Phishing

Attacks with Whisper 2FA PhaaS kit escalate, report finds Almost a million phishing intrusions have been fueled by the Whisper 2FA phishing-as-a-service kit since July, making it the third most prevalent PhaaS kit after Tycoon and EvilProxy, according to Infosecurity Magazine.

BleepingComputer reports that threat actors have been spreading bogus LastPass and Bitwarden breach alerts to facilitate desktop compromise as part of a phishing campaign that has been underway since the weekend.

The new TA585 threat group abuses compromised websites and GitHub issues to spread malware.

BleepingComputer reports that individuals across New York have been subjected to a new smishing campaign exploiting the state's "Inflation Refund Initiative," which was launched to curb the impact of inflation among qualified taxpayers.

Almost 100 brands spoofed by Chinese phishing kit Financial fraud incidence has ramped up with the proliferation of the Chinese-developed YYlaiyu phishing-as-a-service kit, which has been impersonating 97 different brands, reports The Register.

The campaign leveraged more than 630 HTML files to lure victims to fake login pages.

US universities subjected to 'payroll pirate' intrusions Twenty-five universities across the U.S. have had their employees targeted by the Storm-2657 threat operation with phishing emails looking to divert salary payments as part of a payroll piracy campaign that commenced in March, according to The Record, a news site by cybersecurity firm Recorded Future.

More Russian state-backed threat actors were noted by Ukraine's Computer Emergency Response Team to be deploying artificial intelligence-powered cyberattacks to infiltrate the country's increasingly robust cybersecurity defenses, according to The Record, a news site by cybersecurity firm Recorded Future.