PIXM Blog

  The first half of September witnessed yet new records of Microsoft spearphish volume, with threat actors employing advanced evasion techniques, including payload encryption, device fingerprinting, and infrastructure abuse of reputable hosts like Backblaze, Hostinger, and Telegram’s Bot API. The same period saw sustained phishing targeting of personal accounts on work devices like American Express […]

Later August saw records of phishing activity spanning Microsoft support scams, Adobe file shares and Paperless Post deliveries. Tactics involved MFA relay kits and usage of CloudFlare infrastructure to evade detection. The same period saw continued targeting of personal accounts like Amazon and Yahoo on work devices. Below are some examples and highlights. tgcj86gcjyp[.]z13[.]web[.]core[.]windows[.]net hdbn46dhu[.]z13[.]web[.]core[.]windows[.]net […]

The first half of August has seen a major surge in Microsoft support scams using keyboard locks and other tactics to prod users to calling targeted call centers. Other Microsoft phishing attacks during this period made use of aggressive device fingerprinting, MFA relay tactics, and deliveries through event invites and PDFs. We also observed similar […]

  Phishing targeting users on work devices is not slowing down over the summer, with many employees taking their laptops home for the summer vacation months. The second half of July saw a pronounced surge in Microsoft and Outlook spearphish that demonstrated a number of interesting tactics, including multi-factor authentication phishing kits and distributed phishing […]

  The last week of June and early July saw a surge in zero-day phishing attacks targeting both corporate Microsoft/Outlook logins and personal web services (e-commerce, streaming, and email) on work devices.  Threat actors employed sophisticated tactics – from obfuscated JavaScript and fake OAuth login flows to Telegram-based exfiltration – allowing many of these phishing […]

  Early-mid June saw a surge of phishing campaigns targeting Amazon, Microsoft and Netflix accounts, including phishing kits capable of harvesting extensive personal data, like social security numbers and bank access numbers. Many Microsoft-themed attacks employed advanced evasive tactics – such as heavily obfuscated scripts, anti-scanning measures, and simulated multi-factor authentication steps. Meanwhile, an Amazon […]

  The end of May and first week of June 2025 saw a sharp uptick in zero-day phishing campaigns targeting corporate login credentials, with additional campaigns impersonating Amazon and even U.S. government login services (ID.me for IRS). Threat actors employed sophisticated evasive techniques – from multi-layer code encryption and clipboard hijacking to spoofing Microsoft’s own […]

  A surge of sophisticated zero-day phishing campaigns was observed in mid-May 2025, targeting a wide range of services including social media, e-commerce, enterprise email, telecommunications, and streaming platforms. Attackers leveraged legitimate cloud services and compromised infrastructure – from professional learning platforms to web hosting and cloud app environments – to lend credibility to their […]

The first half of May saw a continued surge in stealthy zero-day phishing attacks bypassing MFA. Between April 25 and May 8, attackers targeted both corporate email accounts (Microsoft 365/Outlook) and personal web services (e-commerce, streaming, personal email) used by employees. Many of these spear phishing pages employed multi-step login flows, fake multi-factor authentication (MFA) […]

The beginning of April has seen continued targeting of corporate credentials via stealthy means and file share platforms as well as personal account phishing on work devices, including a marked increase in financial services and Netflix phishing campaigns, often including a tech support component. Here are a few examples and highlights.   Phishing URLs   […]