Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by ...

Experts warn Tycoon2FA has gotten new obfuscation and evasion upgrades The platform is used to bypass MFA on Google and ...

Darcula was first documented by the cybersecurity company in March 2024 as a toolkit that leveraged Apple iMessage and RCS to send smishing messages to users that trick recipients into clicking on ...

Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion ...

Hackers using phishing-as-a-service platforms to send scam iMessages to iPhone users Threat actors can now sign up for phishing-as-a-service platforms (PhAAS) to attack iPhone and Android phone users.

SheByte, a popular Phishing-as-a-Service platform, is being used by hackers to target major banks and email providers in the US and Canada, including HSBC and TD Bank.

In other words, there are businesses that put together a PhAAS software package that hackers can buy and run phishing schemes. A new PhAAS called Lucid is now available and is used to target ...

Lucid is a sophisticated Phishing-as-a-Service (PhAAS) platform operated by Chinese-speaking threat actors, targeting 169 entities across 88 countries globally […] Its scalable, subscription ...

In the first two months of 2025, Barracuda detection systems blocked over a million phishing attacks by prominent Phishing-as-a-Service (PhaaS) platforms. A new report on the tools and techniques ...

Cybersecurity researchers Infoblox spotted the Phishing-as-a-Service (PhaaS) kit, built by a threat actor dubbed Morphing Meerkat, which deploys DNS Mail exchange (MX) records, dynamically serving ...