-
Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack
Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving "customers" the option to launch highly deceptive attacks.
- November 19, 2025
- 04:59 PM
0
-
Mustang Panda hackers hijack network captive portals in diplomat attacks
State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website.
- August 26, 2025
- 05:33 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
New downgrade attack can bypass FIDO auth in Microsoft Entra ID
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.
- August 13, 2025
- 03:14 PM
- 2
-
Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks
Microsoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
- July 31, 2025
- 12:00 PM
- 2
-
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.
- March 25, 2024
- 12:56 PM
- 3
-
Blackwood hackers hijack WPS Office update to install malware
A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.
- January 25, 2024
- 03:30 PM
- 0
-
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
A cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus.
- August 10, 2023
- 12:56 PM
- 0
-
Tencent QQ users hacked in mysterious malware attack, says ESET
The Chinese APT hacking group known as 'Evasive Panda' are behind a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app.
- April 26, 2023
- 02:16 PM
- 0
-
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams
A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA.
- August 24, 2022
- 11:53 AM
- 0
0
