VulnHub

Cofense has reported a notable rise in phishing campaigns that exploit the Vercel platform. Vercel, a popular service for frontend developers that allows for easy deployment of web applications, has been misused by attackers to create deceptive sites aimed at tricking users into providing sensitive information. This uptick in abuse is significant enough to raise alarms among cybersecurity experts, as it could affect a wide range of organizations using Vercel for their web projects. Companies relying on this platform need to be vigilant and enhance their security measures to protect against these phishing attacks. Users should also be cautious about unsolicited communications that may lead to fraudulent websites.

A hacker claims to have stolen around 280 million data records from 8,809 educational institutions, including colleges, school districts, and online platforms, in a breach involving Instructure, a prominent education technology company. The records reportedly contain sensitive information about students and staff, raising concerns over identity theft and privacy violations. This incident highlights the vulnerabilities in educational systems, which often store vast amounts of personal data. Users and institutions need to be vigilant about potential phishing attacks and other exploits that could arise from this breach. The impact on students and staff could be severe, as their personal information may be used maliciously.

A phishing campaign named VENOMOUS#HELPER has been targeting over 80 organizations since at least April 2025. The attackers exploit legitimate Remote Monitoring and Management (RMM) tools, specifically SimpleHelp and ScreenConnect, to gain ongoing remote access to compromised systems. Most of the affected organizations are based in the United States. This type of attack is concerning because it allows attackers to maintain control over their targets, potentially leading to data breaches or further exploitation. Organizations need to be vigilant about phishing attempts and ensure that their RMM tools are secured against unauthorized access.

The cybercrime group Silver Fox, based in China, has launched a phishing campaign targeting organizations in India and Russia using a new malware known as ABCDoor. The attackers sent emails posing as communications from the Income Tax Department of India in December 2025, followed by similar attempts aimed at Russian entities. This tactic is concerning as it exploits tax-related themes to gain trust and infiltrate systems. The use of ABCDoor malware can lead to unauthorized access to sensitive information, potentially compromising the security of targeted organizations. As cyber threats continue to evolve, it is crucial for companies in these regions to enhance their security measures and educate employees on recognizing phishing attempts.

Researchers have identified a new phishing technique that exploits Amazon's Simple Email Service (SES) to send fraudulent emails that appear legitimate. By using this widely trusted cloud email service, attackers can bypass traditional email security measures. Victims may struggle to distinguish these phishing emails from real communications, making them more susceptible to scams. The implications are significant, as this method could lead to increased identity theft and financial loss for individuals and organizations alike. Users are advised to be vigilant and verify the authenticity of unexpected emails, especially those requesting sensitive information or prompting urgent actions.

A Vietnamese-linked phishing campaign, dubbed AccountDumpling, has been uncovered, targeting Facebook users. This operation employs Google AppSheet as a tool to send phishing emails aimed at stealing Facebook account credentials. Researchers estimate that around 30,000 accounts have been compromised, with the attackers selling the stolen information through an underground marketplace. This incident raises concerns about the effectiveness of current phishing defenses, as even reputable platforms like Google can be misused for malicious purposes. Users are advised to remain vigilant and employ strong security measures to protect their accounts.

A new phishing kit called Bluekit has emerged, featuring over 40 templates designed to target well-known online services. This kit stands out because it also includes basic AI capabilities that help users create phishing campaign drafts more efficiently. This means that even those with limited technical skills can launch sophisticated phishing attacks, increasing the risk for individuals and organizations. The availability of such tools makes it easier for cybercriminals to exploit unsuspecting users, potentially leading to data breaches and financial losses. As these tools become more accessible, companies and users need to be more vigilant about phishing attempts and enhance their security measures to protect sensitive information.

Chinese state-backed hackers have been targeting journalists and activists in Taiwan, Hong Kong, Tibet, and the Uyghur region through phishing campaigns over the past nine months. These campaigns are believed to be orchestrated by freelance hackers affiliated with the Chinese government, aiming to extract sensitive information from individuals who are often critical of the Chinese regime. The report from Recorded Future details the tactics used in these attacks, which are particularly concerning given the ongoing suppression of dissent in these regions. The implications are serious, as these efforts not only threaten the safety of the targeted individuals but also aim to silence voices of opposition and undermine press freedom. This situation highlights the ongoing cybersecurity risks faced by those advocating for human rights in China and surrounding areas.

The newly discovered Bluekit Phishing Kit is a sophisticated tool that employs advanced techniques to target major online platforms. It utilizes an AI-driven approach called AiTM, which allows attackers to steal session data and bypass multi-factor authentication (MFA) protections. This poses a significant risk to users, as it could lead to unauthorized access to their accounts on popular services. The implications are serious, as many individuals rely on MFA to secure their online identities. Companies and users alike need to be vigilant and update their security measures to counteract these emerging threats.

Attackers exploited a vulnerability in Robinhood's account creation process, which allowed them to inject HTML into confirmation emails sent to new users. This flaw could be used to craft phishing emails that appear legitimate, potentially tricking users into providing sensitive information or clicking on malicious links. As a result, anyone signing up for Robinhood could be at risk of falling for these phishing attempts. It’s crucial for users to be vigilant and verify the authenticity of emails they receive, especially those requesting personal information. This incident serves as a reminder for companies to regularly audit their onboarding processes to prevent similar exploitation in the future.

Udemy, a popular e-learning platform, has reportedly suffered a data breach involving more than 1.4 million user records. The ShinyHunters group, known for extortion tactics, claimed responsibility and is threatening to release the stolen data if Udemy does not engage in negotiations by April 27. This breach raises concerns for users about the potential exposure of personal information, which could lead to identity theft or phishing attacks. Companies like Udemy need to take swift action to protect their users and secure their systems against further attacks. The incident highlights the ongoing risks that online platforms face from cybercriminals seeking to exploit vulnerabilities for profit.

BlackFile hackers are using voice phishing, or vishing, to target the retail and hospitality sectors. They make calls using spoofed numbers to pose as IT support, tricking employees into revealing sensitive information. This method allows them to gather data for potential extortion. Companies in these industries should be vigilant as the attackers exploit trust in IT communications to gain access to critical systems. The rise of such tactics underscores the need for enhanced security training for staff to recognize and respond to these types of scams.

A Chinese national executed a spear-phishing campaign targeting NASA employees by impersonating a U.S. researcher. This deception led to the unauthorized sharing of sensitive information related to defense software and export controls. The NASA Office of Inspector General is investigating the incident, which raises concerns about national security and the vulnerability of governmental agencies to social engineering attacks. Such incidents can have serious implications, as they may compromise sensitive technologies and data. The case underscores the need for enhanced cybersecurity measures and employee training to prevent future breaches.