Ars Technica

What is device code phishing, and why are Russian spies so successful at it?

Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers ...
CoinTelegraph

DuckDuckGo ranks Etherscan phishing websites in top results

Privacy-focused Google search competitor DuckDuckGo has been displaying phishing websites when searching for “Etherscan,” a popular Ethereum block explorer and ...
Bleeping Computer

Microsoft Sway abused in massive QR code phishing campaign

A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials.
Bleeping Computer

How attackers are still phishing "phishing-resistant" authentication

As awareness grows around many MFA methods being “phishable” (i.e. not phishing resistant), passwordless, FIDO2-based authentication methods (aka. passkeys) like YubiKeys, Okta FastPass, and Windows ...
Hosted on MSN

Microsoft blocks phishing scam which used AI-generated code to trick users

AI generated code used in phishing campaign, blocked by Microsoft Defender Attackers used SVG file disguised as PDF, with hidden business themed code inside Security Copilot flagged AI style traits, ...
Dark Reading

QR Phishing Scams Gain Motorized Momentum in UK

In what seems to be an increasingly popular method of attack, two threat groups have been identified as utilizing QR code parking scams in the UK and throughout the world. The researchers at Netcraft ...