Search Results for "phishing"

Scholengemeenschap Bonaire (SGB) February 20, 2026 • [ ransomware, phishing, data theft ] Antilliaans Dagblad reported that Scholengemeenschap Bonaire (SGB) was hit by an international ransomware attack, discovered internally after multiple servers failed to start. Europol reportedly informed police about the broader international attack around the same time. Initial analysis indicated one data server used mainly for archive files was infected, and a relatively small portion of data on that server was stolen; investigators were assessing whether the stolen archive files included personal data. SGB said regular education operations were not impacted because key systems ran in a secured cloud environment (including student/admin platforms and Microsoft Office), and it stated usernames/passwords were not stolen. The school reported filing a police report and notifying the BES data protection oversight body, and required staff and students to change passwords and remain vigilant for phishing.

Local entities in the Cayman Islands (malicious PDF campaign) February 19, 2026 • [ phishing, malware, email security ] RCIPS warned that a malicious PDF was being sent to local entities from a compromised email address. The PDF contained a VIEW PDF link that, when clicked, installs malware; authorities stated they were already aware of some local systems being compromised because recipients clicked the embedded link. The public advisory provided guidance to treat unexpected PDFs as suspicious, avoid clicking the embedded link, and report incidents.

Grange Dental Care February 19, 2026 • [ phishing, fraudulent invoices, system compromise ] Threat actors compromised Grange Dental Cares system and sent fraudulent invoice emails from the practice before the incident was quickly contained.

At least one Bitcoin owner February 15, 2026 • [ cryptocurrency, phishing, malicious javascript ] BleepingComputer described a campaign where threat actors abused Pastebin comments to distribute a ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser. The technique enables attackers to hijack crypto swap transactions and redirect funds to attacker-controlled wallets.

At least one European official February 9, 2026 • [ social engineering, scams, QR-code device linking ] Social engineering against Signal users using fake support scams and QR-code device linking to spy on targets.

Flickr (via an undisclosed third-party provider) February 5, 2026 • [ data leak, third-party risk, phishing ] Flickr notified users of a potential data breach after a vulnerability in a system operated by one of its third-party email service providers may have allowed unauthorized access to member information. Flickr said it was alerted on February 5, 2026 and shut down access to the affected system within hours. The company stated that passwords and payment card numbers were not compromised. Exposed data may include real names, email addresses, usernames, account type, IP address, general location, and platform activity; Flickr urged vigilance for phishing and recommended changing passwords on other services if reused.

Portland Public Schools February 3, 2026 • [ phishing, email compromise, unauthorized access ] A phishing email offering a fake part-time job opportunity was sent to students after a staff email account (reported as a teacher account) was compromised. Because the message originated from an internal staff account, it bypassed normal restrictions and reached many student inboxes across the district. The district technology department removed copies of the email from the school system and issued guidance for students who submitted information to the linked form. The confirmed effect is unauthorized use of an internal account to distribute phishing content; the report does not confirm broader system compromise or data exfiltration beyond what students may have submitted to the scam.

At least one use of GhostChat February 2, 2026 • [ spyware, phishing, mobile malware ] A fake Android dating app (GhostChat) identified by researchers as spyware. The app lures victims with locked profiles and fake access codes, then redirects them to WhatsApp and abuses permissions to extract data from victims phones.

Westport Public Schools email account February 2, 2026 • [ phishing, email hijacking, data leak ] Student-submitted personal info via linked Google Form: name, email address, home address, date of birth, grade level, and bank name","Westport Public Schools reported that a district staff email account (identified as a Spanish teachers account) was hijacked on a Friday afternoon and then used to send a phishing email to students in grades K12 with the subject line Employment Program For Westport Public Schools. The message advertised a work-from-home employment program connected to Feed the Children and included a linked Google Form encouraging students to apply. Because the email originated from an internal staff account, it bypassed normal email restrictions and reached student inboxes across the district, including Staples High School. District officials said the technology department removed all copies of the email from the school system and began identifying students who clicked the link and may have submitted personal information; families of students who filled out the form were contacted directly and advised to monitor accounts for fraud. Officials stated no district systems were breached beyond the single compromised email account and that student school-issued accounts remained secure.

Figure January 28, 2026 • [ social engineering, fintech, data leak ] In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.

Cuero Chamber of Commerce January 26, 2026 • [ malware, social engineering, ClickFix ] The Cuero Chamber of Commerce reported a malware/social engineering incident affecting its web properties after a customer noticed suspicious activity in an email sent January 26. The chamber said users registering for an event were shown a CAPTCHA prompt and then instructed to press Windows+R and paste/run contentbehavior consistent with ClickFix social engineering designed to trick victims into executing malicious commands on their own devices. The chamber stated that the Cuero Development Corporation website was the only confirmed security breach and that significant data loss occurred, and it believed the malware was introduced via a third-party platform (Shopify) used for event registration. The chamber said it could not determine how many people or organizations were affected and implemented additional safeguards.

At least one blockchain developer January 22, 2026 • [ phishing, blockchain, credential theft ] IT technicians and blockchain developers were targeted in a phishing campaign attributed to the NGB 3rd Technical Surveillance Bureau (KONNI/APT37), resulting in unauthorized access to end-user systems and the compromise of stored development and infrastructure credentials.

