Custom vishing kits target SSO accounts worldwide

Deutsch

Custom-made vishing kits are attacking single sign-on (SSO) accounts across the globe. Major providers including Google, Microsoft, and Okta face threats from these tools. The effectiveness of the kits is driving increased popularity in vishing attacks.

Vishing, a form of phishing conducted over voice calls, has seen a rise in sophistication with the emergence of custom-made kits. These tools are specifically designed to target SSO accounts, which allow users to access multiple services with one set of credentials. The attacks span the world, putting pressure on key players in the authentication space.

Google, Microsoft, and Okta are highlighted as primary targets under threat from these vishing operations. The kits' high quality enables attackers to mimic legitimate communications convincingly, exploiting trust in voice interactions. As a result, vishing is growing more popular among cybercriminals seeking to bypass traditional security measures.

This development underscores vulnerabilities in SSO systems, which streamline user access but can become single points of failure if compromised. Organizations are urged to enhance employee training on recognizing vishing attempts and implement multi-factor authentication beyond basic setups. The global nature of the attacks suggests a coordinated effort, though specifics on perpetrators remain unclear from available reports.

Verwandte Artikel

IT expert Supangat warns of Lebaran digital scams via WhatsApp and SMS in a press conference illustration.
Bild generiert von KI

It-experte warnt vor digitalen Betrügereien vor Lebaran

Von KI berichtet Bild generiert von KI

Angesichts des anstehenden Idul Fitri fordert IT-Experte Supangat von der Untag Surabaya die Öffentlichkeit auf, die Wachsamkeit gegenüber Betrügereien über WhatsApp und SMS zu erhöhen. Steigende digitale Transaktionen werden von Cyberkriminellen ausgenutzt. Vida-Gründer Niki Santo Luhur benennt zwei Hauptmethoden: Phishing und Malware, die in Indonesien verbreitet sind.

OpenAI users targeted by scam emails and vishing calls

Scammers are sending emails that appear genuine to OpenAI users, designed to manipulate them into revealing critical data swiftly. These emails are followed by vishing calls that intensify the pressure on victims to disclose account details. The campaign highlights ongoing risks in AI platform security.

GhostPairing: WhatsApp Hijacking Threat

Von KI berichtet

Security researchers, first reporting via TechRadar in December 2025, warn WhatsApp's 3 billion users of GhostPairing—a technique tricking victims into linking attackers' browsers to their accounts, enabling full access without breaching passwords or end-to-end encryption.

Technologie

Google report warns of shifting cloud threat landscape

Technologie

Fake IT support scam infects company devices with Havoc malware

Europa

Niederländischer Geheimdienst wirft Russland Hackerangriffe auf WhatsApp und Signal vor

Microsoft Copilot faces single-click prompt injection vulnerability

Security firm Varonis has identified a new method for prompt injection attacks targeting Microsoft Copilot, allowing compromise of users with just one click. This vulnerability highlights ongoing risks in AI systems. Details emerged in a recent TechRadar report.

Top VPNs targeted by typosquatting with malicious fake domains

Von KI berichtet

Major VPN providers such as NordVPN, ExpressVPN, and Proton VPN are facing attacks through typosquatting, where fake domains mimic their official sites. A report indicates that 14 percent of these imitation domains are malicious. Users are advised to take precautions to avoid falling victim to these scams.

Malicious npm packages steal developer credentials on multiple platforms

Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.

Smishing-SMS-Betrug verbreitet sich während der Semana Santa in Kolumbien

Von KI berichtet

In Kolumbien verbreiten sich während der Semana Santa 2026 betrügerische SMS-Nachrichten, die Benachrichtigungen von Versicherungen und Banküberweisungen vortäuschen. Behörden wie die Fiscalía und die Nationalpolizei warnen davor, auf verdächtige Links zu klicken, um Datendiebstahl und Kontoleerungen zu verhindern. Sie fordern dazu auf, Informationen über offizielle Kanäle zu verifizieren.

Freitag, 13. Februar 2026, 14:32 Uhr

Fake Chrome AI extensions targeted over 300,000 users

Montag, 09. Februar 2026, 08:13 Uhr

Hackers escalate digital squatting targeting brand domains

Mittwoch, 04. Februar 2026, 19:25 Uhr

Russian hackers exploit Microsoft Office vulnerability days after patch

Dienstag, 27. Januar 2026, 16:17 Uhr

AI-based anti-phishing platform prevents 19 billion won in financial damage

Montag, 26. Januar 2026, 00:51 Uhr

Hackers are using LLMs to build next-generation phishing attacks

Sonntag, 25. Januar 2026, 16:39 Uhr

Nigerianische Unternehmen aufgefordert, Mitarbeiterschulung vor zunehmenden Phishing-Bedrohungen zu priorisieren

Sonntag, 21. Dezember 2025, 17:07 Uhr

WhatsApp users warned of GhostPairing scam hijacking accounts

Freitag, 19. Dezember 2025, 11:19 Uhr

Cisco email security products targeted in zero-day campaign

Dienstag, 16. Dezember 2025, 11:30 Uhr

Silent Whisper vulnerability exposes WhatsApp users to secret tracking

Donnerstag, 11. Dezember 2025, 16:50 Uhr

AI scales up cyber attacks in 2025

 

 

 

Diese Website verwendet Cookies

Wir verwenden Cookies für Analysen, um unsere Website zu verbessern. Lesen Sie unsere Datenschutzrichtlinie für weitere Informationen.
Ablehnen