-
Betterment confirms data breach after wave of crypto scam emails
U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers.
- January 13, 2026
- 11:46 AM
2
-
Convincing LinkedIn comment-reply tactic used in new phishing
Scammers are flooding LinkedIn posts with fake "reply" comments that appear to come from the platform, warning of bogus policy violations and urging users to click external links. Some even abuse LinkedIn's official lnkd.in shortener, making the phishing attempts harder to spot.
- January 13, 2026
- 10:45 AM
0
-
State of Browser Attacks: Learn from John Hammond, Troy Hunt & Matt Johansen
Join Push Security's free three-part webinar series where top security researchers break down the browser-based attacks driving today's biggest breaches - from AiTM phishing and ConsentFix to compromised credentials and session hijacking.
-
Facebook login thieves now using browser-in-browser trick
Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials.
- January 12, 2026
- 04:05 PM
- 0
-
Illinois man charged with hacking Snapchat accounts to steal nude photos
U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online.
- January 09, 2026
- 08:46 AM
- 3
-
FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs
The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert.
- January 08, 2026
- 05:57 PM
- 0
-
ClickFix attack uses fake Windows BSOD screens to push malware
A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems.
- January 05, 2026
- 04:16 PM
- 0
-
FBI seizes domain storing bank credentials stolen from U.S. victims
The U.S. government has seized the 'web3adspanels.org' domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks.
- December 24, 2025
- 08:17 AM
- 0
-
Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform
The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service.
- December 19, 2025
- 02:05 PM
- 0
-
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism.
- December 19, 2025
- 12:19 PM
- 2
-
Your MFA Is Costing You Millions. It Doesn't Have To.
Passwords and app-based MFA add hidden costs through lost productivity, frequent resets, and risk of phishing and social engineering attacks. Token explains how wireless biometric, passwordless authentication eliminates credential-based attacks and delivers measurable financial returns by reducing login time across the enterprise.
- December 17, 2025
- 09:00 AM
- 0
-
2025’s Top Phishing Trends and What They Mean for Your Security Strategy
Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks continue to evolve in 2026.
- December 15, 2025
- 10:05 AM
- 0
-
Beware: PayPal subscriptions abused to send fake purchase emails
An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field.
- December 14, 2025
- 11:06 AM
- 4
-
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications.
- December 11, 2025
- 10:10 AM
- 1
-
New Spiderman phishing service targets dozens of European banks
A new phishing kit called Spiderman is being used to target customers of dozens of European banks and cryptocurrency holders with pixel-perfect cloned sites impersonating brands and organizations.
- December 10, 2025
- 09:53 AM
- 0
-
Fake Calendly invites spoof top brands to hijack ad manager accounts
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials.
- December 02, 2025
- 09:00 AM
- 0
-
Harvard University discloses data breach affecting alumni, donors
Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members.
- November 24, 2025
- 09:06 AM
- 0
-
Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack
Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving "customers" the option to launch highly deceptive attacks.
- November 19, 2025
- 04:59 PM
- 0
-
Attackers Now Bypass App-Based MFA, Hardware Biometrics Stop Them
Tycoon 2FA enables turnkey real-time MFA relays behind 64,000+ attacks this year, proving legacy MFA collapses the moment a phishing kit targets it. Learn from Token Ring how biometric, phishing-proof FIDO2 hardware blocks these relay attacks before they succeed.
- November 18, 2025
- 10:01 AM
- 0
-
Princeton University discloses data breach affecting donors, alumni
A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students.
- November 17, 2025
- 02:36 PM
- 1
-
DoorDash email spoofing vulnerability sparks messy disclosure dispute
A vulnerability in DoorDash's systems could allow anyone to send "official" DoorDash-themed emails right from company's authorized servers, paving a near-perfect phishing channel. DoorDash has now patched the issue, but a contentious disclosure dispute has erupted, with both sides accusing each other of acting in bad faith.
- November 17, 2025
- 11:32 AM
- 0
0
