Custom vishing kits target SSO accounts worldwide

Norsk Bokmål

Custom-made vishing kits are attacking single sign-on (SSO) accounts across the globe. Major providers including Google, Microsoft, and Okta face threats from these tools. The effectiveness of the kits is driving increased popularity in vishing attacks.

Vishing, a form of phishing conducted over voice calls, has seen a rise in sophistication with the emergence of custom-made kits. These tools are specifically designed to target SSO accounts, which allow users to access multiple services with one set of credentials. The attacks span the world, putting pressure on key players in the authentication space.

Google, Microsoft, and Okta are highlighted as primary targets under threat from these vishing operations. The kits' high quality enables attackers to mimic legitimate communications convincingly, exploiting trust in voice interactions. As a result, vishing is growing more popular among cybercriminals seeking to bypass traditional security measures.

This development underscores vulnerabilities in SSO systems, which streamline user access but can become single points of failure if compromised. Organizations are urged to enhance employee training on recognizing vishing attempts and implement multi-factor authentication beyond basic setups. The global nature of the attacks suggests a coordinated effort, though specifics on perpetrators remain unclear from available reports.

Relaterte artikler

Illustration of a developer's desk with a computer screen showing malicious npm packages stealing credentials across platforms, highlighting cybersecurity risks.
Bilde generert av AI

Malicious npm packages steal developer credentials on multiple platforms

Rapportert av AI Bilde generert av AI

Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.

OpenAI users targeted by scam emails and vishing calls

Scammers are sending emails that appear genuine to OpenAI users, designed to manipulate them into revealing critical data swiftly. These emails are followed by vishing calls that intensify the pressure on victims to disclose account details. The campaign highlights ongoing risks in AI platform security.

GhostPairing: WhatsApp Hijacking Threat

Rapportert av AI

Security researchers, first reporting via TechRadar in December 2025, warn WhatsApp's 3 billion users of GhostPairing—a technique tricking victims into linking attackers' browsers to their accounts, enabling full access without breaching passwords or end-to-end encryption.

Asia

AI scales up cyber attacks in 2025

Teknologi

Silent Whisper vulnerability exposes WhatsApp users to secret tracking

Teknologi

Cisco email security products targeted in zero-day campaign

Experts highlight AI threats like deepfakes and dark LLMs in cybercrime

Cybersecurity experts are increasingly alarmed by how artificial intelligence is reshaping cybercrime, with tools like deepfakes, AI phishing, and dark large language models enabling even novices to execute advanced scams. These developments pose significant risks to businesses in the coming year. Published insights from TechRadar underscore the scale and sophistication of these emerging threats.

Japanese government to mandate identity checks for data-only SIM buyers

Rapportert av AI

The Japanese government has decided to require mobile carriers to verify the identities of buyers of data-only SIM cards to curb fraud perpetrated via social media. The move targets scams such as fake investment and romance schemes. The Internal Affairs and Communications Ministry plans to submit a bill to amend the relevant law to the Diet by the end of this year.

Fortinet FortiGate devices face automated attacks creating rogue accounts

Automated attacks are targeting Fortinet FortiGate devices, creating unauthorized accounts and stealing firewall data. A recent patch from Fortinet may not be as effective as anticipated. The issue was reported on January 23, 2026.

Hackers hijack LinkedIn comments to spread malware

Rapportert av AI

Experts have warned that phishing attacks are now appearing in LinkedIn comments. Hackers are exploiting the platform's comment sections to distribute malware. Users are advised to stay vigilant against suspicious links in these interactions.

tirsdag, 27. januar 2026, 16:17

AI-based anti-phishing platform prevents 19 billion won in financial damage

mandag, 26. januar 2026, 00:51

Hackers are using LLMs to build next-generation phishing attacks

søndag, 25. januar 2026, 16:39

Nigerian businesses urged to prioritise staff training as phishing threats escalate

onsdag, 21. januar 2026, 11:59

Beware of fake delivery SMS that know your exact address

torsdag, 15. januar 2026, 07:01

Microsoft Copilot faces single-click prompt injection vulnerability

tirsdag, 13. januar 2026, 14:43

US government urged to patch critical Gogs security flaw

tirsdag, 6. januar 2026, 02:44

Passkeys poised to replace passwords in 2026

søndag, 21. desember 2025, 17:07

WhatsApp users warned of GhostPairing scam hijacking accounts

søndag, 21. desember 2025, 12:02

Chinese hackers install backdoors via Cisco email zero-day

onsdag, 17. desember 2025, 06:35

Experts warn of PayPal subscription abuse for fake emails

 

 

 

Dette nettstedet bruker informasjonskapsler

Vi bruker informasjonskapsler for analyse for å forbedre nettstedet vårt. Les vår personvernerklæring for mer informasjon.
Avvis