Search Results for "Phishing"

Carnival April 18, 2026 • [ phishing, extortion, data leak ] In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.

At least one TikTok Business account March 24, 2026 • [ phishing, adversary-in-the-middle, credential theft ] Threat actors used adversary-in-the-middle phishing pages impersonating TikTok for Business and Google Careers to capture credentials and session cookies and hijack at least one TikTok Business account while bypassing 2FA.

At least one Ukrainian official March 23, 2026 • [ phishing, remote administration tool, malware ] A pro-Russian group tracked as UAC-0255 and linked to CyberSerp sent phishing emails impersonating CERT-UA and successfully infected a small number of devices in Ukraine with the AgeWheeze remote administration tool, enabling remote control of compromised systems.

The Ukrainian State Hydrology Agency March 19, 2026 • [ phishing, vulnerability exploitation, XSS ] BleepingComputer reported that Russia-linked APT28 (GRU) exploited a Zimbra Collaboration Suite vulnerability (CVE-2025-66376) in attacks targeting Ukrainian government entities. Researchers described a phishing operation (Operation GhostMail) where a single HTML email body triggered obfuscated JavaScript exploiting the Zimbra XSS flaw when opened in a vulnerable webmail session. The payload was described as harvesting credentials, session tokens, backup 2FA codes, browser-saved passwords, and mailbox contents going back 90 days, with exfiltration over DNS and HTTPS. One referenced target was the Ukrainian State Hydrology Agency.

At least one individual March 18, 2026 • [ phishing, malware, social engineering ] Cyber fraudsters in Navi Mumbai impersonated Mahanagar Gas Limited officials and sent malicious WhatsApp files or links that compromised victims' phones and enabled unauthorized access to their bank accounts.

Nordstrom March 17, 2026 • [ phishing, cryptocurrency scam, SSO compromise ] Cybernews reported Nordstrom customers received fraudulent emails from an official Nordstrom email address promoting a St. Patricks Day double your crypto scam. Reporting cited a source saying the breach occurred via an Okta SSO to Salesforce compromise, and scam emails were sent using Salesforce Marketing Cloud. Analysis of the scam wallet address indicated the attacker received a little over $5,600 in cryptocurrency.

Outpost24 March 16, 2026 • [ phishing, DKIM, social engineering ] SecurityWeek reported that a C-level executive at Outpost24 was targeted with a sophisticated phishing attempt that used a DKIM-signed email, trusted redirection infrastructure, compromised servers, and Cloudflare-protected phishing pages. Outpost24s subsidiary Specops Software said it detected and blocked the attack early before any systems were compromised or users impacted.

At least one member of the Ukrainian armed forces March 16, 2026 • [ espionage, spyware, phishing ] The Record reported researchers attributed a new espionage campaign targeting Ukrainian organizations to the Russia-linked group Laundry Bear (Void Blizzard), active since at least 2024. The campaign used spyware embedded in documents themed around Starlink satellite terminals and a well-known Ukrainian charity. The article is campaign reporting (multiple targets) and does not provide a single named victim incident with bounded impact metrics.

Roan and Eurocamp March 16, 2026 • [ data breach, phishing, supply chain attack ] Roan and Eurocamp disclosed that an unauthorized third party exploited a vulnerability in a third-party technology provider on March 16, 2026 and stole guest booking data later used in WhatsApp scam attempts; no encryption was reported.

Iraqi Ministry of Foreign Affairs email account March 12, 2026 • [ cyber espionage, phishing, intelligence collection ] Proofpoint reported a surge in Iran-linked and conflict-themed cyber espionage activity targeting governments, diplomats, and organizations across the Middle East, often using compromised government email accounts to deliver phishing lures and collect intelligence. Check Point analysis cited overlaps between Iran-linked actors (including MuddyWater and Void Manticore/Handala) and cybercrime tools and infrastructure. This is campaign-level reporting without a single named victim incident and bounded primary-effect metrics.

Slavia Insurance March 10, 2026 • [ data breach, medical records, vendor error ] Czech insurer Slavia pojiovna reported that attackers obtained about 150 GB of sensitive data, including insurance documents, medical records, and direct communications with clients. The companys spokesperson attributed the incident to an error by a supplier/vendor and said the issue was detected by Slavias security systems and remediation steps were underway to prevent recurrence. Public reporting did not identify the attacker or provide counts of affected clients, but indicated the stolen data types are sensitive and could enable fraud or targeted extortion/phishing.

