Fake LastPass support email threads try to steal vault passwords

Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts. The emails impersonate a LastPass representative by spoofing the display name and use subject lines crafted to mimic forwarded internal conversations between attackers and the company’s customer support team about a request to change […]

Cisco warns of max severity Secure FMC flaws giving root access

Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. Secure FMC is a web or SSH-based interface for admins to manage Cisco firewalls and configure application control, intrusion prevention, URL filtering, and advanced malware protection. Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication […]

Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks

A previously undocumented set of 23 iOS exploits named “Coruna” has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. The Coruna kit contains five full iOS exploit chains, the most sophisticated leveraging non-public techniques and mitigation bypasses, for iOS versions 13.0 through 17.2.1 (released in December 2023). Google Threat […]

Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. The attacks target government and public-sector organizations with phishing links that prompt users to authenticate to a malicious application, Microsoft Defender researchers say. with e-signature requests, Social Security notices, meeting invitations, password resets, […]

Compromised Site Management Panels are a Hot Item in Cybercrime Markets

Threat actors are openly advertising access to hacked websites as part of the underground economy. One of the most promising products is a compromised cPanel credential. They are sold in the thousands across fraudulent chat groups at commodity-level pricing and marketed as plug-and-play infrastructure for phishing and scam campaigns.  In new research, Flare security researchers […]

Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. ​The attack leverages Progressive Web App (PWA) features and social engineering to deceive users into believing they are interacting with a legitimate Google […]

Alabama man pleads guilty to hacking, extorting hundreds of women

A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). Between April 2022 and May 2025, Jamarcus Mosley impersonated the targets’ friends and used other tactics to trick his victims into handing over account recovery codes and passwords. Mosley then […]