VulnHub

A Brazilian cybercrime group known as Augmented Marauder and Water Saci has launched a phishing campaign that spreads two banking trojans: Casbaneiro and Horabot. The attackers use a mix of WhatsApp, ClickFix techniques, and email phishing to deliver these malicious programs. The campaign primarily targets individuals and organizations, aiming to steal sensitive banking information. This is particularly concerning as it showcases the evolving tactics employed by cybercriminals to exploit users through familiar communication channels. Users should be cautious about unsolicited messages and verify the authenticity of links before clicking.

Cybercriminals are sending out fake LinkedIn alert messages that claim to offer job opportunities, but their real goal is to steal user credentials. This phishing campaign tricks recipients into providing sensitive information, putting their accounts at risk. The fraudulent messages imitate legitimate notifications from LinkedIn, making them difficult to detect. Users who fall for this scam could find their personal data compromised, leading to potential identity theft or unauthorized access to their accounts. It's essential for LinkedIn users to be cautious and verify messages before clicking on any links or providing information.

A recent report from Infosecurity Magazine reveals that the Phantom Stealer, a .NET-based malware, has been targeting manufacturing, technology, and logistics sectors across Europe. This malware is part of the Phantom Project cybercrime kit, which also includes a crypter and a remote access tool. The attacks occurred in a series of phishing campaigns from November 2025 to January 2026. Organizations in these industries should be aware of the potential for data breaches and operational disruptions due to these ongoing attacks. The targeted sectors are crucial for the economy, making the successful exploitation of these vulnerabilities particularly concerning.

A recent phishing campaign has targeted various sectors in Ukraine, including government entities, healthcare providers, financial institutions, educational organizations, and software development firms. Attackers impersonated the country's Computer Emergency Response Team (CERT) to deliver the AGEWHEEZE Remote Access Trojan (RAT) between March 26 and 27. This type of malware allows unauthorized access to infected systems, posing significant risks to sensitive data and operational security. The incidents emphasize the ongoing cyber threats faced by Ukrainian organizations, particularly amid heightened geopolitical tensions. Entities in the affected sectors need to remain vigilant and enhance their cybersecurity measures to mitigate such risks.

As tax season approaches, cybercriminals are ramping up their phishing attacks, targeting individuals and businesses with a variety of scams. These attacks are designed to deliver remote monitoring and management (RMM) malware, steal credentials, and perpetrate business email compromise (BEC) schemes. Additionally, hackers are using tax-form scams to trick users into providing sensitive information. This surge in phishing attempts poses significant risks, especially for those who may be more vulnerable during the busy tax season. Users and organizations need to be vigilant and implement security measures to protect against these evolving tactics, which can lead to financial loss and identity theft.

A Russian-linked hacking group known as TA446 is actively targeting iPhone users through a new phishing campaign that employs the DarkSword iOS exploit kit. These attacks involve sending malicious emails designed to compromise iOS devices, putting users' personal information at risk. The group, also referred to as SEABORGIUM and ColdRiver, has been noted for its sophisticated tactics in the past. This wave of phishing emphasizes the increasing dangers that smartphone users face, especially as attackers refine their methods to bypass security measures. As these campaigns evolve, it’s crucial for iPhone users to remain vigilant about suspicious emails and links.

ShinyHunters, a notorious hacking group, has departed from BreachForums and leaked a database containing information on 300,000 users. This data breach raises alarms as ShinyHunters warns that all active domains associated with the leak are fake, suggesting that users should be cautious of phishing attempts. The group has also threatened to release more data from forum backups, indicating that the situation could worsen. Users affected by this breach may have their personal information exposed, which could lead to identity theft or other malicious activities. This incident underscores the ongoing risks associated with online forums and the potential for significant data leaks.

A new phishing campaign is targeting TikTok for Business accounts, aiming to trick users into revealing their login credentials. The attackers have employed tactics that hinder security bots from detecting the malicious pages, making it easier for them to succeed. This means that businesses using TikTok for advertising or promotion are at risk of having their accounts compromised. The implications are significant, as a breach could lead to unauthorized access, loss of sensitive data, and damage to brand reputation. Companies and users need to be vigilant and implement strong security measures to protect their accounts.

A recent article discusses the growing issue of multi-channel impersonation attacks, where cybercriminals exploit outdated security controls to impersonate individuals across various communication platforms. These attacks often target employees within organizations, leading to unauthorized access to sensitive information and financial losses. Researchers emphasize that traditional security measures, such as basic email filtering and outdated authentication methods, are no longer sufficient to combat these sophisticated scams. Companies are urged to adopt more advanced security protocols, including multi-factor authentication and employee training on recognizing phishing attempts. The rise in these impersonation tactics poses a significant risk to businesses, making it crucial for them to reassess their security strategies.

Fortinet's FortiGuard Labs has released its 2026 Global Threat Landscape Report, revealing significant trends in cybersecurity threats. The report indicates a rise in sophisticated attacks targeting both enterprise and personal systems, particularly through ransomware and phishing schemes. These attacks are increasingly leveraging artificial intelligence to bypass traditional security measures. Companies across various sectors, including finance and healthcare, are particularly vulnerable, as attackers exploit their reliance on digital infrastructure. The findings stress the urgent need for organizations to enhance their security protocols and invest in advanced threat detection technologies to protect sensitive data and maintain operational integrity.

Phishing scammers have been impersonating recruiters from Palo Alto Networks to trick job seekers since August. These fraudsters have used psychological tactics and personal information gleaned from LinkedIn profiles to create convincing fake job offers. Victims are often led to believe they are in the running for legitimate positions, only to be scammed out of money or personal information. This ongoing scheme not only targets job seekers but also potentially damages the reputation of the real company. It's crucial for job candidates to verify the authenticity of job offers and be cautious when sharing personal details online.

The Silver Fox cyber campaigns have shifted tactics from using tax-related lures to employing WhatsApp-style stealers that combine espionage with phishing. This change indicates a broader strategy where attackers are not only targeting financial information but also attempting to extract sensitive data through social engineering techniques. The campaigns are designed to trick users into providing personal information, making them vulnerable to further exploitation. This shift in method could impact various sectors, particularly those relying on mobile communication platforms. Researchers are urging users to be cautious and verify the authenticity of messages, especially those asking for sensitive information.

The Tycoon2FA phishing platform has resumed operations after a previous takedown, utilizing advanced techniques known as AITM (Advanced In-The-Middle) to circumvent multi-factor authentication (MFA) protections. This service primarily targets users who rely on MFA for securing their accounts, making them particularly vulnerable to credential theft. Attackers can now exploit this platform to gain unauthorized access to sensitive information across various services. This resurgence poses a significant risk to individuals and organizations that depend on MFA as a security measure, as it undermines the effectiveness of this commonly used defense. Users must remain vigilant and consider additional security practices to protect their accounts.