At least one Dutch government official March 9, 2026 • [ social engineering, phishing, state-sponsored hackers ] Dutch intelligence services warned that Russian state hackers are attempting to gain access to large numbers of Signal and WhatsApp accounts belonging to senior officials, military personnel, and civil servants worldwide. The campaign uses social engineering to trick users into revealing verification and PIN codes, including posing as a Signal support chatbot. The report notes Dutch government employees have also been targeted and, in some cases, compromised. This is campaign/advisory reporting rather than a single discrete victim event.

The City of Arab March 9, 2026 • [ phishing, BEC, social engineering ] GovTech reported that the City of Arab, Alabama was hit by a socially engineered phishing/BEC-style fraud in which perpetrators impersonated a legitimate officer of the contractor (FITE Construction) and induced the city to issue a fraudulent payment of $432,739.21 to an unauthorized entity. City leaders stated the fraud was detected internally and triggered a broader investigation. The report focuses on financial loss via social engineering rather than system disruption or data theft.

Westfield Mall of the Netherlands March 9, 2026 • [ phishing, data leak, PII ] Westfield Mall of the Netherlands informed customers that unauthorized persons accessed a database containing information for newsletter subscribers and Westfield Club loyalty program members. Reported exposed fields include first and last name, email address, telephone number, postal code, and date of birth. The mall said no financial data was compromised because bank account numbers, credit card details, and passwords were not stored in the affected database. The mall warned of phishing risk, reported the incident to data protection authorities, and URW filed a complaint with competent authorities.

Undisclosed Qatari organization March 1, 2026 • [ DLL hijacking, PlugX, backdoor malware ] HackRead summarized Check Point Research describing a China-linked campaign beginning March 1, 2026 that used conflict-themed lures and DLL hijacking to install PlugX backdoor malware against targets in Qatar. The report described lures disguised as war news and a separate energy-sector lure delivering a Rust loader and ultimately Cobalt Strike, with the goal of espionage against Qatars military and oil/gas interests.

Undisclosed Israeli individual smartphone March 1, 2026 • [ malware, phishing, spyware ] A trojanized fake Red Alert app delivered through spoofed SMS messages targeted Israeli users and, when installed, enabled theft of messages, contacts, location data, and other device information from affected smartphones.

Scholengemeenschap Bonaire (SGB) February 20, 2026 • [ ransomware, phishing, data theft ] Antilliaans Dagblad reported that Scholengemeenschap Bonaire (SGB) was hit by an international ransomware attack, discovered internally after multiple servers failed to start. Europol reportedly informed police about the broader international attack around the same time. Initial analysis indicated one data server used mainly for archive files was infected, and a relatively small portion of data on that server was stolen; investigators were assessing whether the stolen archive files included personal data. SGB said regular education operations were not impacted because key systems ran in a secured cloud environment (including student/admin platforms and Microsoft Office), and it stated usernames/passwords were not stolen. The school reported filing a police report and notifying the BES data protection oversight body, and required staff and students to change passwords and remain vigilant for phishing.

Local entities in the Cayman Islands (malicious PDF campaign) February 19, 2026 • [ phishing, malware, email security ] RCIPS warned that a malicious PDF was being sent to local entities from a compromised email address. The PDF contained a VIEW PDF link that, when clicked, installs malware; authorities stated they were already aware of some local systems being compromised because recipients clicked the embedded link. The public advisory provided guidance to treat unexpected PDFs as suspicious, avoid clicking the embedded link, and report incidents.

Grange Dental Care February 19, 2026 • [ phishing, fraudulent invoices, system compromise ] Threat actors compromised Grange Dental Cares system and sent fraudulent invoice emails from the practice before the incident was quickly contained.

Mercer Advisors February 16, 2026 • [ cybersecurity breach, ransomware, data leak ] Wealth Management reported a class action lawsuit alleging Mercer Advisors suffered a cybersecurity breach around Feb. 16, 2026 carried out by ShinyHunters. The complaint said ShinyHunters demanded ransom within 48 hours and threatened to leak roughly 5.7 million client records; after Mercer refused to pay, the group published the stolen information. The article states the leaked data includes names, Social Security numbers, and other personal information, raising risks of identity theft, fraud, and highly targeted phishing/social engineering. The report also mentions ShinyHunters targeting other wealth firms, but the primary record is the Mercer breach and alleged publication of client data.

Search Results (Phishing)