Phishing

Microsoft's report shows AI boosting phishing success to 54% click-through—learn about ClickFix trends, nation-state AI use, and defenses like MFA to protect against evolving cyber attacks.

New SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense.

Sophisticated phishing uses legit-looking Zoom Docs invites from "HR" to lure job hunters into fake Gmail login pages, exfiltrating credentials in real-time via WebSocket on overflow.qyrix.com.de. Discovered by Himanshu Anand—verify emails directly and use password managers to avoid account takeovers.

OpenAI's October 2025 report reveals bans on ChatGPT accounts linked to PRC-affiliated groups like UNKDROPPITCH, who leveraged AI to debug malware (GOVERSHELL, HealthKick), craft targeted phishing, and build surveillance tools—disrupting 40+ networks; models block direct threats but highlight efficiency risks in cyber ops.

Microsoft exposes AI-driven phishing campaign targeting US organizations: attackers use AI to craft verbose, business-jargon code in SVG attachments disguised as PDFs, hiding credential-stealing payloads behind invisible dashboards and evading antivirus detection.

Trend Micro warns of cybercriminals using AI to create fake CAPTCHA pages that trick users into revealing sensitive data, boosting phishing success rates and challenging cybersecurity defenses.

A sophisticated phishing attack uses Facebook’s URL redirect service to trick users into entering login credentials on fake pages, stealing emails, phone numbers, and passwords.

SpamGPT is a dark web “spam-as-a-service” platform using AI to automate large-scale phishing campaigns. Learn how KaliGPT and SMTP cracking training empower cybercriminals.

Cybercriminals abused compromised AWS credentials to hijack Amazon SES, sending 50,000+ phishing emails daily by bypassing sandbox limits. Learn how to detect and prevent SES abuse.

A sophisticated OneDrive spearphishing campaign targets corporate executives with fake HR emails and Microsoft Office 365 login pages to steal credentials. Learn how to recognize and prevent this threat.