#phishing — Public Fediverse posts

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187c4e9fe60a946730ffb9
Pulse Link: https://otx.alienvault.com/pulse/6a187c4e9fe60a946730ffb9
Pulse Author: cryptocti
Created: 2026-05-28 17:33:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187cbd9fe60a946730ffba
Pulse Link: https://otx.alienvault.com/pulse/6a187cbd9fe60a946730ffba
Pulse Author: cryptocti
Created: 2026-05-28 17:34:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187cbd6c6d406caeef06a2
Pulse Link: https://otx.alienvault.com/pulse/6a187cbd6c6d406caeef06a2
Pulse Author: cryptocti
Created: 2026-05-28 17:34:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187cbe8cdd31d7f83c8063
Pulse Link: https://otx.alienvault.com/pulse/6a187cbe8cdd31d7f83c8063
Pulse Author: cryptocti
Created: 2026-05-28 17:34:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187cd2d4985ecd688b1c12
Pulse Link: https://otx.alienvault.com/pulse/6a187cd2d4985ecd688b1c12
Pulse Author: cryptocti
Created: 2026-05-28 17:35:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187d0757e29bb3897eac46
Pulse Link: https://otx.alienvault.com/pulse/6a187d0757e29bb3897eac46
Pulse Author: cryptocti
Created: 2026-05-28 17:36:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

🎣 Carnival Corporation April Social Engineering Breach

📝 Carnival confirms 6 million customer records stolen aft...

https://www.theregister.com/cyber-crime/2026/05/28/carnival-shinyhunters-cruised-off-with-6m-customer-records/5247808

📰 www.theregister.com - Articles

#DataBreach #Phishing

🎣 Carnival Corporation April Social Engineering Breach

📝 Carnival confirms 6 million customer records stolen aft...

https://www.theregister.com/cyber-crime/2026/05/28/carnival-shinyhunters-cruised-off-with-6m-customer-records/5247808

📰 www.theregister.com - Articles

#DataBreach #Phishing

Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted

A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.

Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault

Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted

A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.

Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault

Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted

A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.

Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault

Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted

A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.

Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault

Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted

A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.

Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault

📰 Maine Accounting Firm Data Breach Exposes Sensitive Tax and Financial Data of 928 Clients

A phishing attack at Maine accounting firm Edwards, Faust & Smith has exposed highly sensitive financial and tax data of 928 clients. Compromised info includes SSNs and bank account details. 🎣 #DataBreach #Phishing #Finance #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/maine-cpa-firm-discloses-data-breach-stemming-from-phishing-attack/?utm_sou…

📰 Maine Accounting Firm Data Breach Exposes Sensitive Tax and Financial Data of 928 Clients

A phishing attack at Maine accounting firm Edwards, Faust & Smith has exposed highly sensitive financial and tax data of 928 clients. Compromised info includes SSNs and bank account details. 🎣 #DataBreach #Phishing #Finance #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/maine-cpa-firm-discloses-data-breach-stemming-from-phishing-attack/?utm_sou…

📰 Maine Accounting Firm Data Breach Exposes Sensitive Tax and Financial Data of 928 Clients

A phishing attack at Maine accounting firm Edwards, Faust & Smith has exposed highly sensitive financial and tax data of 928 clients. Compromised info includes SSNs and bank account details. 🎣 #DataBreach #Phishing #Finance #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/maine-cpa-firm-discloses-data-breach-stemming-from-phishing-attack/?utm_sou…

📰 Maine Accounting Firm Data Breach Exposes Sensitive Tax and Financial Data of 928 Clients

A phishing attack at Maine accounting firm Edwards, Faust & Smith has exposed highly sensitive financial and tax data of 928 clients. Compromised info includes SSNs and bank account details. 🎣 #DataBreach #Phishing #Finance #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/maine-cpa-firm-discloses-data-breach-stemming-from-phishing-attack/?utm_sou…

Warning about fake FIFA websites before the 2026 World Cup

The World Cup starts in two weeks. Criminals are taking advantage of the opportunity and faking the FIFA website for phishing, among other things.

https://www.heise.de/en/news/Warning-about-fake-FIFA-websites-before-the-2026-World-Cup-11309980.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Kriminalität #FBI #IT #Phishing #Security #news

Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion

https://securityaffairs.com/192770/cyber-crime/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion.html

Read on HackerWorkspace: https://hackerworkspace.com/article/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion

#databreach #cybersecurity #phishing

Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion

https://securityaffairs.com/192770/cyber-crime/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion.html

Read on HackerWorkspace: https://hackerworkspace.com/article/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion

#databreach #cybersecurity #phishing

Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion

https://securityaffairs.com/192770/cyber-crime/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion.html

Read on HackerWorkspace: https://hackerworkspace.com/article/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion

#databreach #cybersecurity #phishing

Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion

https://securityaffairs.com/192770/cyber-crime/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion.html

