phishing
New CoPhish attack steals OAuth tokens via Copilot Studio agents
A new phishing technique dubbed ‘CoPhish’ weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. The technique was developed by researchers at Datadog Security Labs, who warned in a report earlier this week that Copilot Studio’s flexibility introduces new, undocumented phishing risks. Although CoPhish relies on social […]
Fake LastPass death claims used to breach password vaults
LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. The activity started in mid-October, and the domains and infrastructure used point to a financially motivated threat group called CryptoChameleon (UNC5356). CryptoChamemelon employs a phishing kit specializing in cryptocurrency theft, targeting multiple wallets […]
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor
State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. The threat actor is also known as Static Kitten, Mercury, and Seedworm, and it typically targets government and private organizations in the Middle East region. Starting August 19, the hackers launched a phishing campaign from […]
New MatrixPDF toolkit turns PDFs into phishing and malware lures
A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft or malware downloads. The new tool was spotted by Varonis researchers, who told GeekFeed that MatrixPDF was first spotted on a cybercrime forum. The seller also […]
PyPI urges users to reset credentials after new phishing attacks
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default source for Python’s package management tools, hosting hundreds of thousands of packages and providing developers with a centralized platform to distribute third-party software […]
GitHub notifications abused to impersonate Y Combinator for crypto theft
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. Y Combinator is a startup accelerator that funds and mentors projects in their early stages, and connects founders with a network of alumni and venture capital firms. The attacker abused GitHub’s notification system to […]
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service
Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials. In early September 2025, in coordination with Cloudflare’s Cloudforce One and Trust and Safety teams, Microsoft’s Digital Crimes Unit (DCU) disrupted the cybercrime operation by seizing 338 websites and Worker accounts linked to RaccoonO365. The […]
New FileFix attack uses steganography to drop StealC malware
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. FileFix is a new variant of the ClickFix family of attacks, which uses social engineering attacks to trick users into pasting malicious commands into operating system dialog boxes as supposed “fixes” for problems. The FileFix technique was […]
New VoidProxy phishing service targets Microsoft 365, Google accounts
A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. The platform uses adversary-in-the-middle (AitM) tactics to steal credentials, multi-factor authentication (MFA) codes, and session cookies in real time. VoidProxy was discovered by Okta Threat Intelligence researchers, who describe it as […]
iCloud Calendar abused to send phishing emails from Apple’s servers
iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. Earlier this month, a reader shared an email with GeekFeed that claimed to be a payment receipt for $599 charged against the recipient’s […]