Microsoft has confirmed plans to address a newly discovered phishing method known as CoPhish, which abuses Copilot Studio agents to send fraudulent OAuth consent requests through trusted Microsoft domains, according to BleepingComputer.
BleepingComputer reports that the threat group CryptoChameleon sends phishing emails to LastPass users requesting access to their password vaults by uploading death certificates.
Attacks by the Chinese phishing operation Smishing Triad, which consists of thousands of threat actors to support a far-reaching phishing ecosystem, have escalated, according to CyberScoop.
Pakistan-linked threat operation Transparent Tribe, also known as APT36, has targeted Indian government organizations' Linux-based systems with the new DeskRAT malware as part of a cyberespionage campaign that commenced in June, Infosecurity Magazine reports.
Cybernews reports that leading crypto platforms MetaMask, WalletConnect, Phantom, and Backpack have joined a new real-time phishing defense network launched by security researchers at Security Alliance.
UNICEF, the International Committee of the Red Cross, and other organizations part of the Ukraine war relief effort, as well as Ukrainian regional government administration members, have been subjected to a one-day spear-phishing attack spreading the WebSocket RAT malware, according to BleepingComputer.
Fake job offers leveraged in Facebook credential phishing campaign HackRead reports that widely known brands, including KFC, Red Bull, and Ferrari, have been impersonated in fraudulent job postings aimed at compromising Facebook login details as part of a sweeping credential phishing campaign.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
