New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials.…
Microsoft disrupts ONNX phishing-as-a-service infrastructure
Microsoft has seized 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across…
New Mamba 2FA bypass service targets Microsoft 365 accounts
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted…
‘ONNX’ MFA Bypass Targets Microsoft 365 Accounts
The service, likely a rebrand of a previous operation called 'Caffeine,' mainly targets financial institutions in the Americas and EMEA…
ONNX phishing service targets Microsoft 365 accounts at financial firms
A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR…
New V3B phishing kit targets customers of 54 European banks
Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland,…
New Darcula phishing service targets iPhone users via iMessage
A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users…
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and…
LabHost cybercrime service lets anyone phish Canadian bank users
The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in…
Police takes down BulletProftLink large-scale phishing provider
The notorious BulletProftLink phishing-as-a-service (PhaaS) platform that provided more than 300 phishing templates has been seized, the Royal Malaysian Police announced. [...]