phishing

FBI warns of phishing scams impersonating city officials for permit fees

• phishing

FBI warns of phishing scams impersonating city officials for permit fees

SC Staff March 10, 2026

The phishing campaigns target those applying for land-use permits, using details like property addresses, case numbers, and...

Read More Read more about FBI warns of phishing scams impersonating city officials for permit fees

Fake LastPass alerts seek master password compromise

• identity
• phishing

Fake LastPass alerts seek master password compromise

SC Staff March 5, 2026

LastPass has alerted users regarding the delivery of fraudulent security alerts aimed at exfiltrating master passwords as...

Read More Read more about Fake LastPass alerts seek master password compromise

Russian phishing campaign hits Ukraine with novel malware

• malware
• phishing
• threat-intelligence

Russian phishing campaign hits Ukraine with novel malware

SC Staff March 5, 2026

Russian phishing campaign hits Ukraine with novel malware Attacks delivering novel malicious payloads have been deployed by...

Read More Read more about Russian phishing campaign hits Ukraine with novel malware

Tycoon 2FA phishing kit disrupted by global operation

• phishing
• threat-intelligence

Tycoon 2FA phishing kit disrupted by global operation

SC Staff March 5, 2026

Major phishing-as-a-service platform Tycoon 2FA has been disrupted following a Microsoft-led operation that involved Europol and half...

Read More Read more about Tycoon 2FA phishing kit disrupted by global operation

New phishing attacks exploit stolen digital certificates for malicious software

• malware
• phishing
• security-operations
• threat-intelligence

New phishing attacks exploit stolen digital certificates for malicious software

SC Staff March 5, 2026

The attackers are using compromised Extended Validation (EV) certificates, specifically one issued to TrustConnect Software PTY LTD,...

Read More Read more about New phishing attacks exploit stolen digital certificates for malicious software

Cloudflare report: Cybercrime industrialized with AI and cloud exploitation

• identity
• phishing
• security-operations
• threat-intelligence

Cloudflare report: Cybercrime industrialized with AI and cloud exploitation

SC Staff March 4, 2026

The report highlights a shift towards stealth and efficiency, with threat actors prioritizing speed, automation, and return...

Read More Read more about Cloudflare report: Cybercrime industrialized with AI and cloud exploitation

New Starkiller phishing kit bypasses MFA, mimics legitimate sites

• identity
• phishing
• threat-intelligence

New Starkiller phishing kit bypasses MFA, mimics legitimate sites

SC Staff March 4, 2026

Starkiller operates by launching a headless Chrome browser within a Docker container, acting as a reverse proxy...

Read More Read more about New Starkiller phishing kit bypasses MFA, mimics legitimate sites

Microsoft flags phishing campaign abusing Entra ID, Google OAuth links

• identity
• phishing
• threat-intelligence
• threat-management

Microsoft flags phishing campaign abusing Entra ID, Google OAuth links

Laura French March 4, 2026

The OAuth URLs intentionally include an invalid scope, forcing redirection to malicious sites.

Read More Read more about Microsoft flags phishing campaign abusing Entra ID, Google OAuth links

Fake Google Security page used in PWA phishing campaign

• identity
• phishing
• threat-intelligence

Fake Google Security page used in PWA phishing campaign

SC Staff March 3, 2026

The attack uses social engineering and PWA features, making users believe they are interacting with a legitimate...

Read More Read more about Fake Google Security page used in PWA phishing campaign

Hackers exploit .arpa domains for sophisticated phishing attacks

• phishing
• threat-intelligence

Hackers exploit .arpa domains for sophisticated phishing attacks

SC Staff March 2, 2026

Attackers are using IPv6 address ranges to gain control over .arpa subdomains, pointing them to servers hosting...

Read More Read more about Hackers exploit .arpa domains for sophisticated phishing attacks