Phishing

BleepingComputer reports that more advanced features and increased stealth have been added to the updated Vultur Android banking trojan, which is being distributed via hybrid attacks.

Netcraft researchers say the Chinese-language PhaaS platform targeted postal organization in more than 100 countries, including USPS.

Threat actors have launched a new phishing campaign using fraudulent bank payment notifications to facilitate the deployment of the Agent Tesla information-stealing and keylogging malware, The Hacker News reports.

Malicious websites redirecting to fraudulent giveaways, tech support scams, and spam subscriptions were discovered by search engine optimization expert Lily Ray and pushed by Google's newly launched artificial intelligence-based Search Generative Experience functionality.

Microsoft 365 and Gmail accounts have been increasingly targeted with attacks leveraging the new Tycoon 2FA phishing-as-a-service kit.

Google Mandiant says APT29 targeted German politicians and is a threat to Western political parties.

Attackers leveraged the hijacked email account to send phishing emails using a €50 voucher for ticket purchases as a lure that redirected to a spoofed Spa GP website that sought targets' banking details and other personal information.

The industry has made significant gains with phishing-resistant authentication. Here’s how.