Phishing

Articles in Blog Posts

March 26, 2025

Beyond the Scanner: How Phishers Outsmart Traditional Detection Mechanisms

Phishing attacks are no longer just about fake emails and shady links—they’re evolving into stealth operations that outsmart even the most advanced detection tools. In this blog, CloudSEK’s Threat Research Team reveals how modern phishers use geo-fencing, user-agent filtering, and other evasive tactics to stay hidden from traditional scanners. Backed by real-world examples and expert insights, we also show how CloudSEK’s XVigil platform, powered by its Fake Domain Finder (FDF) module, is uncovering what others miss. Read on to learn how today’s phishing campaigns are engineered to deceive—and how to fight back.

Written by

Anshuman Das

February 11, 2025

Cybercriminals Hate This! CloudSEK’s Fake Domains Observer is Changing the Game

Cybercriminals are evolving, and so should your defense! CloudSEK’s Fake Domains Observer is a game-changing enhancement in fake domain detection, proactively scanning for dormant threats, phishing attempts, and critical domain changes—even years after their first detection. Unlike traditional monitoring, this smart system automatically re-evaluates high-risk domains, ensuring that no resurfacing cyber threat goes unnoticed. Stay ahead of hackers, safeguard your digital assets, and respond to threats faster and smarter than ever before!

Written by

Anjali Bhavesh Thacker

January 24, 2025

Unmasking Cyber Deception: The Rise of Generic Phishing Pages Targeting Multiple Brands

CloudSEK's research uncovers a generic phishing framework capable of targeting multiple brands by leveraging customizable URLs to impersonate legitimate login pages. Hosted on Cloudflare's workers.dev, these phishing pages dynamically adapt by using targeted email domains to generate realistic backgrounds, deceiving users into surrendering credentials. The stolen data is exfiltrated to a remote server via obfuscated JavaScript. Organizations must enhance awareness through training, simulate phishing scenarios, and establish clear reporting protocols to mitigate risks and protect against evolving phishing threats.

Written by

Anshuman Das

October 10, 2024

Analyzing Recent Cyber Attacks in the United States Coinciding with Columbus Day Celebration

Over recent months, the United States has faced a surge in cyber attacks, with ransomware incidents rising sharply from June to October 2024. Prominent groups, including Play, RansomHub, Lockbit, Qilin, and Meow, have targeted sectors such as Business Services, Manufacturing, IT, and Healthcare, compromising over 800 organizations. Major attacks included a breach of the City of Columbus by Rhysida ransomware and data leaks impacting Virginia’s Department of Elections and Healthcare.gov. Additionally, China’s "Salt Typhoon" espionage campaign is aggressively targeting U.S. ISPs, further complicating the cyber threat landscape. Hacktivist groups advocating pro-Russian and pro-Palestinian positions have also increased their attacks, affecting government entities and critical infrastructure. This report highlights the need for enhanced security protocols, regular audits, and public awareness initiatives to mitigate the growing cyber risks. Key recommendations include implementing multi-factor authentication, frequent employee training, and advanced threat monitoring to safeguard the nation's critical infrastructure and public trust.

Written by

CloudSEK TRIAD

September 23, 2023

The Rise of OTP Bots and SMS Senders in the Arsenal of Threat Actors

Explore an in-depth analysis of the growing threat posed by OTP bots and SMS senders in cybersecurity. Learn how these tools are being utilized by threat actors for phishing and vishing

Written by

Shreya Talukdar

February 4, 2020

FASTag Phishing Campaigns Flourish on Social Media

Written by

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH.

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.