Phishing List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE | NAME |
Info | CATEG. |
WEB |
| 10.5.26 | Hackers abuse Google ads for GoDaddy ManageWP login phishing | A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. | Phishing | BleepingComputer |
| 9.5.26 | Researchers report Amazon SES abused in phishing to evade detection | Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. | Phishing | BleepingComputer |
| 5.5.26 | Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries | Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed | Phishing | The Hacker News |
| 5.5.26 | Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools | An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and | Phishing | The Hacker News |
| 3.5.26 | New Bluekit phishing service includes an AI assistant, 40 templates | A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. | Phishing | |
| 2.5.26 | Robinhood account creation flaw abused to send phishing emails | Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. | Phishing | BleepingComputer |
| 2.5.26 | 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign | A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing | Phishing | The Hacker News |
| 25.4.26 | NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software | The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a | Phishing | The Hacker News |
| 23.4.26 | Apple account change alerts abused to send phishing emails | Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters. | Phishing | BleepingComputer |
| 18.4.26 | FBI takedown of W3LL phishing service leads to developer arrest | The FBI Atlanta Field Office and Indonesian authorities have dismantled the "W3LL" global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. | Phishing | |
| 16.4.26 | n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails | Threat actors have been observed weaponizing n8n , a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated | Phishing | The Hacker News |
| 14.4.26 | FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts | The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with | Phishing | The Hacker News |
| 12.4.26 | New VENOM phishing attacks steal senior executives' Microsoft logins | Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. | Phishing | BleepingComputer |
| 12.4.26 | When attackers already have the keys, MFA is just another door to open | Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass | Phishing | BleepingComputer |
| 6.4.26 | Traffic violation scams switch to QR codes in new phishing texts | Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. | Phishing | |
| 6.4.26 | Device code phishing attacks surge 37x as new kits spread online | Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. | Phishing | |
| 1.4.26 | Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures | A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking | Phishing | The Hacker News |
| 29.3.26 | Dutch Police discloses security breach after phishing attack | The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data. | Phishing | BleepingComputer |
| 28.3.26 | Tycoon2FA phishing platform returns after recent police disruption | The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. | Phishing | |
| 27.3.26 | AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion | Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a | Phishing | The Hacker News |
| 25.3.26 | Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse | Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than | Phishing | The Hacker News |
| 24.3.26 | Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware | Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. | Phishing | The Hacker News |
| 22.3.26 | Microsoft Azure Monitor alerts abused for callback phishing attacks | Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. | Phishing | |
| 22.3.26 | FBI links Signal phishing attacks to Russian intelligence services | The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. | Phishing | |
| 14.3.26 | Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys | Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. | Phishing | BleepingComputer |
| 14.3.26 | Microsoft Teams phishing targets employees with A0Backdoor malware | Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. | Phishing | BleepingComputer |
| 12.3.26 | FBI warns of phishing attacks impersonating US city, county officials | The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. | Phishing | |
| 12.3.26 | Hackers abuse .arpa DNS and ipv6 to evade phishing defenses | Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. | Phishing | BleepingComputer |
| 3.3.26 | Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication | Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor | Phishing | The Hacker News |
| 28.2.26 | Phishing campaign targets freight and logistics orgs in the US, Europe | A financially motivated threat group dubbed "Diesel Vortex" is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. | Phishing | |
| 22.2.26 | Hackers target Microsoft Entra accounts in device code vishing attacks | Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. | Phishing | |
| 12.2.26 | Microsoft: Exchange Online flags legitimate emails as phishing | Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them. | Phishing | |
| 3.2.26 | 1Password adds pop-up warnings for suspected phishing sites | The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. | Phishing | |
| 27.1.26 | Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware | Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected | Phishing | The Hacker News |
| 18.1.26 | ConsentFix debrief: Insights from the new OAuth phishing attack | ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques. | Phishing | |
| 7.1.26 | Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing | Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute | Phishing | The Hacker News |