SAB0X1D::THREAT INTEL

Phish

Current & Trending Threats (Part 2) — QR Phishing, Crypto Scams & SIM Swaps 21 Oct 2025

Current & Trending Threats (Part 2) — QR Phishing, Crypto Scams & SIM Swaps

From QR code bait to SIM swap takeovers and crypto fraud, this post explores three of the most dangerous attack trends dominating 2025 — and how to defend against them.
Salesforce Abuse in Meta Support Phishing: How Threat Actors Exploit Trusted Platforms 16 Oct 2025

Salesforce Abuse in Meta Support Phishing: How Threat Actors Exploit Trusted Platforms

Threat actors are leveraging Salesforce’s trusted infrastructure to deliver phishing campaigns impersonating Meta Support. Discover how these scams work, why they’re effective, and how to protect your business accounts.
RaccoonO365: Inside the Global Phishing-as-a-Service Takedown 20 Sep 2025

RaccoonO365: Inside the Global Phishing-as-a-Service Takedown

Microsoft and Cloudflare dismantled RaccoonO365, a $355/month phishing-as-a-service empire that stole 5,000+ Microsoft 365 credentials across 94 countries. This deep dive explains how the service operated, the scale o...
When the Foundation Cracks: Inside the 2025 NPM Supply Chain Attack 15 Sep 2025

When the Foundation Cracks: Inside the 2025 NPM Supply Chain Attack

A phishing lure, a stolen maintainer account, and 18 poisoned NPM packages: the September 2025 supply chain attack is the most widespread compromise in NPM history. This deep dive explains what NPM is, how dependency ...
Branded Phishing disguised as MS Office 365 13 Sep 2025

Branded Phishing disguised as MS Office 365

This campaign abuses trusted branding and RFP (Request for Proposal) lures to harvest corporate credentials. Attackers create realistic email templates, spoofed document invites, and redirect victims into credential h...
Phishing Awareness 09 Sep 2025

Phishing Awareness

Email tricks, fake login portals, QR-code traps, and more. This consolidated guide shows the most common phishing tactics in 2025, with red flags, real examples, and step-by-step defenses you can put into practice imm...
Shortcut to Infection: XenoRAT via Malicious .lnk → WSF → Python 03 Sep 2025

Shortcut to Infection: XenoRAT via Malicious .lnk → WSF → Python

A fake invoice lure leads to a shortcut (.lnk) that fetches a WSF, stages dual ZIP archives (me.zip, deb.zip), and launches pythonw.exe from the user’s Contacts directory. Explorer.exe then takes over network comms, c...
Impersonating Amazon Chat Support: LiveChat abuse in Phishing Campaigns 25 Aug 2025

Impersonating Amazon Chat Support: LiveChat abuse in Phishing Campaigns

Abusing LiveChat SaaS + refund lure to harvest emails. Attackers continue to exploit the trust that users place in well-known brands and legitimate SaaS platforms.
Unmasking the SVG threat: How Hackers use vector graphics for phishing attacks 18 Aug 2025

Unmasking the SVG threat: How Hackers use vector graphics for phishing attacks

Vectors, invisible layers, and redirects hiding in plain sight. This dual nature is what makes SVG such a compelling choice for cybercriminals: it looks harmless, behaves like an image when viewed, but can execute mal...
Masquerading with “ん”: A clever Unicode trick in Booking.com phishing campaigns 13 Aug 2025

Masquerading with “ん”: A clever Unicode trick in Booking.com phishing campaigns

Hiragana 'ん' used in URL paths to evade filters and trick users — plus FakeCaptcha and HijackLoader payloads. In the wild we see FakeCaptcha gates leading to HijackLoader payloads, stitched into refund-lure phishing t...