Phishing

A sophisticated phishing attack has compromised over 2,000 devices by impersonating Social Security Administration communications. Learn how this campaign exploits trust and the infection mechanism behind it.

A new phishing campaign targeting employees uses fake TxTag toll payment notices and government domain spoofing to steal personal and financial information. Learn how to recognize and avoid this sophisticated scam.

Clicking “unsubscribe” in your email may seem harmless, but it could expose you to scams and security risks. Learn how cybercriminals exploit unsubscribe links and how to stay safe.

A 29-year-old man in Mumbai, Tauheed Khan, died by suicide after losing money in an investment fraud and a cyber scam. Discover the tragic details of his story and the ongoing investigation.

Learn about the ransomware attack on Sensata Technologies, a leading industrial tech firm. Discover how the breach impacted operations, compromised customer data, and the company's response, including credit monitoring for affected individuals.

Business Email Compromise (BEC) attacks are stealthy, effective, and devastating. With no malware involved, these attacks bypass traditional security filters, trick employees, and siphon sensitive data or funds. But with real-time visibility through interactive sandboxing and endpoint protection like Net Protector, businesses can stay one step ahead.

Google’s trusted scripting platform is the latest weapon in phishing arsenals, helping attackers craft convincing credential-stealing campaigns that evade traditional email filters. Cybercriminals are leveraging Google Apps Script, a legitimate tool in Google’s Workspace suite, to host phishing pages that appear trustworthy to both users and security systems. According to research by Cofense, attackers are disguising these pages as authentic login portals to trick users into submitting their credentials — all while operating under the umbrella of a trusted Google domain.

A new phishing campaign weaponizes malformed URLs to bypass email filters and steal Microsoft 365 credentials—even bypassing two-factor authentication. Researchers have linked the attack to Tycoon2FA, a notorious Phishing-as-a-Service (PhaaS) operation that enables adversary-in-the-middle (AitM) interception of login sessions. The threat actors behind this campaign are using subtle but dangerous techniques to trick both users and security systems.

Cyber attackers are now weaponizing Google Forms—an otherwise legitimate tool—to craft highly convincing phishing campaigns that evade email security filters and steal user logins. Trusted domains and smart obfuscation tactics make these threats harder to detect and more dangerous than ever.

A sophisticated phishing technique has been uncovered where attackers abuse Google’s OAuth system and DKIM verification to send emails that appear to come from no-reply@google.com, but actually lead users to fake support portals aimed at credential theft.