Phishing

Threat actors could stealthily compromise Microsoft accounts through the exploitation of the Azure CLI OAuth app as part of the new ConsentFix attack, which is yet another twist to the ClickFix social engineering technique, according to BleepingComputer.

Email attack techniques are evolving quickly, and traditional secure gateways can't keep up. Context-aware, AI-powered email monitoring may be the solution.

Threat actors have exploited cybersecurity firm Mimecast's secure-link rewriting capability to deploy over 40,000 phishing emails mimicking SharePoint and DocuSign worldwide, Cybernews reports.

Malicious Google Search ads redirecting to ChatGPT and Grok guides have been harnessed to distribute the Atomic macOS Stealer, or AMOS, malware as part of a ClickFix attack campaign, BleepingComputer reports.

The SE Enterprise, formed through online gaming connections, targeted wealthy cryptocurrency investors across the United States.

The Spiderman kit is a sophisticated, ready-made program that eliminates the need for coding knowledge, enabling attackers to quickly mimic the login pages of dozens of European financial institutions and cryptocurrency platforms.