Redirect
Bubble AI app builder abused to steal Microsoft account credentials
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. Because the web app is hosted on a legitimate platform, email security solutions do not flag the link as a potential threat, allowing users to access the page. Security researchers […]
Microsoft: Hackers abuse OAuth error flows to spread malware
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. The attacks target government and public-sector organizations with phishing links that prompt users to authenticate to a malicious application, Microsoft Defender researchers say. with e-signature requests, Social Security notices, meeting invitations, password resets, […]
Malicious NPM packages abuse Adspect redirects to evade security
Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. The purpose of the attack is to lead victims to cryptocurrency scam sites, according to an analysis from researchers at application security company Socket. All malicious packages were published under the developer […]
LinkedIn phishing targets finance execs with fake board invites
Hackers are abusing LinkedIn to target finance executives with direct-message phishing attacks that impersonate executive board invitations, aiming to steal their Microsoft credentials. The campaign was spotted by Push Security, which says it recently blocked one of these phishing attacks that began with a LinkedIn message containing a malicious link. GeekFeed has learned that these phishing […]
Hackers abuse WordPress MU-Plugins to hide malicious code
Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the rise, with threat actors now utilizing the folder to run three distinct types of malicious code. “The fact […]
Malware campaign ‘DollyWay’ breached 20,000 WordPress sites
A malware operation dubbed ‘DollyWay’ has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. The campaign has evolved significantly in the past eight years, leveraging advanced evasion, re-infection, and monetization strategies. According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its […]
Google’s mysterious ‘search.app’ links leave Android users concerned
Google has left Android users puzzled after the most recent update to the Google mobile app causes links shared from the app to now be prepended with a mysterious “search.app” domain. As the Google app is a popular portal for searching the web for Android users and delivers a personalized content news feed referred to […]
Fake X content warnings on Ukraine war, earthquakes used as clickbait
X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. For months, X has been flooded with posts that contain what […]