Search Results for "phishing"

Based Apparel May 21, 2026 • [ malware, infostealer, social engineering ] Based Apparel's merchandise website was compromised and used to present visitors with a fake Cloudflare-style verification prompt that attempted to trick macOS users into running commands that installed infostealer malware. Reporting described the malware as commodity infostealer/Trojan activity intended to steal credentials and passwords. The website was taken offline after the compromise was reported; no confirmed theft of Based Apparel data or visitor data was publicly reported.

Village of Chase May 19, 2026 • [ Business Email Compromise (BEC), Fraud, Financial Loss ] A vendors email account was compromised, causing the Village of Chase to send a payment to fraudulent bank details, resulting in a loss of $44,536; most of the funds were recovered and the loss was covered by prioryear surplus.

At least one Claude Code user April 30, 2026 • [ malware, fake installer, credential harvesting ] A fake Claude Code installer campaign likely affected many users searching for Anthropic's Claude Code tool, though public reporting did not identify specific victims or quantify the total number infected. The campaign delivered a PowerShell payload that extracted decrypted cookies, saved passwords, and payment data from Chromium-based browsers on infected machines. Public reporting did not identify the specific actor, country, volume of stolen data, or any operational disruption.

Individual Filipino pensioner April 28, 2026 • [ vishing, phishing, malware ] A 68-year-old Filipino pensioner received a fraudulent call claiming to be from the Social Security System and was sent a Viber link to a fake app. After installation, malware hijacked his Android phone, froze the screen and power button, and allowed thieves to drain three bank accounts and two e-wallets, stealing more than 1 million.

Canada Life April 20, 2026 • [ extortion, data leak, phishing ] In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data.

Carnival April 18, 2026 • [ phishing, extortion, data leak ] In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.

University of Cambridge April 17, 2026 • [ phishing, credential theft, account compromise ] Students and staff received phishing emails appearing to come from compromised University of Cambridge accounts; related messages contained links designed to steal login credentials and enable further account compromise.

Pitney Bowes April 8, 2026 • [ phishing, extortion, data leak ] Pitney Bowes identified unauthorized access to certain records in its Salesforce customer relationship management environment on April 9, 2026, after a phishing attack compromised an employee email account the previous night. ShinyHunters claimed to have obtained Pitney Bowes data as part of a broader extortion campaign and later released data containing 8.2 million unique email addresses, names, phone numbers, physical addresses, and some employee job-title records. Irish reporting separately confirmed that 137 Revenue Commissioners employees were affected through the Pitney Bowes supplier breach, with professional contact details exposed but no Revenue passwords or taxpayer data stolen.

City of Ardmore April 8, 2026 • [ ransomware, phishing, data leak ] On April 8, 2026, ransomware encrypted Ardmore police/internal servers after a phishing email; the incident was contained within hours, and information tied to criminal complaints and investigations, including names, addresses, and phone numbers, may have been exposed.

At least one Facebook Business account owner April 1, 2026 • [ phishing, account takeover, credential harvesting ] The AccountDumpling phishing campaign, linked to Vietnamese criminal actors, abused Google AppSheet as a phishing relay to send authenticated phishing emails impersonating Meta/Facebook support. The phishing pages harvested Facebook Business account credentials, recovery information, 2FA codes, and identity documents, enabling account takeover and resale through an illicit storefront. Reporting mapped roughly 30,000 compromised accounts across more than 50 countries.

Maine state government March 30, 2026 • [ phishing, email account compromise, unauthorized access ] State officials discovered that a Maine government employees email account had been accessed by cybercriminals, who used it to send phishing messages to internal staff and external contacts. The Security Operations Center secured the account, shut down the suspicious activity, and stopped additional unauthorized emails. No evidence of personal or sensitive data access was reported.

At least one TikTok Business account March 24, 2026 • [ phishing, adversary-in-the-middle, credential theft ] Threat actors used adversary-in-the-middle phishing pages impersonating TikTok for Business and Google Careers to capture credentials and session cookies and hijack at least one TikTok Business account while bypassing 2FA.

At least one Ukrainian official March 23, 2026 • [ phishing, remote administration tool, malware ] A pro-Russian group tracked as UAC-0255 and linked to CyberSerp sent phishing emails impersonating CERT-UA and successfully infected a small number of devices in Ukraine with the AgeWheeze remote administration tool, enabling remote control of compromised systems.

The Ukrainian State Hydrology Agency March 19, 2026 • [ phishing, vulnerability exploitation, XSS ] BleepingComputer reported that Russia-linked APT28 (GRU) exploited a Zimbra Collaboration Suite vulnerability (CVE-2025-66376) in attacks targeting Ukrainian government entities. Researchers described a phishing operation (Operation GhostMail) where a single HTML email body triggered obfuscated JavaScript exploiting the Zimbra XSS flaw when opened in a vulnerable webmail session. The payload was described as harvesting credentials, session tokens, backup 2FA codes, browser-saved passwords, and mailbox contents going back 90 days, with exfiltration over DNS and HTTPS. One referenced target was the Ukrainian State Hydrology Agency.

At least one individual March 18, 2026 • [ phishing, malware, social engineering ] Cyber fraudsters in Navi Mumbai impersonated Mahanagar Gas Limited officials and sent malicious WhatsApp files or links that compromised victims' phones and enabled unauthorized access to their bank accounts.

Nordstrom March 17, 2026 • [ phishing, cryptocurrency scam, SSO compromise ] Cybernews reported Nordstrom customers received fraudulent emails from an official Nordstrom email address promoting a St. Patricks Day double your crypto scam. Reporting cited a source saying the breach occurred via an Okta SSO to Salesforce compromise, and scam emails were sent using Salesforce Marketing Cloud. Analysis of the scam wallet address indicated the attacker received a little over $5,600 in cryptocurrency.

Outpost24 March 16, 2026 • [ phishing, DKIM, social engineering ] SecurityWeek reported that a C-level executive at Outpost24 was targeted with a sophisticated phishing attempt that used a DKIM-signed email, trusted redirection infrastructure, compromised servers, and Cloudflare-protected phishing pages. Outpost24s subsidiary Specops Software said it detected and blocked the attack early before any systems were compromised or users impacted.

At least one member of the Ukrainian armed forces March 16, 2026 • [ espionage, spyware, phishing ] The Record reported researchers attributed a new espionage campaign targeting Ukrainian organizations to the Russia-linked group Laundry Bear (Void Blizzard), active since at least 2024. The campaign used spyware embedded in documents themed around Starlink satellite terminals and a well-known Ukrainian charity. The article is campaign reporting (multiple targets) and does not provide a single named victim incident with bounded impact metrics.

Roan and Eurocamp March 16, 2026 • [ data breach, phishing, supply chain attack ] Roan and Eurocamp disclosed that an unauthorized third party exploited a vulnerability in a third-party technology provider on March 16, 2026 and stole guest booking data later used in WhatsApp scam attempts; no encryption was reported.

One Syrian government email account March 12, 2026 • [ phishing, credential harvesting, account compromise ] Proofpoint also observed activity from a cluster tracked as UNK_NightOwl that sent phishing emails to a Middle Eastern government ministry using both a compromised Syrian government account and an attacker-controlled address. The emails referenced the escalating conflict and directed recipients to a domain spoofing Microsoft OneDrive that hosted an Outlook Web App-style credential harvesting page before redirecting victims to a legitimate conflict monitoring site.

Search Results (phishing)