BleepingComputer reports that Chinese cybercrime group XinXin has leveraged the Lucid phishing-as-a-service platform to target 169 organizations around the world with malicious Android and iOS smishing messages.Attacks involved the distribution of 100,000 end-to-end encrypted mobile phishing messages purporting to be tax, shipping, or toll payment alerts that include links redirecting to bogus websites spoofing Amazon, DHL, American Express, HSBC, the U.S. Postal Service, Royal Mail, and other organizations, a PRODAFT report revealed. Aside from facilitating the exfiltration of personal and financial details, Lucid also enables the immediate testing of pilfered credit cards through an integrated validator. "To enhance effectiveness, Lucid leverages Apple iMessage and Android's RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates," said PRODAFT researchers, who added that attackers' exploitation of both operating systems' respective messaging technologies also bolsters the cost-effectiveness of the phishing scheme.
Coverage from Tech Radar indicates that a sophisticated phishing-as-a-service platform, known as Kali365, Octopi365, and Freedom365, is actively targeting Microsoft accounts.
Check Point Research reported that in May 2026, the hospitality, travel, and recreation sector faced an average of 2,291 weekly cyberattacks per organization, a 24% increase from the previous month and more than double the volume seen in May 2023.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
