by Chris Cleveland | Nov 11, 2025 | blog, phish
Mid October saw astonishingly widespread phishing campaigns, with a single OneDrive phishing link clicked by over 70 users within 24 hours. Similar to attacks reported in September and early October, these were hosted on Backblaze infrastructure and exfiltrated...
by Chris Cleveland | Oct 15, 2025 | blog, phish
Early October and late September saw a concentrated wave of phishing campaigns using document share and billing updates lures, particularly across Outlook, Sharepoint and OneDrive. Many of these were hosted on legitimate infrastructure like Backblaze, Azure,...
by Chris Cleveland | Sep 30, 2025 | blog, phish
Phishing campaigns hosted on Backblaze infrastructure seen earlier in the September substantially ratchetted up in the second half, complete with credential exfiltration through Telegram and lures referencing purchase orders. Other widespread phishing campaigns...
by Chris Cleveland | Sep 15, 2025 | blog, phish
The first half of September witnessed yet new records of Microsoft spearphish volume, with threat actors employing advanced evasion techniques, including payload encryption, device fingerprinting, and infrastructure abuse of reputable hosts like Backblaze,...
by Chris Cleveland | Aug 30, 2025 | blog, phish
Later August saw records of phishing activity spanning Microsoft support scams, Adobe file shares and Paperless Post deliveries. Tactics involved MFA relay kits and usage of CloudFlare infrastructure to evade detection. The same period saw continued targeting of...
by Chris Cleveland | Aug 16, 2025 | blog, phish
The first half of August has seen a major surge in Microsoft support scams using keyboard locks and other tactics to prod users to calling targeted call centers. Other Microsoft phishing attacks during this period made use of aggressive device fingerprinting, MFA...
Recent Comments