Search CyberNews

Found 10 articles for "phishing"
Scattered Spider Hackers Plead Guilty on Day 1 of Trial Threats Krebs on Security
Krebs on Security Jul 10, 2026 4 min read

Scattered Spider Hackers Plead Guilty on Day 1 of Trial

Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial.

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,

New Ghost Phishing Wave Is Breaking Traditional Email Security Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

New Ghost Phishing Wave Is Breaking Traditional Email Security

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This β€œghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft 365 access, sensitive data, and response time

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The