Email And Password

A new phishing campaign targeting LastPass users uses fake support emails, display name spoofing, and fraudulent login pages to steal vault master passwords.

81% of Router Users at Risk: Default Passwords Expose Devices to Hackers

Posted: October 28, 2025

Categories: Data Breach, Email And Password, Hacker

Tags: fp-6c, fp-6b, fp-3d, fp-3c, fp-1b, fp-1a

Author: Npav Lab

Survey shows 81% haven't changed router passwords—learn about malware risks, attack methods, and simple steps to secure your home network.

AI Phishing Emails 4.5x More Effective: Microsoft's Report on Cyber Threats

Posted: October 18, 2025

Categories: Phishing, Email And Password, Microsoft, AI

Tags: fp-2e, fp-2d, fp-2c, fp-2b, fp-2a, fp-1b, fp-1a

Author: Npav Lab

Microsoft's report shows AI boosting phishing success to 54% click-through—learn about ClickFix trends, nation-state AI use, and defenses like MFA to protect against evolving cyber attacks.

Beware Fake LastPass Emails: How Malware Sneaks in to Steal Your Info

Posted: October 17, 2025

Categories: Malware Alerts, Data Breach, Email And Password

Tags: fp-3b, fp-3a, fp-2e, fp-2d, fp-2c, fp-2b, fp-2a, fp-1b

Author: Npav Lab

LastPass warns of phishing emails with ZIP files dropping malware for keylogging and data theft—enable MFA, use antivirus, and verify sources to protect against these sneaky attacks.

IndusInd's Hidden Fraud: 2017 Emails Expose Early Treasury Risks

Posted: October 15, 2025

Categories: Email And Password, Financial fraud, Fraud Protector

Tags: fp-1a

Author: Npav Lab

2017 emails reveal IndusInd executives ignored Forex hedging red flags, leading to potential profit manipulation—RBI probes ongoing; experts urge stronger banking audits and governance to safeguard against accounting scandals.

SnakeKeylogger Phishing: Fake Remittance Emails Steal Credentials via PowerShell and ISO Attachments

Posted: October 10, 2025

Categories: Data Breach, Phishing, Email And Password

Tags: fp-3b, fp-3a, fp-1b, fp-1a

Author: Npav Lab

New SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense.

Fake HR Emails via Zoom: Phishing Scam Steals Gmail Credentials from Job Seekers

Posted: October 10, 2025

Categories: Phishing, Email And Password

Tags: fp-2d, fp-1b, fp-1a

Author: Npav Lab

Sophisticated phishing uses legit-looking Zoom Docs invites from "HR" to lure job hunters into fake Gmail login pages, exfiltrating credentials in real-time via WebSocket on overflow.qyrix.com.de. Discovered by Himanshu Anand—verify emails directly and use password managers to avoid account takeovers.

Job Hunters Alert: Vampire Bot Malware Hides in Fake Job Offer Emails

Posted: October 09, 2025

Categories: Malware Alerts, Email And Password

Tags: fp-3b, fp-3a, fp-2e, fp-2d, fp-2c, fp-2b, fp-2a, fp-1b, fp-1a

Author: Npav Lab

Vampire Bot spyware targets job seekers via deceptive ZIP attachments in recruiter emails, stealing screenshots and data. Linked to BatShadow hackers, it evades detection—stay safe by verifying offers and using EDR tools to avoid digital traps.

Discord Data Breach: Third-Party Vendor Exposes User Names, Emails, Photo IDs, and Support Data

Posted: October 06, 2025

Categories: Data Breach, Email And Password

Tags: fp-2d, fp-2b, fp-1a

Author: Npav Lab

A breach at Discord's third-party support vendor leaked personal info like names, emails, IP addresses, limited billing details, and scanned photo IDs for some users—no passwords or full cards affected. Discord is investigating and notifying victims; stay alert for phishing.