A recent phishing attempt exploited a legitimate Zoom email notification to deceive users into entering their Gmail credentials on a fake login page. The attackers used a "bot protection" gate to enhance the page's legitimacy, allowing for real-time credential exfiltration via WebSocket connections, showcasing how trusted platforms can be manipulated for cybercrime.

A credential harvesting campaign targeting ScreenConnect super administrators has been identified, leveraging low-volume spear phishing tactics with the EvilGinx framework. The operation aims to capture super admin credentials for potential ransomware deployment, utilizing sophisticated techniques to bypass traditional security measures. Mimecast has implemented protective measures and recommends user education and technical controls to mitigate the threat.