-
HR-Themed campaign Shifts from Credentials to RMM Tools : 17 October 2025
Key Points Long-running credential harvesting operation conducted by MCTO3022 targeting organizations with HR department impersonation Campaigns employ employee handbook compliance requirements and payroll authorization requests Latest campaign evolution includes Adobe PDF Sign impersonation that drops PDQConnect RMM tools…
-
HTML Tag Obfuscation : 21 July 2025
Key Points Threat actors utilizing HTML tag obfuscation to evade email security detection CSS styling techniques render malicious content evading security solutions while appearing legitimate to end users Brand impersonation campaigns leveraging Microsoft copyright obfuscation Campaign Overview The Mimecast Threat Research…
-
Continuous Phishing Operations targeting developers and NPM ecosystem. : 03 October 2025
Key Points Two major npm-focused campaigns identified as part of broader threat landscape: July "account maintenance" and September "2FA security update" operations These npm campaigns represent escalation in targeting critical development infrastructure using open source September 14, 2025: "Shai-Hulud" self-replicating…
-
Callback Scam Campaigns Impersonating Major Australian Banks : 24 September 2025
Key Points 70,000+ detections of callback scam campaigns targeting Australian organizations Multi-bank impersonation targeting Westpac, Commonwealth Bank, and Macquarie High-value targets including education, legal, and insurance sectors across Australia Social engineering through fake unauthorized transaction…
-
Hospitality-Focused Phishing Campaign Impersonates Expedia and Cloudbeds : 8 September 2025
Key Points Large-scale credential harvesting campaign targeting hospitality industry professionals Impersonates trusted hotel management platforms Expedia Partner Central and Cloudbeds Campaigns exploit trust in routine hotel reservation and commission notifications Campaign Overview Samantha Clarke, Ankit Gupta and…
-
ScreenConnect Super Admin Credential Harvesting : 25 August 2025
Key Points Low-volume spear phishing operation sending up to 1,000 emails per campaign run Initial access for potential ransomware deployment Senior IT professionals and administrators with super admin privileges Adversary-in-the-middle (AITM) phishing using EvilGinx framework Campaign Overview Samantha Clarke and the…
-
BEC Campaign Using AI Generated Fake Email Threads. : 11 August 2025
Key Points Large-scale BEC invoice fraud campaign targets global organizations across multiple industries using urgent payment requests to exploit time-sensitive business processes. Attackers deploy sophisticated automation including AI-generated email content, programmatic file creation, and headless browser technology…
-
Awardco Employee Rewards Platform Phishing Campaign : 18 August 2025
Key Points Multi-month campaign impersonating Awardco employee rewards platform targeting entire organizations since May 2025 Sophisticated evasion using multiple redirect chains, legitimate security URL solutions, and various delivery methods including QR codes Campaign leverages universal employee expectation of rewards…
-
UK Home Office Phishing Campaign Targeting Visa Sponsor Licence Holders : 12 August 2025
Key Points Phishing campaign targeting UK sponsor licence holders through fraudulent Home Office impersonation Attackers seek to compromise Sponsorship Management System (SMS) credentials for financial exploitation and data theft Campaign utilizes captcha-gated URLs and convincing government domain spoofing to bypass…
-
Direct Send Abuse : 6 August 2025
Key Points Threat actors are actively exploiting Microsoft 365's Direct Send feature to deliver phishing emails The technique effectively circumvents perimeter security solutions by routing malicious emails through Microsoft 365's trusted infrastructure Requires no credentials or tokens, only knowledge of the target domain…