VENOM Phishing Campaign Targets Executives, Bypasses MFA
A sophisticated new phishing operation is going after the people at the top. The VENOM phishing campaign, uncovered by researchers at Abnormal AI, has been quietly targeting CEOs, CFOs, and other senior executives since at least November 2025. It uses a purpose-built platform to steal Microsoft 365 credentials and maintain access to corporate accounts — even after victims change their
Bubble AI Exploited in Microsoft Credential Phishing
Phishers have found a new way to slip past email security filters, and it involves a tool most people associate with building legitimate apps. Attackers are now abusing Bubble AI, a no-code app-building platform, to create and host malicious web apps designed to steal Microsoft account credentials. The approach is convincing, hard to detect, and security researchers warn it is
FBI Warns of Russian Signal Phishing Attack Campaign
A major Signal phishing attack campaign is actively targeting journalists, politicians, military personnel, and current and former U.S. government officials. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint public service announcement last Friday, formally linking the operation to Russian intelligence services. Thousands of accounts have already been compromised globally, and the attacks are still ongoing.
HungerRush Extortion Emails Target Restaurant Customers
Restaurant customers across the United States recently received alarming messages tied to HungerRush extortion emails, a campaign that attempted to pressure the restaurant technology provider with threats of data exposure. The attacker distributed mass emails directly to patrons of restaurants using the HungerRush platform, claiming to possess sensitive data and demanding payment. Early reports quickly circulated online as recipients shared
Zendesk Spam Wave Returns With Fake Account Activation Emails
A renewed Zendesk spam wave is flooding inboxes worldwide with unsolicited “Activate your account” emails that appear to come from trusted companies. Many recipients never signed up for any service, yet the messages look authentic and often bypass spam filters. The scale and persistence of the campaign have raised concerns among security teams, especially as the emails originate from legitimate
FanDuel Identity Fraud Scheme Leads to Federal Charges
Federal authorities have charged two men accused of running an extensive betting fraud operation that targeted FanDuel and several other regulated gambling platforms. The FanDuel identity fraud case sheds light on how stolen personal information can be scaled into a sustained criminal enterprise when combined with promotional abuse and weak identity verification controls. Investigators say the operation relied on thousands
