Phishing news

AI presents both opportunities and significant risks for growing businesses. Cybercriminals are leveraging AI to launch more effective and targeted attacks. For example, AI-automated phishing has proven to be 4.5 times more effective than traditional methods, creating new challenges for business leaders balancing growth and security.

Phishing emails that bypass security filters create a dangerous gap for businesses. After a single click, security teams are often unsure about the extent of the exposure. Early detection systems are crucial for closing this gap, helping teams quickly understand the risk and respond effectively to threats.

A new phishing-as-a-service platform called EvilTokens has compromised over 340 Microsoft 365 organizations. The attack tricks users into authorizing a malicious app via a device login flow, effectively bypassing multi-factor authentication and granting attackers access to their accounts without needing passwords or MFA codes.

A new variant of the 'SHub' macOS infostealer is targeting users with fake Apple security update prompts. The malware uses AppleScript to display a convincing dialog box, tricking users into entering their password. This installs a backdoor, giving attackers access to steal browser data and cryptocurrency wallets.

INTERPOL's 'Operation Ramz' has led to the arrest of over 200 individuals in the Middle East and North Africa. The operation successfully dismantled significant cybercrime infrastructure, seizing 53 servers used for malware distribution and phishing attacks. This coordinated effort highlights a major crackdown on regional cyber threats.

A phishing kit named Tycoon2FA has been updated to bypass two-factor authentication on Microsoft 365 accounts. It uses a technique called device-code phishing and abuses legitimate click-tracking URLs to evade detection, posing a significant threat for organizations using Microsoft's cloud services.