New PayPal Scam Sends Verified Invoices With Fake Support Numbers
Hackread.com exclusive: Scammers are using verified PayPal invoices to launch callback phishing attacks. Learn how the “Alexzander” invoice bypasses Google filters.
phishing
Browser-in-the-Browser phishing is on the rise: Here’s how to spot it
Browser-in-the-Browser (BitB) phishing attacks are on the rise, with attackers reviving and refining the technique to bypass user skepticism and traditional security controls. BitB phishing: Dangerous and effective For BitB phishing, attackers create a…
New DocuSign-Themed Phishing Scam Delivers Stealth Malware to Windows Devices
New research has uncovered a sophisticated phishing campaign that abuses DocuSign’s brand to deliver Vidar malware and infect Windows systems. The operation uses a realistic phishing site, a fake signed installer, access…
Cybercriminals are scaling phishing attacks with ready-made kits
Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks. Phishing kits grow mo…
Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks
Threat actors spoof legitimate domains to make their phishing emails appear to have been sent internally.
The post Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks appeared first on SecurityWeek.
Fake Booking.com emails and BSODs used to infect hospitality staff
Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The malware delivery campaign starts with phishing emails that feature room charge…
How to Avoid Phishing Incidents in 2026: A CISO Guide
Phishing in 2026 is harder to detect and verify. Learn how CISOs can speed up investigations, reduce noise, and respond with confidence.
Phishing campaign abuses Google Cloud Application to impersonate legitimate Google emails
Researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails posing as legitimate Google messages. Check Point researchers have revealed a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The attack uses layered redirection with trusted cloud services, user validation checks, and brand impersonation to […]
New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations
Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report.
How to Spot the Most Common Crypto Phishing Scams
Crypto phishing scams surged 83% in 2025, targeting wallets with fake sites, approval tricks, and poisoned addresses. One click can drain your funds.