Tag: phishing
Cybersecurity Threat Advisory: Google security page spoofed in PWA attack
A phishing campaign is using a spoofed Google Account security page to distribute a malicious Progressive Web App (PWA). The app is designed to steal one‑time passcodes, collect cryptocurrency wallet addresses, and turn victims’ browsers into proxies for attacker traffic....
MSPs must adapt to stay ahead of AI-driven phishing
Phishing has long been cybercriminals’ weapon of choice — and the numbers remain sobering. In 2024, the FBI recorded 193,407 phishing complaints in the U.S. alone, while Business Email Compromise schemes caused $2.77 billion in losses. And when a breach...
The new face of phishing: Why traditional defenses are failing your customers in 2026
As we navigate the start of 2026, the cybersecurity landscape has reached a critical inflection point. For managed services providers (MSPs), the challenge is no longer just identifying “the bad guys;” it’s identifying the “perfectly simulated guys.” In 2025, phishing...
Email Threat Radar — January 2026
From QR code deception to callback phishing and more: An overview of emerging email threats and attack trends Over the last month, Barracuda threat analysts have investigated the following email threats targeting organizations and their employees: Tycoon phishing kit using QR codes...
Cybersecurity Threat Advisory: DLL sideloading backdoors via LinkedIn messages
A multi‑faceted phishing campaign is using LinkedIn private messages to deliver weaponized payloads that execute through DLL sideloading. The activity involves legitimate‑looking PDFs, a malicious sideloaded DLL, a Python interpreter PE, and decoy archives. Review the recommendations in this Cybersecurity...
Threat Spotlight: How phishing kits evolved in 2025
In 2025, 90 percent of high-volume phishing campaigns leveraged Phishing-as-a-Service (PhaaS) kits. These kits have transformed the phishing landscape, enabling even less-skilled cybercriminals to access advanced tools and automation and launch large-scale, targeted phishing campaigns, often impersonating legitimate services and...
Staying cyber safe while hackers chase holiday cheer
The holidays are almost upon us. That means pass the stuffing, brine the turkey, wrap the presents, and hang the stockings with care. It also means hackers are hiding in the holly, waiting for a moment of distraction from all...
Threat Spotlight: Unpacking a stealthy new phishing kit targeting Microsoft 365
In this edition of the Threat Spotlight we see that Phishing-as-a-Service (PhaaS) platforms dominate the email threat landscape. The most prominent are sophisticated, well-resourced platforms offering tools, infrastructure, and support in return for payment or a share of the profits....
Cybersecurity Threat Advisory: ChaosBot malware exploits Discord
A recently discovered Rust-based malware called ChaosBot is being used compromise computers via Discord channels. Review the details within this Cybersecurity Threat Advisory to learn more and see how to protect your system. What is the threat? ChaosBot is a...
Threat Spotlight: Tycoon phishing kit reveals new techniques to hide malicious links
Phishing emails often feature malicious links (URLs) that lead victims to fake websites where they are infected with harmful software or tricked into giving away personal information such as their account credentials. Uncover how these attacks work in the latest...
