Threat Alerts — Phishing & BEC
A live, severity-rated stream of the threats actually hitting small and medium businesses worldwide, each with the one or two actions that matter most.
Active alerts
- Photo ZIP Phishing Campaign Hits Hotels in Europe and AsiaHigh · Phishing & BEC · 2026-07-01Since April, hotels across Europe and Asia have been receiving phishing emails posing as angry guests, complete with a ZIP file that claims to hold photos of the problem. Open it, and a hidden implant sets up shop for the long haul rather than cashing out immediately.
- Hotel Phishing Campaign Hides a Node.js Implant in Photo ZIP FilesHigh · Phishing & BEC · 2026-06-28Microsoft is tracking an active phishing campaign that has hit hotels across Europe and Asia since April, using photo-themed ZIP files to plant a Node.js implant on front-desk computers. The emails pass every standard authentication check because they are routed through real Calendly and Google infrastructure. Any business with a public booking inbox is a plausible target.
- FBI Warns Russian Spies Are Phishing Signal Backup Recovery KeysHigh · Phishing & BEC · 2026-06-27The FBI says two Russian intelligence groups are tricking Signal users into handing over the recovery key that unlocks their encrypted message backups. Once they have it, they restore your full chat history on their own phone. The targets are officials and journalists for now, but the same trick works on anyone who uses Signal for work.
- Bluekit Streams Real Login Pages to Steal Sessions and Bypass MFA at ScaleHigh · Phishing & BEC · 2026-06-26A phishing-as-a-service platform called Bluekit has upgraded to browser-in-the-middle capabilities that stream the real login page to victims while authentication completes inside the attacker's browser. Standard MFA is bypassed, and the attacker walks away with a live session token.
- Phishing Attack on Healthcare Tech Vendor Exposes 1.4 Million People's Medical RecordsHigh · Phishing & BEC · 2026-06-23A phishing attack on Xsolis, a Tennessee-based healthcare technology company, led to the exposure of protected health information belonging to more than 1.3 million individuals. The breach occurred in January 2026 and was not publicly disclosed until June, appearing on the HHS breach tracker on 23 June. Stolen data includes Social Security numbers, medical treatment records, and health insurance details.
- INTERPOL Dismantles Free Phishing Service After Decade OnlineWatch · Phishing & BEC · 2026-06-15Police across 13 Middle East and North Africa countries arrested 201 people and shut down Sniper Dz, a phishing-as-a-service platform that ran free for a decade and collected over 45,000 victim records. New research shows the same operation also milked victims through fake Facebook offers and browser notification scams.