A data breach has exposed sensitive information from about 17.5 million Instagram accounts, including usernames, email addresses, phone numbers, and physical addresses. This information is being traded on the dark web, raising risks for identity theft and phishing attacks. Users are advised to enable two-factor authentication and change their passwords.

A misconfigured Azure Blob storage container belonging to TalentHook has exposed nearly 26 million resumes, containing sensitive personal information of US job seekers. This breach poses significant risks for identity theft and targeted phishing attacks, leading to potential harassment and fraud against individuals whose data was leaked.

Scammers are increasingly posing as legitimate customer support representatives by using fake support numbers for popular services like Apple, Netflix, and PayPal. These fraudulent operations exploit unsuspecting users, often leading to financial loss and compromised personal information. Awareness and vigilance are crucial in protecting oneself from these scams.

Hackers are employing a sophisticated phishing technique that leverages legitimate Microsoft links and Active Directory Federation Services (ADFS) to redirect users to a counterfeit site designed to steal Microsoft 365 logins. By utilizing a trusted domain for redirection, attackers can bypass standard security measures, including multi-factor authentication. Researchers recommend monitoring for ADFS redirects and scrutinizing Google ads for potential malicious links.

A significant rise in identity-based cyberattacks, driven by advanced phishing kits and infostealers, has led to a 156% increase in login-targeting attacks, making them 59% of all investigations by eSentire. Organizations are urged to adopt stronger security measures, such as passkeys, to combat the growing threat of business email compromise (BEC) and ransomware, which are often facilitated by phishing-as-a-service platforms.