VulnHub

A new phishing kit named Spiderman is targeting customers of various European banks and cryptocurrency users by creating nearly identical fake websites that impersonate legitimate brands and organizations. This sophisticated kit allows attackers to mimic the look and feel of real banking sites, making it difficult for users to identify them as fraudulent. Affected users may enter sensitive information, such as login credentials or financial details, which could lead to identity theft or financial loss. The rise of such phishing attacks is concerning as they exploit the trust users have in established financial institutions. Awareness and caution are crucial for users to protect themselves from these deceptive schemes.

Varonis threat analysts have identified a new phishing kit named Spiderman that specifically targets European banks and cryptocurrency customers. This kit automates the process of stealing users' credentials and personal information, creating a complete identity profile of the victim. The implications of this attack are significant, as it not only compromises individual accounts but can also lead to broader financial fraud and identity theft. Banks and crypto platforms should be on high alert and enhance their security measures to protect against this sophisticated threat. Users must also remain vigilant and be cautious about sharing their information online.

A phishing campaign utilizing the Evilginx kit has targeted 18 US universities, successfully bypassing Multi-Factor Authentication (MFA) to steal credentials over a period from April to November 2025. The severity of the threat highlights the vulnerabilities in MFA systems and the need for enhanced security measures in educational institutions.

The article highlights various cybersecurity threats, including a significant exploit in the DeFi space that resulted in the theft of $9 million. It emphasizes the ongoing battle between hackers and security measures across multiple platforms, including Wi-Fi and coding tools.

A new wave of spear-phishing attacks has been identified, attributed to the Russia-based hacking group Star Blizzard. This threat poses significant risks to organizations, particularly targeting the French NGO Reporters Without Borders, highlighting the ongoing cybersecurity challenges faced by non-profits and media organizations.

BitSight research highlights a significant cybersecurity threat where threat actors exploit calendar subscriptions to deliver phishing links and malware via hijacked domains. This method poses a serious risk as it can lead to social engineering attacks, potentially compromising sensitive information and systems.

The article discusses a new phishing campaign targeting Zendesk users, attributed to the Scattered Lapsus$ Hunters collective. This campaign involves the use of newly registered phishing domains, indicating a serious threat to users of the Zendesk platform.

The FBI has reported a significant increase in account takeover (ATO) fraud, with cybercriminals impersonating financial institutions to steal money and sensitive information. This issue poses a serious threat to individuals and organizations across various sectors, leading to losses exceeding $262 million.

A new cybersecurity campaign is utilizing fake Windows update pop-ups on adult websites to trick users into executing malicious commands. This method combines ClickFix lures with phishing tactics, posing a significant risk to users who visit these sites.