02-07 00:32:32

Peter-verreussel/Getty Images As AI evolves to successfully take on business, personal, and even medical use cases, its capabilities also increasingly make it a security threat. On Tuesday, researchers at identity validator Okta published a report that found hackers are using v0, an AI website creation tool from Vercel, to create "phishing sites that impersonate legitimate sign-in webpages" using text prompts. Hackers replicated Okta's own login page and other sites, including Microsoft 365, s

Topics: ai okta phishing report sites
Read More
Shop Amazon

Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies

news.ycombinator.com Alexandre Nesic 2026-02-14 02:08:37

A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025. Introduction In 2025, phishing is still the most prevalent kind of cyber attack on the planet. Indeed, 1.2% of the global email traffic is phishing. That's 3.4 billion emails each day, but only a low number results in a compromise since "only" 3% of employees would click on a malicious link. However,

Topics: browser domain page phishing target
Read More
Shop Amazon

Trezor’s support platform abused in crypto theft phishing attacks

bleepingcomputer.com Unknown 2026-02-23 20:54:16

Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform. The company's support site allows anyone to open a ticket using any email address and subject line. The system then replies automatically, sending a case number and using the submitted ticket title as the email subject. Attackers abuse this feature by submitting tickets with titles containing urgent phishing messages, such as "[URGENT]: vault.trezor.g

Topics: phishing support trezor users wallet
Read More
Shop Amazon

DuckDuckGo scam blocker detects fake stores, crypto sites, virus alerts, more

9to5mac.com Ben Lovejoy 2026-03-04 15:44:14

The privacy-focused web browser DuckDuckGo has boosted its anti-scam features. It can now detect and block fake ecommerce stores, crypto sites, virus alerts, and more. The new security feature is completely free for all users on both Mac and iOS browsers, with no Privacy Pro subscription needed … DuckDuckGo already had the ability to detect common phishing and malware attacks, as well as malicious ads, but these features have now been boosted and branded as Scam Blocker. There are the two new

Topics: malware personal phishing scam sites
Read More
Shop Amazon

ChainLink Phishing: How Trusted Domains Become Threat Vectors

bleepingcomputer.com Unknown 2026-03-07 00:02:12

Phishing remains one of cybersecurity’s most enduring threats, not because defenders aren’t evolving, but because attackers are adapting even faster. Today’s most effective campaigns aren’t just built on spoofed emails or shady domains. They exploit something far more insidious: trust in the tools and services we use every day, leading to zero-hour phishing. The Rise of ChainLink Phishing Traditional phishing relied on easily identifiable red flags such as suspicious senders and questionable

Topics: aware browser chainlink phishing security
Read More
Shop Amazon

Darcula PhaaS can now auto-generate phishing kits for any brand

bleepingcomputer.com Unknown 2025-11-10 03:00:00

The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand. The upcoming release, currently available as a beta, will remove the targeting scope restrictions by offering a finite number of phishing kits and allowing anyone to create their own. In addition to this new feature, the upcoming release, named 'Darcula Suite,' also lifts technical skill

Topics: card darcula netcraft new phishing
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3586 apple 2977 new 2364 google 1994 content 1714
Popular
like 1480 company 1409 pro 1305 iphone 1130 app 1115 zdnet 1097 said 1044 data 1038 does 899 reviews 885
Emerging
editorial 864 amazon 854 game 801 samsung 766 phone 757 pixel 754 android 732 just 712 available 680 users 676
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]