New #phishing mail targeting Piraeus in the wild. Phishers use akashkapoor[.]in/prgr to direct victims to signon[.]myservicesgovmyird[.]nz[.]dilii.ip-ddns[.]com/PiraeusGR/. Site is hosted on a #Microsoft #windows server on #Xampp

Beware of Tycoon2FA-linked campaigns spotted by SpiderLabs that target #Microsoft 365 users

New #phishing campaign targets #hospitality . Phishers now mimick Expedia and use traveelctm[.]com/?reservations/EPC-2025-{5digit_nr} to direct intended victims to expediapartnercentrals[.]reazby[.]com/Account/ and post OTP submission to legit www[.]expediapartnercentral[.]com

It seems that #Lumma #infostealer infra has been brought to a halt. Kudos Microsoft and EC3 for making this happen (europol.europa.eu/media-press/ne…, blogs.microsoft.com/on-the-issues/…)

New #phishing campaign targeting Piraeus active since yesterday. Phishers use makaanshop[.]com/haikku to direct intended victims to online[.]myirdrefund[.]nz[.]ilhii[.]ip-ddns[.]com/PiraeusGR/

Another Meta phisher abuses Meta www[.]facebook[.]com/61576714928950/posts/122102540912890497 to direct victims to recovercaseidhelp3232[.]d1tzhlqwrrp8x9[.]amplifyapp[.]com/. Phished data get processed via #Telegram

New #phishing campaign targeting #Elta in the wild. Phishers use mediaoffice[.]com[.]uy/elt to direct victims to csclear[.]co[.]za/wwwGR-hellenicPost/

🚨Ransomware actors exploited an unpatched vulnerability (CVE-2024-57727) in SimpleHelp RMM to compromise a utility billing software provider—part of a pattern of actors targeting downstream customers. See our advisory for mitigations👉go.dhs.gov/wKc