VulnHub

Fortra has identified a highly active business email compromise (BEC) group known as 'Scripted Sparrow', which is operating across three continents and at least five countries. This group is responsible for sending millions of fraudulent emails each month, targeting businesses and individuals to steal sensitive information and money. The scale of their operations poses a significant risk to organizations globally, as these types of scams can lead to substantial financial losses. Companies need to remain vigilant and implement strong email security measures to protect against this growing threat. Awareness and training for employees on recognizing phishing attempts are also crucial in combating such schemes.

A recent report from Proofpoint reveals a rise in phishing attacks that take advantage of Microsoft's OAuth device code flow. These campaigns target Microsoft 365 users, tricking them into providing access to their accounts through fake sign-in prompts. The attacks exploit the trust users place in the OAuth process, which is designed to facilitate secure authentication. As a result, individuals and organizations using Microsoft 365 could be at risk of unauthorized access to sensitive information. This surge in phishing attempts underscores the need for heightened awareness and vigilance among users to avoid falling victim to these scams.

In October 2025, Kaspersky reported a new wave of phishing attacks linked to a group known as Operation ForumTroll, specifically targeting Russian scholars. These attackers are using fake emails that appear to come from a legitimate eLibrary service to lure victims into providing sensitive information. This shift from targeting organizations in the spring to focusing on individuals in the fall raises concerns about the attackers' evolving strategies. The origins of the threat actor remain unclear, but the targeted approach suggests a calculated effort to exploit the academic community. Such incidents can lead to significant data breaches and have serious implications for both personal and institutional security.

A hacking group known as ShinyHunters has reportedly stolen 94GB of data from former Pornhub Premium users, which includes their watch histories. This breach is part of an extortion campaign aimed at these users, raising significant privacy concerns. The attackers utilized a smishing attack, where they sent phishing messages via text to lure victims into revealing personal information. While the specifics of the breach are still being investigated, conflicting reports have emerged about the extent and security of the data involved. This incident underscores the ongoing risks associated with online platforms, particularly regarding user data security and the potential for exploitation by cybercriminals.

A recent phishing campaign has been discovered that spreads the Phantom information-stealing malware through ISO file attachments. Attackers are targeting users by disguising these malicious files as legitimate content, tricking them into opening the files and executing the malware. Once installed, Phantom can collect sensitive information, including login credentials and personal data. This campaign poses a significant risk to individuals and organizations, as it can lead to data breaches and identity theft. Users should be cautious when receiving unsolicited emails with attachments, especially ISO files, and ensure their security software is up to date.

A new email scam is exploiting PayPal's subscription feature to send deceptive purchase notifications. These emails appear legitimate as they come from PayPal but contain links directing users to fraudulent sites. The scam takes advantage of the way PayPal's subscription system generates email notifications, making it challenging for recipients to discern the authenticity of the messages. Users who fall for these scams could inadvertently share personal information or financial details with malicious actors. It's crucial for PayPal users to be cautious when receiving unexpected purchase notifications and to verify any claims before taking action.

Researchers at Zimperium zLabs have discovered a new Android malware called DroidLock, which behaves like ransomware. This malicious software can lock users out of their devices and steal sensitive information by tricking them into providing their credentials through phishing tactics. Additionally, DroidLock has the capability to stream users' screens and activate their front cameras through VNC, raising serious privacy concerns. This malware primarily targets Android users, making it essential for them to remain vigilant about their device security and be cautious of suspicious links or applications. The emergence of DroidLock emphasizes the ongoing risks associated with mobile malware and the need for users to adopt strong security practices.

A recent phishing campaign has targeted around 6,000 companies, sending over 40,000 fraudulent emails that appeared to come from trusted services like SharePoint and DocuSign. These emails contained malicious links disguised by reputable redirect services, making it easier for scammers to trick recipients into clicking. The scale and speed of this attack raise concerns about the vulnerability of businesses to such tactics, which exploit the trust users place in well-known platforms. Companies need to be vigilant, as these phishing attempts can lead to data breaches or financial loss if employees fall for the scams. Ensuring proper training and awareness around phishing tactics is crucial for organizations to protect themselves.

A new phishing kit named Spiderman is targeting customers of various European banks and cryptocurrency users by creating nearly identical fake websites that impersonate legitimate brands and organizations. This sophisticated kit allows attackers to mimic the look and feel of real banking sites, making it difficult for users to identify them as fraudulent. Affected users may enter sensitive information, such as login credentials or financial details, which could lead to identity theft or financial loss. The rise of such phishing attacks is concerning as they exploit the trust users have in established financial institutions. Awareness and caution are crucial for users to protect themselves from these deceptive schemes.

Varonis threat analysts have identified a new phishing kit named Spiderman that specifically targets European banks and cryptocurrency customers. This kit automates the process of stealing users' credentials and personal information, creating a complete identity profile of the victim. The implications of this attack are significant, as it not only compromises individual accounts but can also lead to broader financial fraud and identity theft. Banks and crypto platforms should be on high alert and enhance their security measures to protect against this sophisticated threat. Users must also remain vigilant and be cautious about sharing their information online.