Read on HackerWorkspace: https://hackerworkspace.com/article/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion

#databreach #cybersecurity #phishing

The GHOST STADIUM Score: Billions At Stake At The World’s Largest Football Tournament

Researchers uncovered a massive fraud ecosystem targeting the 2026 FIFA World Cup, identifying over 4,300 fraudulent domains impersonating FIFA's official website since August 2025. At the center operates GHOST STADIUM, a Chinese-speaking threat actor running a sophisticated phishing campaign across 300+ domains using a pixel-perfect clone of FIFA's authentication system. The operation harvests credentials, sells fake tickets, and processes payments through five distinct channels including cryptocurrency. Estimated losses from premium ticket fraud alone range from $71 million to $474 million, with total campaign losses potentially reaching billions. Six distinct fraud schemes operate in parallel: credential phishing, fake ticket sales, counterfeit merchandise, fake streaming platforms, fraudulent betting sites, and infostealer-driven credential theft. Over 2,513 FIFA account credentials are already circulating on dark-web markets. The campaign exploits Facebook advertising as its primary distribution chann...

Pulse ID: 6a16d67df4a69d07c59516be
Pulse Link: https://otx.alienvault.com/pulse/6a16d67df4a69d07c59516be
Pulse Author: AlienVault
Created: 2026-05-27 11:33:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Chinese #CyberSecurity #Facebook #InfoSec #InfoStealer #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocurrency #AlienVault

FBI warns of #Kali365 #phishing service targeting #Microsoft365 accounts

https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/

#cybersecurity

FBI warns of #Kali365 #phishing service targeting #Microsoft365 accounts

https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/

#cybersecurity

FBI warns of #Kali365 #phishing service targeting #Microsoft365 accounts

https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/

#cybersecurity

FBI warns of #Kali365 #phishing service targeting #Microsoft365 accounts

https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/

#cybersecurity

FBI warns of #Kali365 #phishing service targeting #Microsoft365 accounts

https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/

#cybersecurity

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Das #Phishing auf #Signal geht munter weiter und das ist auch nur das Vorspiel für #Putin Die gekaperten Accounts werden zur nächsten #Bundestagswahl für die Verbreitung von #FakeNews zu Gunsten der #FckAfD missbraucht werden. Installier Dir heute #Threema, zum Schutz unsere #Demokratie!

Ist ja wieder Steuersaison ... #Sicherheit #phishing

https://borncity.com/blog/2026/05/25/steuersaison-2026-cyberkriminelle-bereiten-angriffe-monate-im-voraus-vor/

Boss too tough? Salary too low? If you're after a new gig, look no further 💼

We’re tracking a recruitment‑themed phishing campaign that opens with hope of a career upgrade and ends in stolen credentials.

Victims are targeted through emails spammed out by “recruiters” impersonating real people — LinkedIn profiles copied in full, including photos and current recruiter identities. The lure leans on exciting big‑name brands including FIFA, UEFA, Nike and Spotify to anchor legitimacy before prompting victims to schedule an interview using a bogus Calendly page 👔 💫

About time they noticed your stellar performance, right? But this interview comes with a catch 🎣 To seal the deal, you'll need to log in with your company email.

The mechanics:
• Initial outreach primes the role and rapport with some feel-good shmoozing
• Link to schedule your interview lands on a cloned Calendly recruitment portal
• Follow‑on contact nudges the victim through staged redirects
• Your credentials submit their 30-day notice ⚠️

Behind the scenes:
• Convincing lookalike domains generated at scale (RDGAs), rotated aggressively
• Layered redirect chains to blur origin and intent
• Compromised or fraudulently obtained Salesforce Marketing Cloud used for delivery, helping mails sail past controls
• Lure pages clone the Pinpoint ATS — attribution supported by Pinpoint’s own Cloudinary account ID (pinpointhq) embedded in assets
• Domain validation logic limits logins to business email providers, excluding free webmail services

Sad to say, the only thing getting “shortlisted” here is your inbox for another round of credential theft.

IOCs
• brand-jobs[.]com
• brand-careers[.]com
• hr-brand[.]com
• brand-talenthub[.]com

These campaigns remain active, with the actor spinning up new lures impersonating other major brands. We regret to inform you, it seems they'll be moving forward with other candidates 😩

Better luck next time.

