Phishing

BleepingComputer reports that Google was discovered by Ethereum Name Service lead developer Nick Johnson to have had an OAuth vulnerability leveraged to facilitate the delivery of a bogus email purporting to be a security alert from the company with a valid DomainKeys Identified Mail authentication key as part of a DKIM replay phishing intrusion.

Massive ongoing US toll fraud underpinned by Chinese smishing kit Numerous threat actors have been leveraging an SMS phishing kit developed by Chinese threat actor "Wang Duo Yu" to conduct a widespread smishing attack campaign against toll road users across several U.S. states that has been underway since October, The Hacker News reports.

The FBI has warned that cybercriminals have been masquerading as Internet Crime Complaint Center employees assisting in the recovery of pilfered funds to compromise financial details from victims of fraud as part of an ongoing scam campaign, Cybernews reports.

More threat actors have been leveraging the newly emergent SheByte phishing-as-a-service platform to target U.S. and Canadian organizations since the disruption of the major PhaaS platform LabHost in an international law enforcement operation last year, Cybernews reports.

BleepingComputer reports that government organizations and private firms have been subjected to attacks exploiting the recently patched Windows NTLM hash leak vulnerability, tracked as CVE-2025-24054, as part of separate phishing campaigns between Mar. 20 and Mar. 25, with one of the identified IP addresses associated with Russian state-backed threat operation APT28, also known as Fancy Bear.

Attacks leveraging the ClickFix social engineering technique have been increasingly conducted by state-backed threat operations to facilitate malware infections over the past few months, reports The Hacker News.