Search Results for "phishing"

At least one blockchain developer January 22, 2026 • [ phishing, blockchain, credential theft ] IT technicians and blockchain developers were targeted in a phishing campaign attributed to the NGB 3rd Technical Surveillance Bureau (KONNI/APT37), resulting in unauthorized access to end-user systems and the compromise of stored development and infrastructure credentials.

The Connecticut Port Authority January 22, 2026 • [ Business Email Compromise, Phishing, Financial Fraud ] Connecticut Port Authority officials reported that a subtle change in an email address used to pay a vendor resulted in a fraudulent party receiving more than $16,000 from the quasi-public agency. The report said $16,666 was stolen and that $14,166 of that amount was recovered through an insurance claim. The incident triggered operational changes including renewed focus on encryption and security practices and recurring cybersecurity training. The article did not provide the precise date of the payment, only that it occurred the prior year relative to the January 22, 2026 report.

At least one individual in Greece January 21, 2026 • [ phishing, SMS blaster, rogue mobile base station ] The Record reported that Greek police dismantled a scam operation in the Athens area that used a fake cell tower concealed in a car to send phishing messages to nearby mobile users. Authorities said the device operated as a rogue mobile base station (SMS blaster), mimicking legitimate telecom infrastructure and forcing phones to connect while downgrading them to 2G, which the criminals used to facilitate mass scam messaging. The article focuses on law-enforcement action against the operators and describes the method used; it does not quantify victim counts, confirmed credential theft outcomes, or specific financial losses, so scope and data impacts are coded as undetermined.

At least one Iranian consumer January 20, 2026 • [ Android banking trojan, Remote-access trojan (RAT), Ransomware ] Cyble Research and Intelligence Labs (CRIL) reported discovering deVixor, an advanced Android banking trojan that has remote-access (RAT) capabilities and can also deploy a ransomware-style device lock screen. The campaign explicitly targets Iranian users, distributing malicious APKs via phishing websites posing as legitimate automotive businesses and luring victims with heavily discounted vehicle offers. Once installed, deVixor prompts victims to grant high-risk permissions (contacts, SMS, media files, accessibility service), then harvests SMS data to extract banking information such as account balances, OTPs, bank alerts, credit card details, and crypto transaction data. It also uses WebView-based JavaScript injection to load real banking sites inside a hidden WebView and steal login credentials during authentication. In some cases, operators activate a ransom overlay that locks the device and demands payment to a cryptocurrency wallet. Cyble said it identified 700+ deVixor samples since October 2025 and observed indicators (Persian artifacts, targeted-app lists, Telegram infrastructure) suggesting strong familiarity with Irans financial ecosystem.

At least one Afghan government worker January 20, 2026 • [ phishing, malware, data exfiltration ] The Record reported that attackers targeted Afghan government workers with phishing emails disguised as official correspondence from the office of the countrys prime minister. Researchers said the campaign, first detected in December, used a decoy document resembling a government letter (including a forged signature) to entice recipients in ministries/administrative offices to open it. Once opened, the document delivered malware dubbed FalseCub, designed to collect and exfiltrate data from infected computers. The report is focused on the campaign and malware behavior; it does not list specific compromised agencies, confirmed infection counts, or stolen data volumes, so impacts are coded as undetermined.

Starbucks January 19, 2026 • [ phishing, credential theft, data breach ] Starbucks disclosed a data breach affecting nearly 900 employees after attackers accessed Partner Central (the employee portal used to manage personal details, payroll, and benefits). Starbucks detected the incident on February 6, 2026 and said attackers obtained employee credentials through a phishing attack using fake websites mimicking the Partner Central portal. The company stated unauthorized access to employee accounts occurred between January 19 and February 11, 2026. Starbucks said some employees personal information may have been accessed,including names, Social Security numbers, dates of birth, and bank account and routing numbers, and that affected employees were offered identity-protection services.

Town of La Hague January 13, 2026 • [ intrusion, email compromise, unauthorized access ] The municipality of La Hague (France) announced it was the victim of an intrusion into its information system that impacted internal email accounts. Upon learning of the incident, the commune reported immediate actions including changing passwords for affected and administrator accounts, temporarily suspending email sending for impacted users, notifying relevant authorities (including ANSSI, CERT-FR, DINUM, CNIL, and local digital authorities), informing partners, and filing a formal complaint with the gendarmerie. Specialized law enforcement units began investigating the incident and its consequences while technical teams and service providers conducted parallel analysis. The announcement emphasized heightened vigilance against suspicious links/attachments and stated the municipality was working to restore system security.

Betterment January 9, 2026 • [ social engineering, phishing, data leak ] In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice, Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.

Betterment January 9, 2026 • [ social engineering, data leak, phishing ] TechCrunch reported that Betterment confirmed hackers accessed some of its systems on January 9, 2026 through a social engineering attack involving third-party platforms used for marketing and operations. Betterment said the attackers accessed customer personal information including names, email and postal addresses, phone numbers, and dates of birth, and used that access to send fraudulent scam notifications to users. The company said it detected and revoked unauthorized access the same day, launched an investigation with external help, and stated its ongoing investigation indicated no customer accounts were accessed and no passwords or login credentials were compromised. Betterment did not disclose how many customers were affected.

