Scammers are using Pride Month themes in phishing emails to trick employees into revealing their login details. The campaign, identified by Mimecast, has targeted organizations well ahead of the actual event, primarily in the UK and the US, and employs tactics like impersonation and lookalike pages for credential theft.

The cybercriminal group ShinyHunters is targeting around 100 organizations in a campaign aimed at stealing Okta single sign-on credentials. Companies like Atlassian and Canva are included among the targets, with reports of successful breaches at Crunchbase and Betterment. Experts recommend stronger multi-factor authentication measures to combat these threats.

Quantum Route Redirect is an automated phishing platform that uses around 1,000 domains to steal Microsoft 365 credentials. Most attacks are via emails disguised as DocuSign requests or payment notifications, primarily affecting users in the U.S. Security experts recommend robust URL filtering to defend against these threats.

Researchers have identified four new phishing kits—BlackForce, GhostFrame, InboxPrime AI, and Spiderman—that enable large-scale credential theft. These kits utilize advanced techniques, including AI automation and evasion strategies, to deceive users and bypass security measures.

The blog post discusses a sophisticated phishing scam that impersonates Google Careers, highlighting its various tactics and the challenges it presents in identifying and preventing such attacks. It emphasizes the need for heightened awareness and security measures among users to protect their credentials from these evolving scams.

MokN Baits are advanced defensive phishing pages designed to lure attackers into revealing compromised credentials. By filtering out noise and providing tailored threat intelligence, MokN helps organizations effectively monitor and respond to real threats targeting their systems, enhancing security beyond traditional methods like dark web monitoring and MFA.

Attackers are exploiting link wrapping services from companies like Proofpoint and Intermedia to mask malicious URLs that lead to Microsoft 365 phishing pages. By compromising protected email accounts, the threat actor is able to disguise harmful links in phishing campaigns, thus increasing the likelihood of credential theft from victims.