Threat Intelligence
ConsentFix v3 Runs on Cloudflare, Dropbox, and ZoomInfo
The OAuth phishing kit is plumbed end-to-end through legitimate SaaS, which is exactly the point.
Stay ahead of social engineering. Discover how to identify and prevent phishing attacks, including spear phishing, vishing, and business email compromise schemes.
Threat Intelligence
The OAuth phishing kit is plumbed end-to-end through legitimate SaaS, which is exactly the point.
Trending
Vietnamese-linked operation "AccountDumpling" has compromised 30,000 Facebook Business accounts by sending phishing emails from Google's legitimate AppSheet address — bypassing spam filters and running a criminal resale storefront for stolen accounts.
Trending
Silver Fox has launched a tax-themed phishing campaign across India, Russia, Indonesia, and Japan — deploying ValleyRAT and the newly documented ABCDoor Python backdoor via fake tax authority notifications.
Data Breaches
A new extortion gang known as BlackFile, linked to the broader criminal network “The Com,” has been targeting retail and hospitality organizations since February 2026, using vishing-to-fake-SSO-phishing chains to steal credentials, exfiltrate SaaS data, and demand seven-figure ransom payments. ARLINGTON, VIRGINIA — A surge in sophisticated
Trending
German authorities say a wave of phishing attacks targeting lawmakers and senior officials via Signal was “presumably run from Russia,” marking a major escalation in a broader campaign against European political figures. BERLIN, GERMANY — What began as a targeted intrusion has evolved into a full-scale diplomatic and espionage crisis.
Microsoft Ecosystem
A newly-tracked threat cluster, UNC6692, is using social-engineering-driven Teams-chats to pose as IT support, tricking employees into installing a custom modular malware toolkit called SNOW. The attack signals a shift from pure-email-phishing to "chat-based intrusion." MOUNTAIN VIEW, CALIFORNIA — A sophisticated new
phishing
Germany’s Bundestag President Julia Klöckner has reportedly become the latest victim of a Signal-based phishing campaign, in which attackers used social-engineering tactics to compromise her encrypted-messaging account and access sensitive group chats. BERLIN, GERMANY — The Federal Office for Information Security (BSI) and the Federal Office for
Data Leak
Notion pages published to the web may be silently leaking collaborators' email addresses and profile photos, exposing thousands of users and organizations to potential phishing and social-engineering attacks. SAN FRANCISCO, CA — A design-driven privacy vulnerability in Notion's "Publish to web" feature is currently
Data Breaches
The French National Agency for Secure Documents (ANTS) has confirmed a significant security incident targeting its central portal, as threat actors move to monetize a database allegedly containing millions of sensitive user records. PARIS, FRA — The French government is grappling with a severe compromise of its digital identity infrastructure. The
Digital Identity
Following a coordinated global takedown of the Tycoon 2FA infrastructure, decentralized threat actors are abandoning traditional Adversary-in-the-Middle (AiTM) kits in favor of more resilient device code phishing tactics. LONDON, UK — The landscape of Multi-Factor Authentication (MFA) bypass is undergoing a rapid transformation. Just weeks after an
Identity Theft
A global surge in fraudulent Apple alerts is weaponizing the fear of losing personal photos to steal credit card details and Apple ID credentials. CUPERTINO, CA — Apple users worldwide are being urged to exercise extreme caution as a pervasive and highly effective phishing campaign resurfaces. The scam, which utilizes "
Identity Theft
A highly sophisticated phishing operation is utilizing hyper-personalized "copyright strike" warnings to bypass security instincts and seize full control of Google accounts and YouTube channels. MOUNTAIN VIEW, CA — A new and alarmingly convincing phishing campaign is currently targeting YouTube creators, leveraging their greatest fear: the sudden loss