PIXM Blog
December Zero-Day Phishing Threat Intel
Overview The last two weeks have seen an uptick in spearphish targeting corporate users on their personal accounts as well as a burst of Netflix phishing activity. Here are some examples and highlights. Before we dive in, here is a list of examples of phishing websites that we discovered and we recommend you update your […]
November Zero-Day Phishing Threat Intel
Overview Pixm Security is excited to share our latest threat intelligence from our 500,000+ user base. This blog post covers zero-day phishing attempts we’ve blocked, key threat insights and tactics to help protect your clients. In this post, we focus on the rise of social media phishing targeting Instagram which is a blind-spot for most […]
US Public School Districts Targeted – MFA Spear Phishing Campaigns On The Rise
Overview Multi-Factor Authentication (MFA) phishing campaigns targeting teachers, staff, and executive administrators in large school districts throughout the United States have continued to be on the rise since December 2023. The attacks use dadsec and phishingkit Phishing-as-a-Service (PhaaS) platforms, which include a number of stealthy features, with the purpose of compromising key administrator email accounts […]
Hacked Russian CRMs Being Used in Phishing Attacks
Introduction For many years, Customer Relationship Management (CRM) software has allowed businesses to automate sales outreach and prospecting data collection at scale. A core feature of CRM suites is the ability to automate customer interactions. This is done through the creation of campaigns with custom landing pages or emails that the platform will distribute […]
Cybercrime Group Expands Cryptocurrency Phishing Campaign
Introduction PIXM is continuing to track an active criminal group operating four campaigns targeting the users of cryptocurrency exchanges and wallets. The scammers will use an in-browser chat window to initiate a remote desktop session on the victims device, approve their own device as valid to access the users account, and then drain cryptocurrency from […]
Coinbase Attacks Bypass 2FA
Introduction Cryptocurrency exchanges have been the target of sophisticated adversaries since their inception. At PIXM, we’ve been tracking these attacks since 2021, and initially came across them during the daily analysis of detections we perform for our clients. In late 2021, and continuing into 2022, the attacks we’ve detected at PIXM which are targeting […]
Rise of Stealth Phishing Attacks
TL;DR Stealth Phishing Attacks – highly sophisticated attacks where attackers block any cloud-based service from seeing their phishing page
Latest Outlook Phishing Attack
PIxm shuts down yet another sneaky Microsoft phishing attack where the attacker first tried to (unsuccessfully) login and followed it up with a phishing email.