-
AI Brand Impersonation Targets Meta Business Accounts Through Malicious Mobile Apps
Key Points Over 35k coordinated phishing campaign across April impersonating Google Gemini and OpenAI/ChatGPT to distribute credential-harvesting mobile applications Fraudulent apps pose as AI-powered advertising tools but capture Facebook/Meta login credentials Campaign targets social media managers with access to Meta…
-
OAuth Device Code Phishing Campaigns Surge with EvilTokens Toolkit
Key Points Over 50,000 device code phishing campaigns observed since March 2026, representing rapid large-scale adoption of OAuth abuse technique EvilTokens Phishing-as-a-Service (PhaaS) toolkit enables low-skill threat actors to automate Microsoft 365 account compromise via legitimate OAuth device authorization flow…
-
Amazon Password Reset Callback Campaign Exploits Legitimate Notification Infrastructure: 7 April 202
Key Points Threat actors sent approximately 67k callback messages across the first three weeks of March using genuine Amazon password-recovery notifications Campaign exploits legitimate Amazon SES infrastructure with valid DKIM authentication Forwarding chain through Proton and Microsoft 365 SRS amplified single message to…
-
Phishing Templates Inspired by XRED Threat Intelligence
Our newest phishing templates for Engage are built on insights from Mimecast’s Threat Intelligence Group research into the XRED Malware Campaign (read more here). We’re delivering these templates with an eye toward the tactics used by XRED, including warnings about strict compliance windows, low-effort responses to…
-
Threat Actors Exploit Social Causes to Manipulate User Behavior: 10 February 2026
Key Points Phishing campaigns exploiting Pride Month themes to trigger emotional responses and bypass security awareness Campaign occurred in two distinct waves: December 2025 with 504 targets followed by January 2026 escalation to 4,768 targets, totalling 5,272 organizations across US, UK, Germany, Australia, South…
-
XRed Malware Campaign Targets Multinational Organizations : 10 December 2025
Key Points Malware campaign impersonating the Indian Ministry of Finance and Income Tax Department Low-volume, strategically targeted campaign predominantly spanning financial services, professional services, and corporate services sectors across UK and US businesses with entity in India VBS script downloads and executes…
-
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
-
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
-
HR Bonus-Themed QR Code Phishing Campaign Exploiting Year-End Corporate Processes : 21 November 2025
Key Points Threat Type: Credential harvesting via QR code phishing Brand Impersonated: DocuSign, company HR departments Primary Vector: Compromised email accounts sending PDF attachments with embedded QR codes Campaign Overview The Mimecast Threat Research team has identified an active credential harvesting campaign…
-
New Employee Phishing Campaign Targets Microsoft 365 Credentials : 05 November 2025
Key Points Credential harvesting campaign impersonating new employee notifications across multiple organizations Multi-stage attack flow utilizing fake verification pages and CAPTCHA to evade detection Leverages FlowerStorm phishing-as-a-service platform with Adversary-in-the-Middle capabilities to bypass MFA Campaign…