Mastodawn

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTMtoken compromise - https://www.redpacketsecurity.com/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitmtoken-compromise/

#threatintel
#aiTM-phishing
#credential-theft
#phishing-attack
#adversary-in-the-middle
#cybersecurity-awareness

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTMtoken compromise - RedPacket Security

Phishing campaigns continue to improve sophistication and refinement in blending social engineering, delivery and hosting infrastructure, and authentication

RedPacket Security

RedPacket Security Apr 10

Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees - https://www.redpacketsecurity.com/investigating-storm-2755-payroll-pirate-attacks-targeting-canadian-employees/

#threatintel
#payroll-pirate-attacks
#AiTM
#phishing-resistant-MFA
#Workday
#Canada

Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees - RedPacket Security

Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor that Microsoft tracks as

RedPacket Security

CyberNetsecIO Mar 27

📰 Sophisticated AiTM Phishing Campaign Targets TikTok for Business Accounts to Bypass MFA

⚠️ Phishing Alert: Sophisticated AiTM campaign targeting TikTok for Business accounts to bypass MFA and steal session cookies. Attackers use Google Storage URLs to evade detection. #Phishing #AiTM #TikTok

🔗 https://cyber.netsecops.io/articles/phishing-campaign-targets-tiktok-for-business-accounts-with-aitm-kits/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Sophisticated AiTM Phishing Campaign Targets TikTok for Business Accounts to Bypass MFA

A sophisticated adversary-in-the-middle (AiTM) phishing campaign is actively targeting TikTok for Business accounts to steal credentials, session cookies, and bypass MFA.

CyberNetSec.io

RedPacket Security Mar 5

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale - https://www.redpacketsecurity.com/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale/

#threatintel
#tycoon2fa
#aitm
#phishing
#mfa
#cybercrime

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale - RedPacket Security

Following its emergence in August 2023, Tycoon2FA rapidly became one of the most widespread phishing-as-a-service (PhaaS) platforms, enabling campaigns

RedPacket Security

PressMind Labs Feb 6

DKnife – nowy cyberzagrożenie w routerach zmienia zasady bezpieczeństwa sieci

Czy Twój router to tylko nudne pudełko do Wi-Fi? DKnife pokazuje, że to może być idealna budka podsłuchowa – tuż przy drzwiach Twojej sieci.

Czytaj dalej:
https://pressmind.org/dknife-nowy-cyberzagrozenie-w-routerach-zmienia-zasady-bezpieczenstwa-sieci/

#PressMindLabs #aitm #darknimbus #dknife #routery #shadowpad

RedPacket Security Jan 22

Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint - https://www.redpacketsecurity.com/resurgence-of-a-multi-stage-aitm-phishing-and-bec-campaign-abusing-sharepoint/

#threatintel
#AiTM phishing
#BEC
#SharePoint abuse
#MFA bypass
#Energy sector security

Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint - RedPacket Security

Microsoft Defender Researchers uncovered a multi‑stage adversary‑in‑the‑middle (AiTM) phishing and business email compromise (BEC) campaign targeting multiple

RedPacket Security

RedPacket Security Jan 7

Phishing actors exploit complex routing and misconfigurations to spoof domains - https://www.redpacketsecurity.com/phishing-actors-exploit-complex-routing-and-misconfigurations-to-spoof-domains/

#threatintel
#phishing
#spoofing
#AiTM
#Tycoon2FA
#email-security

Phishing actors exploit complex routing and misconfigurations to spoof domains - RedPacket Security

Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing

RedPacket Security

Security Land Dec 24

A five-month spearphishing operation discovered by Socket has transformed the npm registry into a durable hosting layer for AiTM credential theft, specifically targeting sales teams in the manufacturing and healthcare industries.

#SecurityLand #Cybersecurity #Research #NPM #Phishing #CriticalInfrastructure #AiTM #Spearphishing #Dev

npm Registry Abused for Targeted Spearphishing Campaign

A five-month spearphishing operation has transformed the npm registry into a durable hosting layer for AiTM credential theft, specifically targeting sales teams in the manufacturing and healthcare industries.

Security Land | Decoding the Cyber Threat Landscape

Security Land Sep 15, 2025

VoidProxy phishing-as-a-service bypasses MFA & SSO for Microsoft 365/Google accounts. Okta Threat Intelligence reveals sophisticated AitM attacks defeating modern authentication. Enterprise security teams: reassess your defenses NOW.

#SecurityLand #ThreatHorizon #CyberSecurity #PhishingAttack #EnterpriseSecurity #AitM #Phishing #VoidProxy

VoidProxy Emerges as Advanced Phishing-as-a-Service Platform Targeting Enterprise Authentication Systems | Security Land

VoidProxy phishing platform bypasses MFA and SSO security, targeting Microsoft 365 and Google accounts through sophisticated AitM attacks.

Security Land

Bitwiper Sep 14, 2025

1) security.nl
2) http:⧸⧸gw.defensie.nl
3) https:⧸⧸gemeente.amsterdam

Nb. in 2 en 3 heb ik ⧸⧸ i.p.v. // gebruikt om te voorkómen dat Mastodon er resp.
http://gw.defensie.nl
en
https://gemeente.amsterdam
van maakt (m.i. zou Mastodon OP Z'N MINST "http://" in link 2 moeten laten zien).

Zie https://www.security.nl/posting/904650/security_nl+-%3E+http%3A__security_nl.

#httpVShttps #AitM #QRcodes #EvilTwin #PublicWifi #InfoSec #httpsVShttp #E2EE #Tunnel #TLS #SSL