phishing
Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. Originally a legitimate meeting scheduling tool for Outlook users, the module was developed by an independent publisher and has been on the Microsoft Office Add-in Store since December 2022. Office add-ins are just URLs pointing […]
Microsoft: Exchange Online flags legitimate emails as phishing
Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them. The incident began on February 5 and continues to affect Exchange Online customers, preventing them from sending or receiving emails. “Some users’ legitimate email messages are being marked as phish and quarantined in Exchange Online,” Microsoft said in […]
Germany warns of Signal account hijacking targeting senior figures
Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. The attacks combine social engineering with legitimate features to steal data from politicians, military officers, diplomats, and investigative journalists in Germany and across Europe. The security advisory is based on intelligence collected by the Federal […]
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
An Illinois man pleaded guilty to hacking nearly 600 women’s Snapchat accounts to steal nude photos that he kept, sold, or traded online, including accounts he compromised at the request of a former university track coach who was later convicted of sextortion. 26-year-old defendant Kyle Svara admitted in federal court in Boston to phishing access […]
Cloud storage payment scam floods inboxes with fake renewals
Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. Based on numerous emails seen by GeekFeed, the campaign has escalated over the past […]
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. The company stated that hackers stole a “limited amount of user data” after the ShinyHunters threat group leaked 1.7 GB of compressed files allegedly containing 10 million records of Hinge, Match, […]
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. Researchers at end-to-end data security company Varonis named the project Stanley after the alias of the seller, who advertises easy phishing attacks by intercepting navigation and covering a webpage with an iframe […]
1Password adds pop-up warnings for suspected phishing sites
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. The subscription-based password management service is widely used in the enterprise environment by many well-known organizations. Recently, Windows added support for native passkey management via 1Password. […]
Konni hackers target blockchain engineers with AI-built malware
The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. Believed to be associated with APT37 and Kimsuky activity clusters, Konni has been active since at least 2014 and has been seen targeting organizations in South Korea, Russia, Ukraine, and various countries in Europe. Based on samples […]
Okta SSO accounts targeted in vishing-based data theft attacks
Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. GeekFeed has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. In a new report released today by Okta, researchers explain that the phishing kits are sold as part of an […]