Custom vishing kits target SSO accounts worldwide

Italiano

Custom-made vishing kits are attacking single sign-on (SSO) accounts across the globe. Major providers including Google, Microsoft, and Okta face threats from these tools. The effectiveness of the kits is driving increased popularity in vishing attacks.

Vishing, a form of phishing conducted over voice calls, has seen a rise in sophistication with the emergence of custom-made kits. These tools are specifically designed to target SSO accounts, which allow users to access multiple services with one set of credentials. The attacks span the world, putting pressure on key players in the authentication space.

Google, Microsoft, and Okta are highlighted as primary targets under threat from these vishing operations. The kits' high quality enables attackers to mimic legitimate communications convincingly, exploiting trust in voice interactions. As a result, vishing is growing more popular among cybercriminals seeking to bypass traditional security measures.

This development underscores vulnerabilities in SSO systems, which streamline user access but can become single points of failure if compromised. Organizations are urged to enhance employee training on recognizing vishing attempts and implement multi-factor authentication beyond basic setups. The global nature of the attacks suggests a coordinated effort, though specifics on perpetrators remain unclear from available reports.

Articoli correlati

IT expert Supangat warns of Lebaran digital scams via WhatsApp and SMS in a press conference illustration.
Immagine generata dall'IA

IT expert warns of digital scams ahead of Lebaran

Riportato dall'IA Immagine generata dall'IA

Ahead of Idul Fitri, IT expert from Untag Surabaya, Supangat, urges the public to heighten vigilance against scams via WhatsApp and SMS. Rising digital transactions are exploited by cybercriminals. Vida founder Niki Santo Luhur identifies two main methods: phishing and malware prevalent in Indonesia.

OpenAI users targeted by scam emails and vishing calls

Scammers are sending emails that appear genuine to OpenAI users, designed to manipulate them into revealing critical data swiftly. These emails are followed by vishing calls that intensify the pressure on victims to disclose account details. The campaign highlights ongoing risks in AI platform security.

GhostPairing: WhatsApp Hijacking Threat

Riportato dall'IA

Security researchers, first reporting via TechRadar in December 2025, warn WhatsApp's 3 billion users of GhostPairing—a technique tricking victims into linking attackers' browsers to their accounts, enabling full access without breaching passwords or end-to-end encryption.

Tecnologia

Google report warns of shifting cloud threat landscape

Tecnologia

Fake IT support scam infects company devices with Havoc malware

Europa

Dutch intelligence accuses Russia of hacker attacks on WhatsApp and Signal

Microsoft Copilot faces single-click prompt injection vulnerability

Security firm Varonis has identified a new method for prompt injection attacks targeting Microsoft Copilot, allowing compromise of users with just one click. This vulnerability highlights ongoing risks in AI systems. Details emerged in a recent TechRadar report.

Top VPNs targeted by typosquatting with malicious fake domains

Riportato dall'IA

Major VPN providers such as NordVPN, ExpressVPN, and Proton VPN are facing attacks through typosquatting, where fake domains mimic their official sites. A report indicates that 14 percent of these imitation domains are malicious. Users are advised to take precautions to avoid falling victim to these scams.

Malicious npm packages steal developer credentials on multiple platforms

Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.

Experts highlight AI threats like deepfakes and dark LLMs in cybercrime

Riportato dall'IA

Cybersecurity experts are increasingly alarmed by how artificial intelligence is reshaping cybercrime, with tools like deepfakes, AI phishing, and dark large language models enabling even novices to execute advanced scams. These developments pose significant risks to businesses in the coming year. Published insights from TechRadar underscore the scale and sophistication of these emerging threats.

13 febbraio 2026 14:32

Fake Chrome AI extensions targeted over 300,000 users

09 febbraio 2026 08:13

Hackers escalate digital squatting targeting brand domains

04 febbraio 2026 19:25

Russian hackers exploit Microsoft Office vulnerability days after patch

27 gennaio 2026 16:17

AI-based anti-phishing platform prevents 19 billion won in financial damage

26 gennaio 2026 00:51

Hackers are using LLMs to build next-generation phishing attacks

25 gennaio 2026 16:39

Nigerian businesses urged to prioritise staff training as phishing threats escalate

21 dicembre 2025 17:07

WhatsApp users warned of GhostPairing scam hijacking accounts

19 dicembre 2025 11:19

Cisco email security products targeted in zero-day campaign

16 dicembre 2025 11:30

Silent Whisper vulnerability exposes WhatsApp users to secret tracking

11 dicembre 2025 16:50

AI scales up cyber attacks in 2025

 

 

 

Questo sito web utilizza i cookie

Utilizziamo i cookie per l'analisi per migliorare il nostro sito. Leggi la nostra politica sulla privacy per ulteriori informazioni.
Rifiuta