-
Phishing campaign targets freight and logistics orgs in the US, Europe
A financially motivated threat group dubbed "Diesel Vortex" is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains.
- February 24, 2026
- 06:57 PM
0
-
Ad tech firm Optimizely confirms data breach after vishing attack
New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack.
- February 23, 2026
- 01:04 PM
0
-
State of Browser Attacks: Learn from John Hammond, Troy Hunt & Matt Johansen
Join Push Security's free three-part webinar series where top security researchers break down the browser-based attacks driving today's biggest breaches - from AiTM phishing and ConsentFix to compromised credentials and session hijacking.
-
Nigerian man gets eight years in prison for hacking tax firms
A Nigerian national was sentenced to eight years in prison for hacking multiple tax preparation firms in Massachusetts and filing fraudulent tax returns seeking over $8.1 million in refunds.
- February 19, 2026
- 08:51 AM
- 1
-
Hackers target Microsoft Entra accounts in device code vishing attacks
Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts.
- February 19, 2026
- 07:30 AM
- 2
-
Police arrests 651 suspects in African cybercrime crackdown
African authorities arrested 651 suspects and recovered over $4.3 million in a joint operation targeting investment fraud, mobile money scams, and fake loan applications.
- February 19, 2026
- 06:24 AM
- 1
-
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns.
- February 18, 2026
- 11:26 AM
- 0
-
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks.
- February 14, 2026
- 10:15 AM
- 1
-
Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials.
- February 11, 2026
- 04:53 PM
- 0
-
Microsoft: Exchange Online flags legitimate emails as phishing
Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them.
- February 09, 2026
- 05:47 AM
- 1
-
Germany warns of Signal account hijacking targeting senior figures
Germany's domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal.
- February 06, 2026
- 03:00 PM
- 0
-
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
An Illinois man pleaded guilty to hacking nearly 600 women's Snapchat accounts to steal nude photos that he kept, sold, or traded online, including accounts he compromised at the request of a former university track coach who was later convicted of sextortion.
- February 06, 2026
- 07:34 AM
- 0
-
Cloud storage payment scam floods inboxes with fake renewals
Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure.
- January 31, 2026
- 11:21 AM
- 0
-
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data.
- January 29, 2026
- 01:09 PM
- 0
-
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store.
- January 26, 2026
- 06:46 PM
- 0
-
1Password adds pop-up warnings for suspected phishing sites
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors.
- January 25, 2026
- 10:17 AM
- 0
-
Konni hackers target blockchain engineers with AI-built malware
The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector.
- January 24, 2026
- 10:23 AM
- 0
-
Okta SSO accounts targeted in vishing-based data theft attacks
Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft.
- January 22, 2026
- 04:43 PM
- 0
-
Fake Lastpass emails pose as password vault backup alerts
LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours.
- January 21, 2026
- 11:58 AM
- 0
-
You Got Phished? Of Course! You're Human...
Phishing succeeds not because users are careless, but because attackers exploit human timing, context, and emotion. Flare shows how modern phishing has become industrialized, scalable, and increasingly hard to spot.
- January 21, 2026
- 09:30 AM
- 0
-
ConsentFix debrief: Insights from the new OAuth phishing attack
ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques.
- January 14, 2026
- 10:01 AM
- 0
0
