Phishing

Google’s trusted scripting platform is the latest weapon in phishing arsenals, helping attackers craft convincing credential-stealing campaigns that evade traditional email filters. Cybercriminals are leveraging Google Apps Script, a legitimate tool in Google’s Workspace suite, to host phishing pages that appear trustworthy to both users and security systems. According to research by Cofense, attackers are disguising these pages as authentic login portals to trick users into submitting their credentials — all while operating under the umbrella of a trusted Google domain.

A new phishing campaign weaponizes malformed URLs to bypass email filters and steal Microsoft 365 credentials—even bypassing two-factor authentication. Researchers have linked the attack to Tycoon2FA, a notorious Phishing-as-a-Service (PhaaS) operation that enables adversary-in-the-middle (AitM) interception of login sessions. The threat actors behind this campaign are using subtle but dangerous techniques to trick both users and security systems.

Cyber attackers are now weaponizing Google Forms—an otherwise legitimate tool—to craft highly convincing phishing campaigns that evade email security filters and steal user logins. Trusted domains and smart obfuscation tactics make these threats harder to detect and more dangerous than ever.

A sophisticated phishing technique has been uncovered where attackers abuse Google’s OAuth system and DKIM verification to send emails that appear to come from no-reply@google.com, but actually lead users to fake support portals aimed at credential theft.

A dangerous phishing campaign is targeting businesses that advertise on Meta platforms like Facebook and Instagram. Hackers are sending fake emails claiming that users’ ad accounts have been suspended due to policy violations. These emails trick victims into clicking malicious links that steal login credentials and grant attackers full control over their accounts.

A new phishing scam is targeting YouTube creators using AI-generated deepfake videos of YouTube CEO Neal Mohan. Attackers trick creators into sharing login credentials by pretending to send a private video about monetization updates. Once hacked, accounts are used for scams and malware attacks.

A dangerous phishing campaign is targeting job seekers in the Web3 and cryptocurrency industry. Attackers are using fake job listings and fraudulent interview invites to trick victims into downloading a malicious video meeting app called GrassCall. Once installed, the malware steals login credentials, authentication data, and cryptocurrency wallets.

A new phishing attack is targeting Amazon Prime users, tricking them with fake renewal notifications to steal login credentials, personal details, and payment information. Discovered by the Cofense Phishing Defense Center on February 18, 2025, this attack uses advanced social engineering techniques and multiple layers of deception.

A new phishing campaign is targeting industrial organizations in the Asia-Pacific (APAC) region using a dangerous malware called FatalRAT. Hackers are using Chinese cloud services to deliver the malware, making it harder to detect. The attack mainly targets government agencies, manufacturing, IT, telecommunications, healthcare, energy, and logistics companies in countries like Taiwan, Malaysia, China, Japan, and more.

Cybercriminals are abusing PayPal’s address settings to send scam emails that look like official notifications. These emails claim a new shipping address has been added to your PayPal account and include a fake purchase confirmation for a MacBook M4. The goal is to trick users into calling a fake PayPal support number, where scammers try to gain remote access to their devices.