FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass ...
Dark Reading

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

In the wake of a major takedown of phishing's biggest brand name, Tycoon 2FA, phishers worldwide have scattered. Some have stuck around, but many have moved to other phishing service providers, and ...
Geeky Gadgets

What Is Quishing? How Hackers Use QR Codes to Steal Your Data

What if a simple scan of a QR code could compromise your most sensitive information? Imagine sitting at a café, scanning a code to access the menu, only to unknowingly hand over your login credentials ...
CSOonline

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an ...
CSOonline

Phishing sites posing as DeepSeek downloads drop a proxy backdoor

Kaspersky is warning LLM users of a new malicious campaign distributing a previously unknown malware, dubbed “BrowserVenom,” through a fake DeepSeek-R1 environment installer. According to findings by ...