Collaborate Disseminate
Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during MFA prompts, has been identified by researchers at Fortra. Fortra based its ana… Continue reading Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials
Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) arrested four suspected members of an organized cybercrime group accused of SIM swap attacks, cryptocurrency theft, and money laundering. The operation involved agents from the… Continue reading SIM-swapping gang busted in international police operation
Microsoft has given Windows 10 users another year of free security updates, extending its consumer Extended Security Updates (ESU) program until October 12, 2027. “Windows 10 support has ended. You can enroll in ESU any time until the program ends on O… Continue reading Microsoft gives Windows 10 users an unexpected extra year of free security updates
Submitting a suspicious file to VirusTotal or MalwareBazaar places a copy of that file on a platform other people can search. Analysts across the industry rely on these services to get a quick verdict on whether a binary is dangerous. The convenience c… Continue reading A privacy-first take on local malware analysis
A relatively new backdoor called Mistic has been deployed in multiple attacks since April 2026 targeting organizations in the insurance, education, IT, and professional services sectors, according to Symantec. The malware appears to be associated with … Continue reading Stealthy new backdoor surfaces in attacks on multiple sectors
A 21-year-old man known online as “Snoopy” was sentenced to 18 months in prison for his role in a scheme that hacked user accounts on a fantasy sports and betting website and sold access to them, causing hundreds of thousands of dollars in … Continue reading Hacker gets 18 months for attack that compromised 60,000 betting accounts
WhatsApp is rolling out a warning screen on Android and iOS that appears before users open chats with unfamiliar phone numbers. Meta hopes that this new feature will help users avoid scammers. WhatsApp chats warning screen (Source: WABetaInfo) “WhatsAp… Continue reading WhatsApp will warn users before they message a potential scammer
An Algerian national accused of running online marketplaces that sold phishing kits and fraud tools has been extradited from Spain to the United States to face bank fraud conspiracy charges.
The post Algerian national accused of running cybercrime mark… Continue reading Algerian national accused of running cybercrime marketplaces extradited to US
Healthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network. The company develops AI-powered software for hospitals, health systems, and health plans and serves more than 600 hospitals and health… Continue reading Phishing attack on healthcare firm Xsolis impacts 1.4 million people
LastPass disclosed that attackers used OAuth tokens compromised in a supply chain attack on Klue, a market intelligence platform that integrates with CRM and sales tools across organizations, to access customer data stored in its Salesforce environment… Continue reading LastPass customer data exposed through Klue supply chain attack