This page collects WhisperX intelligence signals tagged #phishing. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Cybersecurity threat intelligence indicates a significant evolution in cryptocurrency-focused attack methodologies, with threat actors now employing sophisticated social engineering techniques that bypass traditional security controls. Recent analysis reveals two distinct but complementary attack vectors that have emer...
A new phishing-as-a-service platform named 'Starkiller' is enabling cybercriminals to bypass traditional detection methods by dynamically loading the *real* login pages of target brands and acting as a stealthy relay between victims and legitimate sites. Unlike static phishing kits, Starkiller uses cleverly disguised l...
Two open redirect vulnerabilities have been identified within a codebase, creating a direct pathway for potential phishing attacks. The flaws, classified with medium severity, reside in two separate route files where user-controlled input is used to construct redirect URLs without proper validation. This allows attacke...
A front-end breach at DeFi risk curator Steakhouse Financial has turned its official website and mobile app into a trap, redirecting new users to a malicious phishing operation. The company disclosed the attack on Monday, March 30, 2026, warning that any interaction with its digital platforms likely leads to a hacker-c...
A security audit has identified two open redirect vulnerabilities within a codebase, classified as a medium-severity risk. The flaws, present in two separate route files, allow user-controlled input to dictate redirect destinations without validation. This creates a direct vector for phishing attacks, where attackers c...
A critical security vulnerability in the Gno.land blockchain ecosystem has been patched, preventing malicious actors from injecting phishing links into rendered markdown outputs. The flaw, tracked as GHSA-q5xx-v955-c7vg, resided in the `Render()` function, where user-supplied strings were not properly sanitized. This c...
A critical security flaw in the DIA platform allows attackers to redirect users to arbitrary malicious websites. The vulnerability resides in the `redirectToExternalUrl()` method, which accepts an external URL from the backend API and passes it directly to the browser without any validation, domain allowlisting, or pro...
The threat landscape has intensified, with ransomware-as-a-service (RaaS) operations and sophisticated supply chain attacks driving a surge in critical incidents. Over the past 24 hours, six reports were rated critical, dominated by DragonForce claiming five new victims across pharmaceuticals, manufacturing, and retail...
A critical open redirect vulnerability has been patched in a patient portal's messaging system. The flaw, located in the `portal/messaging/handle_note.php` script, allowed an attacker to redirect authenticated patients to malicious phishing pages after they performed a messaging action. The vulnerability stemmed from t...
A sophisticated hack-for-hire operation has been caught running a multi-pronged spying campaign, targeting victims through Android spyware and iCloud credential phishing. Security researchers exposed the group's activities, revealing a commercialized threat that bypasses traditional security perimeters by directly comp...
Một chiến dịch lừa đảo công nghệ cao, mạo danh hệ thống thanh toán Apple Pay, đang lan rộng với tốc độ đáng báo động. Chiến dịch này trực tiếp đe dọa an toàn tài chính của hàng triệu người dùng iPhone, lợi dụng uy tín của thương hiệu Apple để đánh cắp thông tin cá nhân và tài chính. Đây không phải là một trò lừa đảo th...
Un récit personnel publié par Ars Technica met en lumière les défaillances systémiques de Discord en matière de sécurité et de support utilisateur, particulièrement pour les mineurs. Un père de famille américain détaille l'impuissance totale qu'il a rencontrée après le piratage du compte Discord de sa fille. Malgré ses...
Một chiến dịch lừa đảo mạng mới, được các chuyên gia an ninh đánh giá là vô cùng tinh vi, đang nhắm mục tiêu trực tiếp vào người dùng trong hệ sinh thái Apple. Mục đích cuối cùng của kẻ tấn công là chiếm đoạt thông tin cá nhân và tài sản trong tài khoản ngân hàng của nạn nhân. Đây không phải là một trò lừa đảo thông th...
The FBI has dismantled a sophisticated phishing operation that successfully compromised thousands of victims worldwide by stealing not just passwords, but also the multi-factor authentication (MFA) codes meant to protect them. This takedown highlights a critical escalation in credential theft, moving beyond simple pass...
A sophisticated scam has siphoned over $9 million in cryptocurrency from unsuspecting holders through a fraudulent Ledger Live application listed on Apple's official Mac App Store. The fake app, which successfully bypassed Apple's security vetting, has already impacted more than 50 users, including musician G. Love, hi...
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) warnt vor einer steigenden Zahl gezielter Phishing-Angriffe auf Nutzerkonten des verschlüsselten Messengers Signal. Angreifer kapern dabei regelmäßig Konten, indem sie Nutzer mit gefälschten Nachrichten oder Links in die Falle locken. Diese Attacken stellen ...
A ransomware crew is publicly boasting of a 'mega-haul' of stolen data from UK enterprise software consultancy The Adaptavist Group, directly contradicting the company's official statements and triggering a wave of imposter phishing emails. The breach, confirmed by Adaptavist, originated from an intruder using stolen c...
Ein aktueller Phishing-Angriff auf Bankkunden ist offenbar gründlich schiefgelaufen. Die Betrüger haben E-Mails verschickt, die sich an Kunden einer bestimmten Bank richten sollten – doch die Empfänger gehörten größtenteils gar nicht zu dieser Bank. Die Aktion stiftete daher vor allem Verwirrung, anstatt erfolgreich se...
A senior member of the notorious cybercrime group ‘Scattered Spider’ has pleaded guilty to federal charges, admitting to a sophisticated phishing campaign that siphoned tens of millions in cryptocurrency from investors. Tyler Robert Buchanan, a 24-year-old British national known by the handle ‘Tylerb,’ confessed to wir...
Ermittler untersuchen einen mutmaßlichen Spionageangriff auf den verschlüsselten Messengerdienst Signal, bei dem Unbekannte gezielt hochrangige Politikerschaft und Bundesbehörden ins Visier genommen haben. Betroffen sind nach Informationen von Handelsblatt führende Köpfe aus dem Bundestag, Ministerien sowie Sicherheits...