This fake Google Security check can steal your passwords. Here’s how to stay safe

A new phishing campaign is impersonating Google’s account security checks to trick users into installing a malicious web app that steals passwords, passcodes, and other sensitive data directly from ...

Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
Hackaday

Building A Hackerspace Entry System

A hackerspace is a place that generally needs to be accessed by a wide group of people, often at weird and unusual hours.
Krebs on Security

Who is the Kimwolf Botmaster “Dort”?

Who is the Jacob that Qoft referred to as their business partner? The breach tracking service Constella Intelligence finds the password used by jay.miner232@gmail.com was reused by just one other ...