THREAT FEED

Widespread phishing campaign using fake Gmail security alerts. Emails claim suspicious login detected and direct users to a near-perfect Google sign-in replica. Campaign has compromised over 100,000 accounts in the past week.

Sophisticated phishing campaign exploiting Microsoft 365 OAuth flows. Victims receive emails with Review Document links that redirect through legitimate Microsoft login to a malicious OAuth consent page, granting attackers persistent access to email, files, and Teams.

Evil twin Wi-Fi attacks detected at major Bay Area locations including BART stations, cafes, and coworking spaces. Attackers set up fake public Wi-Fi networks that intercept login credentials for email and cloud services.

Unit 42 discovered FinPhish, a phishing-as-a-service kit generating highly convincing replicas of PayPal and Amazon login pages. Kit includes real-time OTP interception, browser fingerprinting evasion, and automatic credential validation against live services.

Sophisticated phishing campaign targeting Comcast customers in the Philadelphia metro area. Emails impersonate Comcast support and claim billing issues, directing victims to a convincing login page at comcast-billing-update.example.

Phishing emails mimicking Apple purchase receipts for expensive items. Emails prompt users to cancel the order by clicking a link that leads to a fake Apple ID login page. Campaign primarily targeting iCloud email users.

Widespread phishing campaign targeting .edu email accounts. Emails impersonate university IT departments requesting password resets for security compliance. Harvested credentials used to access student financial aid portals and research data.

Scammers placing fraudulent QR code stickers over legitimate restaurant menu QR codes. Fake codes redirect to phishing sites mimicking payment processors or prompt installation of malware-laden menu apps. Most commonly reported in urban areas.