Snapchat Account Hacking Left Hundreds of Accounts Exposed
Snapchat account hacking often succeeds not because of technical flaws, but because attackers understand how to manipulate people. A recent federal case in the United States illustrates this reality clearly, showing how a single individual accessed hundreds of private accounts by exploiting trust rather than exploiting software. The case highlights a growing pattern in cybercrime, where attackers bypass security protections
Cloud Storage Payment Scam Floods Inboxes With Fake Renewals
Inbox phishing has entered a new phase as a widespread cloud storage payment scam targets users with urgent fake renewal notices. The messages claim storage plans have expired or payments failed, warning that files could soon be deleted. By exploiting fear around lost photos, backups, and documents, attackers pressure recipients into acting quickly and without verification. The campaign stands out
Fake Calendly Invites Target Ad Managers in New AiTM Campaign
Attackers abuse fake Calendly invites in a new phishing wave that aims at agencies, advertisers, and in-house marketing teams. The campaign impersonates major global brands and uses advanced Attacker-in-the-Middle techniques to capture credentials and session tokens. These tactics enable rapid takeovers of Google Workspace and Facebook Business accounts connected to high-value advertising platforms. Researchers note that the operation continues to
Scattered Lapsus Hunters Target Tech With 40 Malicious Domains
Security researchers uncovered a large phishing operation linked to Scattered Lapsus Hunters, a threat group that registered more than 40 fake domains. These lookalike sites imitate major tech companies and aim to harvest credentials from employees and consumers. The discovery highlights the growing sophistication behind phishing campaigns that exploit brand trust and corporate identity. How the Campaign Works Researchers from
LinkedIn Phishing Campaign Targets Finance Executives
A new LinkedIn phishing campaign is targeting finance executives with fake invitations to join an exclusive board. The attack uses professional pretexts, trusted cloud platforms, and advanced phishing methods to steal login credentials and bypass multi-factor authentication. How this LinkedIn Phishing Campaign Works The campaign begins with a direct message on LinkedIn inviting the target to join the “Executive Board”
RaccoonO365 Phishing Service Disrupted by Microsoft and Cloudflare
Microsoft and Cloudflare have joined forces to dismantle the RaccoonO365 phishing service, one of the most widespread phishing-as-a-service operations uncovered to date. The joint takedown targeted the infrastructure and domains used by cybercriminals to conduct massive credential theft campaigns against Microsoft 365 users worldwide. This disruption represents more than just the removal of malicious domains. It highlights the ongoing battle
VoidProxy Phishing Targets Microsoft 365 & Google Accounts
The VoidProxy phishing attack is an emerging cyber threat targeting cloud accounts on Microsoft 365 and Google platforms. This attack service enables attackers to bypass multi-factor authentication (MFA) and steal sensitive credentials. VoidProxy is designed for simplicity, allowing low-skill cybercriminals to deploy phishing campaigns with minimal effort. As organizations increasingly rely on cloud services, understanding this threat and implementing preventive
Salty2FA Phishing Kit Targets Enterprises With MFA Bypass
The Salty2FA phishing kit has quickly gained attention as one of the most dangerous phishing tools of 2025. Unlike older phishing kits that only capture usernames and passwords, this service also bypasses multiple forms of multi-factor authentication (MFA). That ability makes stolen credentials far more valuable and leaves enterprises exposed to full-scale account takeovers. What Makes Salty2FA Different? Salty2FA is
Booking.com Phishing Scam Exploits Sneaky Unicode Character
Booking.com phishing scam campaigns are using a deceptive Unicode character to trick users into visiting malicious sites. The attack replaces expected URL symbols with a Japanese hiragana character that closely resembles common punctuation. This clever substitution makes fake links appear genuine, leading victims to phishing pages that install dangerous malware. How the Scam Works Cybercriminals insert the hiragana character “ん”
Fake Crypto Wallet Extensions Flood Firefox Store
A recent surge of malicious browser extensions targeting cryptocurrency users has been uncovered in the Firefox Add-ons Store, putting unsuspecting users at risk of devastating financial losses. Cybersecurity researchers have identified over 40 fake wallet extensions impersonating popular crypto wallets, including MetaMask, Coinbase Wallet, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero. This malicious campaign, dubbed "FoxyWallet," has been active
