#Tag
A new ClickFix variant dubbed "CrashFix" that intentionally crashes the browser then baits users into running malicious commands
https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke
#infosec #cybersecurity #threatintel #phishing #malware #redteam
A new ClickFix variant dubbed "CrashFix" that intentionally crashes the browser then baits users into running malicious commands
https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke
#infosec #cybersecurity #threatintel #phishing #malware #redteam
Ich bekomme gerade ungewöhnlich gute phishing mails die so tun als würden sie von Hetzner stammen.
Sie sind per KI individualisiert, es stimmen alle Daten (Anrede, Domainname, Kontaktadresse, usw.) und behaupten, dass meine Domain-Registrierung abgelaufen wäre und bieten an dies kostenlos zu verlängern.
Sogar das Ablaufdatum stimmt fast...
Einzig die Absenderadresse und die Linkziele sind verdächtig.
Also aufpassen!
#phishing #hetzner
Ich bekomme gerade ungewöhnlich gute phishing mails die so tun als würden sie von Hetzner stammen.
Sie sind per KI individualisiert, es stimmen alle Daten (Anrede, Domainname, Kontaktadresse, usw.) und behaupten, dass meine Domain-Registrierung abgelaufen wäre und bieten an dies kostenlos zu verlängern.
Sogar das Ablaufdatum stimmt fast...
Einzig die Absenderadresse und die Linkziele sind verdächtig.
Also aufpassen!
#phishing #hetzner
A slick new phishing-as-a-service offering demonstrates just how easily a username+password and a one-time token can be phished. Dubbed "Starkiller," the service uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the victim and the legitimate site -- forwarding the victim's username, password and multi-factor authentication code to the legitimate site and returning its responses.
https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-real-login-pages-mfa/
A slick new phishing-as-a-service offering demonstrates just how easily a username+password and a one-time token can be phished. Dubbed "Starkiller," the service uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the victim and the legitimate site -- forwarding the victim's username, password and multi-factor authentication code to the legitimate site and returning its responses.
https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-real-login-pages-mfa/
Observation: Google is currently the biggest spreader of phishing mails, Cloudflare hides/hosts the phishing sites these mails link to. That's the simple truth on my mailserver since a few weeks. And yes, I manually report every single one of them to no visible avail.
Observation: Google is currently the biggest spreader of phishing mails, Cloudflare hides/hosts the phishing sites these mails link to. That's the simple truth on my mailserver since a few weeks. And yes, I manually report every single one of them to no visible avail.
Curious - phishing that doesn't use artificial intelligence to steal money, using artificial intelligence as the excuse.
Nouvelle étape du phishing.
J'ai reçu un SMS pour un colis (ça c'est déjà vu)
Avec mon nom, mon prénom et mon code postal (déjà vu mais plus récent)
Avec une URL sous format monprénom - monnom.ledomainepourri.pro
Ça c'est nouveau et ça va faire du dégât parce que ça semble tellement personnalisé que ça en devient crédible 🫤🫤
Prévenez vos proches.
#phishing #spam
Just received an email from my mail server administrator. They sent me a link to change my password because it's 'insecure'.
My mail admin is so efficient...
...hey, wait a minute... I AM my mail administrator! 🤦♂️
Just received an email from my mail server administrator. They sent me a link to change my password because it's 'insecure'.
My mail admin is so efficient...
...hey, wait a minute... I AM my mail administrator! 🤦♂️
"Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.
"The focus is on high-ranking targets in politics, the military, and diplomacy, as well as investigative journalists in Germany and Europe," the agencies said. "Unauthorized access to messenger accounts not only allows access to confidential private communications but also potentially compromises entire networks."
A noteworthy aspect of the campaign is that it does not involve the distribution of malware or the exploitation of any security vulnerability in the privacy-focused messaging platform. Rather, the end goal is to weaponize its legitimate features to obtain covert access to a victim's chats, along with their contact lists.
The attack chain is as follows: the threat actors masquerade as "Signal Support" or a support chatbot named "Signal Security ChatBot" to initiate direct contact with prospective targets, urging them to provide a PIN or verification code received via SMS, or risk facing data loss."
https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html