The Connecticut Port Authority January 22, 2026 • [ Business Email Compromise, Phishing, Financial Fraud ] Connecticut Port Authority officials reported that a subtle change in an email address used to pay a vendor resulted in a fraudulent party receiving more than $16,000 from the quasi-public agency. The report said $16,666 was stolen and that $14,166 of that amount was recovered through an insurance claim. The incident triggered operational changes including renewed focus on encryption and security practices and recurring cybersecurity training. The article did not provide the precise date of the payment, only that it occurred the prior year relative to the January 22, 2026 report.

At least one individual in Greece January 21, 2026 • [ phishing, SMS blaster, rogue mobile base station ] The Record reported that Greek police dismantled a scam operation in the Athens area that used a fake cell tower concealed in a car to send phishing messages to nearby mobile users. Authorities said the device operated as a rogue mobile base station (SMS blaster), mimicking legitimate telecom infrastructure and forcing phones to connect while downgrading them to 2G, which the criminals used to facilitate mass scam messaging. The article focuses on law-enforcement action against the operators and describes the method used; it does not quantify victim counts, confirmed credential theft outcomes, or specific financial losses, so scope and data impacts are coded as undetermined.

At least one Iranian consumer January 20, 2026 • [ Android banking trojan, Remote-access trojan (RAT), Ransomware ] Cyble Research and Intelligence Labs (CRIL) reported discovering deVixor, an advanced Android banking trojan that has remote-access (RAT) capabilities and can also deploy a ransomware-style device lock screen. The campaign explicitly targets Iranian users, distributing malicious APKs via phishing websites posing as legitimate automotive businesses and luring victims with heavily discounted vehicle offers. Once installed, deVixor prompts victims to grant high-risk permissions (contacts, SMS, media files, accessibility service), then harvests SMS data to extract banking information such as account balances, OTPs, bank alerts, credit card details, and crypto transaction data. It also uses WebView-based JavaScript injection to load real banking sites inside a hidden WebView and steal login credentials during authentication. In some cases, operators activate a ransom overlay that locks the device and demands payment to a cryptocurrency wallet. Cyble said it identified 700+ deVixor samples since October 2025 and observed indicators (Persian artifacts, targeted-app lists, Telegram infrastructure) suggesting strong familiarity with Irans financial ecosystem.

At least one Afghan government worker January 20, 2026 • [ phishing, malware, data exfiltration ] The Record reported that attackers targeted Afghan government workers with phishing emails disguised as official correspondence from the office of the countrys prime minister. Researchers said the campaign, first detected in December, used a decoy document resembling a government letter (including a forged signature) to entice recipients in ministries/administrative offices to open it. Once opened, the document delivered malware dubbed FalseCub, designed to collect and exfiltrate data from infected computers. The report is focused on the campaign and malware behavior; it does not list specific compromised agencies, confirmed infection counts, or stolen data volumes, so impacts are coded as undetermined.

Town of La Hague January 13, 2026 • [ intrusion, email compromise, unauthorized access ] The municipality of La Hague (France) announced it was the victim of an intrusion into its information system that impacted internal email accounts. Upon learning of the incident, the commune reported immediate actions including changing passwords for affected and administrator accounts, temporarily suspending email sending for impacted users, notifying relevant authorities (including ANSSI, CERT-FR, DINUM, CNIL, and local digital authorities), informing partners, and filing a formal complaint with the gendarmerie. Specialized law enforcement units began investigating the incident and its consequences while technical teams and service providers conducted parallel analysis. The announcement emphasized heightened vigilance against suspicious links/attachments and stated the municipality was working to restore system security.

Betterment January 9, 2026 • [ social engineering, phishing, data leak ] In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice, Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.

Betterment January 9, 2026 • [ social engineering, data leak, phishing ] TechCrunch reported that Betterment confirmed hackers accessed some of its systems on January 9, 2026 through a social engineering attack involving third-party platforms used for marketing and operations. Betterment said the attackers accessed customer personal information including names, email and postal addresses, phone numbers, and dates of birth, and used that access to send fraudulent scam notifications to users. The company said it detected and revoked unauthorized access the same day, launched an investigation with external help, and stated its ongoing investigation indicated no customer accounts were accessed and no passwords or login credentials were compromised. Betterment did not disclose how many customers were affected.

At least one Booking.com user January 7, 2026 • [ phishing, social engineering, malware ] Research summarized by Cybernews described a ClickFix social-engineering campaign abusing Booking.com branding. Victims receive phishing emails about a cancelled reservation and a large charge; clicking through leads to a fake Booking.com page with a fake refresh flow and a simulated Blue Screen of Death. The page instructs the user to paste/run a malicious script (PowerShell) via Windows Run, which then fetches and executes remote code, disables Windows Defender, and establishes persistence with C2 connectivity. The link is campaign/threat-intel reporting and does not provide a single confirmed victim organization or a bounded incident count, but it describes successful infections driven by user-executed commands.

Search Results (phishing)