At least one Booking.com user January 7, 2026 • [ phishing, social engineering, malware ] Research summarized by Cybernews described a ClickFix social-engineering campaign abusing Booking.com branding. Victims receive phishing emails about a cancelled reservation and a large charge; clicking through leads to a fake Booking.com page with a fake refresh flow and a simulated Blue Screen of Death. The page instructs the user to paste/run a malicious script (PowerShell) via Windows Run, which then fetches and executes remote code, disables Windows Defender, and establishes persistence with C2 connectivity. The link is campaign/threat-intel reporting and does not provide a single confirmed victim organization or a bounded incident count, but it describes successful infections driven by user-executed commands.

At least one hospitality company in Europe January 5, 2026 • [ phishing, malware, unauthorized access ] The article reports that Russian-linked threat actors targeted European hospitality companies using phishing emails masquerading as booking inquiries. Victims who opened the attachments triggered malware that displayed a fake blue screen while enabling unauthorized access to internal systems.

At least one PT Taspen customer January 1, 2026 • [ scam, phishing, malware ] The online scam involving PT Taspen, which involved sending APK files to retirees, represents an increasingly structured and dangerous form of cybercrime, particularly as it involves the specific exploitation of personal data. The malicious APK applications sent to victims were designed to resemble official PT Taspen apps and were used to trick users into unknowingly granting access to various sensitive elements on their Android devices.

At least one government official January 1, 2026 • [ espionage, phishing, surveillance tools ] A Mustang Panda espionage campaign (late Dec 2025 to mid-Jan 2026) using fake diplomatic briefing documents to trick high-level targets into installing surveillance tools. It does not provide a single named victim organization with a confirmed primary effect suitable for one incident record; it is campaign-level reporting.

Pine Bluff School District December 17, 2025 • [ business email compromise, phishing, fraud ] A compromised Pine Bluff School District email account was used in a business email compromise scheme to insert fraudulent wiring instructions into legitimate vendor correspondence, causing the district to transfer approximately $3.2 million to scammers in December 2025.

Raaga December 15, 2025 • [ data leak, unauthorized access, credential stuffing ] Raaga confirmed that an unauthorized party accessed a legacy database and that the extracted user data was later advertised for sale on an underground hacking forum during December 2025. Reporting described the exposed dataset as affecting more than 10.2 million user accounts and including personal and account-related fields such as names, email addresses, usernames, hashed passwords, and account creation dates, with partial location data in some cases. The company stated it secured the relevant access points tied to the exposed system, reset passwords for impacted accounts, and implemented additional monitoring while working with cybersecurity specialists and notifying law enforcement. Even without payment data, the combination of emails and password hashes creates elevated risk of credential stuffing, targeted phishing, and account takeover.

Warren County December 12, 2025 • [ phishing, Business Email Compromise (BEC), payment diversion ] Warren County officials said the county Treasurers Office transmitted two electronic payments to a fraudulent bank account as part of a phishing scheme: one for $2.1 million on December 12, 2025, and another for $1.2 million on December 22, 2025. The incident was investigated by the Warren County Sheriffs Office, which reported identifying a person of interest. At the time of reporting, officials said the $1.2 million payment had been recovered and restored, while the initial loss totaled $3.3 million. The report frames the event as successful payment diversion via phishing/BEC rather than system disruption.

China Xinchuang Initiative (at least one affiliated organization) December 9, 2025 • [ phishing, malware, espionage ] Security researchers reported a spear-phishing and malware campaign attributed to APT32 that successfully compromised at least one organization within Chinas Xinchuang Initiative IT ecosystem, resulting in unauthorized access for espionage purposes.

Greater St. Louis Oral & Maxillofacial Surgery PC December 4, 2025 • [ phishing, data leak ] Unauthorized access to a server-hosted employee email account resulted in exposure of patient personal and protected health information and use of the account to send phishing emails.

4 Student Email Accounts at New Haven Public Schools November 20, 2025 • [ phishing, data leak ] A phishing campaign against New Haven Public Schools used compromised student email accounts to send more than 10,000 messages districtwide that spoofed legitimate requests for bank details. Over 1,000 students opened the emails and an unknown number submitted financial and personal information, putting families at immediate risk of fraud and identity theft. The districts IT team is resetting affected accounts, purging malicious messages, and warning students to contact their banks and avoid clicking suspicious links.

Coupang November 18, 2025 • [ data leak, phishing ] South Korean e-commerce firm Coupang reported that an unauthorized third party accessed a customer database and exfiltrated personal information on about 4,500 users. Exposed fields included names, contact details, shipping addresses, and information about recent purchases, raising the risk of targeted phishing and fraud using order history. Coupang says it blocked the intruders access as soon as the breach was detected and has notified regulators and customers while monitoring for signs of misuse of the stolen data.

Search Results (phishing)