A new phishing attack is targeting Microsoft 365 accounts, where attackers trick users into giving them access to their accounts. The attack, which is linked to Russian hackers, involves sending fake messages that ask users to enter a code on a legitimate Microsoft login page. By entering the code, attackers bypass security checks like Multi-Factor … Read more
A new phishing campaign impersonates services like Microsoft SharePoint, Google Drive, and DocuSign to steal credentials. Attackers send emails with SVG image files containing hidden links that redirect users to fake login pages. Cyber criminals are distributing phishing emails with malicious SVG files that can bypass traditional security measures. SVG files are commonly used for … Read more
A new phishing campaign is targeting organizations that rely on Microsoft ADFS for single sign-on. Attackers send emails posing as IT staff, urging recipients to click on fake ADFS login links, in an attempt to steal credentials. Cyber criminals are increasingly targeting organizations that use ADFS. It is a service by Microsoft that allows users … Read more
A new phishing campaign is exploiting tax season, targeting financial organizations and individuals globally. Attackers are impersonating tax agencies and financial institutions to steal credentials and spread malware. Multiple phishing campaigns are impersonating legitimate entities like HM Revenue & Customs (HMRC), Intuit (US), and myGov (Australia). These emails mimic official branding and language to appear … Read more
