11 Jul, 2026

New FileFix attack uses steganography to drop StealC malware

A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. FileFix is a new variant of the ClickFix family of attacks, which uses social engineering attacks to trick users into pasting malicious commands into operating system dialog boxes as supposed “fixes” for problems. The FileFix technique was […]

4 mins read

iCloud Calendar abused to send phishing emails from Apple’s servers

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. Earlier this month, a reader shared an email with GeekFeed that claimed to be a payment receipt for $599 charged against the recipient’s […]

4 mins read

Amazon disrupts Russian APT29 hackers targeting Microsoft 365

Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data. Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets “to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code […]

2 mins read

AI website builder Lovable increasingly abused for malicious activity

Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. The malicious sites created through the platform impersonate large and recognizable brands, and feature traffic filtering systems like CAPTCHA to keep bots out. While Lovable has taken steps to better protect its platform […]

3 mins read

Hackers steal Microsoft logins using legitimate ADFS redirects

Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. The method lets attackers bypass traditional URL-based detection and the multi-factor authentication process by leveraging a trusted domain on Microsoft’s infrastructure for the initial redirect. Legitimacy of a […]

3 mins read

Perplexity’s Comet AI browser tricked into buying fake items online

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. Agentic AI browsers can autonomously browse, shop, and manage various online tasks (like handling email, booking tickets, filing forms, or controlling accounts). Perplexity’s Comet is currently […]

3 mins read

XenoRAT malware campaign hits multiple embassies in South Korea

A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. According to Trellix researchers, the campaign has been running since March and is ongoing, having launched at least 19 spearphishing attacks against high-value targets. Although infrastructure and techniques match the pllaybook of North Korean actor Kimsuky (APT43), there are signs that better […]

3 mins read

Booking.com phishing campaign uses sneaky ‘ん’ character to trick you

Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese hiragana character, ん, which can, on some systems, appear as a forward slash and make a phishing URL appear realistic to a person at a casual glance. GeekFeed has […]

4 mins read