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #phishing

Microsoft 365 : le kit de phishing Kali365 pirate les comptes sans voler les mots de passe https://www.it-connect.fr/microsoft-365-le-kit-de-phishing-kali365-pirate-les-comptes-sans-voler-les-mots-de-passe/ #ActuCybersécurité #Cybersécurité #Microsoft #Phishing

Microsoft 365 : le kit de phishing Kali365 pirate les comptes sans voler les mots de passe https://www.it-connect.fr/microsoft-365-le-kit-de-phishing-kali365-pirate-les-comptes-sans-voler-les-mots-de-passe/ #ActuCybersécurité #Cybersécurité #Microsoft #Phishing

Microsoft 365 : le kit de phishing Kali365 pirate les comptes sans voler les mots de passe https://www.it-connect.fr/microsoft-365-le-kit-de-phishing-kali365-pirate-les-comptes-sans-voler-les-mots-de-passe/ #ActuCybersécurité #Cybersécurité #Microsoft #Phishing

Watch out for this Phishing attack on Microsoft Accounts!

I got ping'd by one of these last night. https://www.howtogeek.com/kali365-phishing-service-hijacks-microsoft-365-accounts/ #Phishing #Hack #Security #OnlineSecurity #Microsoft #MFA #Microsoft365 #OneDrive #Alert

Watch out for this Phishing attack on Microsoft Accounts!

I got ping'd by one of these last night. https://www.howtogeek.com/kali365-phishing-service-hijacks-microsoft-365-accounts/ #Phishing #Hack #Security #OnlineSecurity #Microsoft #MFA #Microsoft365 #OneDrive #Alert

Watch out for this Phishing attack on Microsoft Accounts!

I got ping'd by one of these last night. https://www.howtogeek.com/kali365-phishing-service-hijacks-microsoft-365-accounts/ #Phishing #Hack #Security #OnlineSecurity #Microsoft #MFA #Microsoft365 #OneDrive #Alert

Watch out for this Phishing attack on Microsoft Accounts!

I got ping'd by one of these last night. https://www.howtogeek.com/kali365-phishing-service-hijacks-microsoft-365-accounts/ #Phishing #Hack #Security #OnlineSecurity #Microsoft #MFA #Microsoft365 #OneDrive #Alert

Watch out for this Phishing attack on Microsoft Accounts!

I got ping'd by one of these last night. https://www.howtogeek.com/kali365-phishing-service-hijacks-microsoft-365-accounts/ #Phishing #Hack #Security #OnlineSecurity #Microsoft #MFA #Microsoft365 #OneDrive #Alert

#Phishing: Angebliche Sicherheitsaktualisierung zur #Amazon-Visa-Karte bei #Openbank Pay: https://verbraucherzentrale.nrw/phishing

Phishing Trends: February 2026 – April 2026

We observed decreases in overall phishing attacks reported, unique domain names reported for phishing, and phishing attacks hosted at free or cheap web site services. But not all good news. Other stories:

Weed Prevention Fails in .GARDEN

Small TLDs Under Siege

Spaceship Takes Off… But Not in a Good Way

Cloudflare Is King of a Reshuffled Top 20 Mountain

Ball of Confusion?

https://lnkd.in/e8bigV_P

#phishing #fraud #cybercrime #fakesites #cybersecurity

https://www.europesays.com/be-nl/70025/ Nieuw phishingplatform kaapt Microsoft 365-accounts zonder wachtwoord #BE #België #Belgium #cyberaanval #cybersecurity #FBI #Kali365 #MFA #Microsoft365 #PhaaS #Phishing #Science #ScienceAndTechnology #ScienceAndTechnology #Technologie #Technology #Wetenschap #WetenschapEnTechnologie #WetenschapTechnologie

Vor der Fußball-WM 2026 warnen Sicherheitsforscher vor einem massiven Phishing-Netzwerk: Mindestens 222 gefälschte Webseiten imitieren offizielle FIFA-Seiten und leiten eingegebene Daten direkt an Kriminelle weiter. Mehrere unabhängige Tätergruppen sind aktiv. Wer WM-Tickets kaufen möchte: URL direkt eingeben, keine Links aus Mails oder Messenger-Nachrichten nutzen. #Cybersecurity #Phishing #WM2026 #Datenschutz #Fußball

Vor der Fußball-WM 2026 warnen Sicherheitsforscher vor einem massiven Phishing-Netzwerk: Mindestens 222 gefälschte Webseiten imitieren offizielle FIFA-Seiten und leiten eingegebene Daten direkt an Kriminelle weiter. Mehrere unabhängige Tätergruppen sind aktiv. Wer WM-Tickets kaufen möchte: URL direkt eingeben, keine Links aus Mails oder Messenger-Nachrichten nutzen. #Cybersecurity #Phishing #WM2026 #Datenschutz #Fußball

Vor der Fußball-WM 2026 warnen Sicherheitsforscher vor einem massiven Phishing-Netzwerk: Mindestens 222 gefälschte Webseiten imitieren offizielle FIFA-Seiten und leiten eingegebene Daten direkt an Kriminelle weiter. Mehrere unabhängige Tätergruppen sind aktiv. Wer WM-Tickets kaufen möchte: URL direkt eingeben, keine Links aus Mails oder Messenger-Nachrichten nutzen. #Cybersecurity #Phishing #WM2026 #Datenschutz #Fußball