Phishing

Booking.com confirms data breach exposing customer booking details. Hackers may use stolen data for phishing and fraud attacks targeting travelers.

Hackers abuse Meta Business Manager notifications to send phishing emails from trusted domains, targeting businesses and stealing login credentials.

Cyber attackers are abusing safe link URL rewriting and multi-layer redirects to bypass email security filters and steal Microsoft 365 credentials through phishing campaigns.

A new phishing campaign targeting LastPass users uses fake support emails, display name spoofing, and fraudulent login pages to steal vault master passwords.

Fake India Post GDS recruitment websites are stealing user data. Learn how to identify phishing sites and stay protected with NPAV security.

Phishing scams trick iPhone owners into giving up Apple IDs—learn the tactics, risks, and tips to secure your device and account.

90% of phishing targets Outlook and Google—learn about the tactics, stats, and defenses to protect your email from evolving threats.

Microsoft's report shows AI boosting phishing success to 54% click-through—learn about ClickFix trends, nation-state AI use, and defenses like MFA to protect against evolving cyber attacks.

New SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense.

Sophisticated phishing uses legit-looking Zoom Docs invites from "HR" to lure job hunters into fake Gmail login pages, exfiltrating credentials in real-time via WebSocket on overflow.qyrix.com.de. Discovered by Himanshu Anand—verify emails directly and use password managers to avoid account takeovers.