Pulling the latest reports from PhishTank, OpenPhish, URLhaus, FTC, FBI IC3, AARP, and partner RSS feeds. Hold tight — this usually takes a second or two.
Aggregated from PhishTank, OpenPhish, URLhaus, Google Safe Browsing, and per-source RSS feeds. Top category this week: Bec. The messages look real. The links don't. Here's what's running, who it targets, and how to spot it before you tap.
A young man called crying, saying 'Grandma, I'm in trouble.' He said he was arrested and needed bail money wired immediately. He begged me not to tell his parents. I was about to go to Western Union when my neighbor suggested I call my grandson directly — he was fine, sitting at home.
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]
Opens in a new tab →
The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. [...]
Opens in a new tab →
MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. [...]
Opens in a new tab →
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]
Opens in a new tab →
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because reputations are sticky, and because NDR has evolved
Opens in a new tab →
Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. [...]
Opens in a new tab →
Modern crypto drainers don't hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. [...]
Opens in a new tab →
Paste a URL, an email address, or a phone number. We cross-reference live threat feeds and return a verdict in plain English — with the reasons behind it.
30 REQ / MIN · RATE-LIMITED BY IP