#dailyphish #apt #in

nice looking #dailyphish, smells like #redteam

#susp #dailyphish -> financeoperations1.github[.]io/ambulacecare/

#dailyphish targeting an insurance company ... a dinner invite leading to screenconnect.
subscribezoominfo.screenconnect[.]com/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest

#bec #dailyphish

not all #dailyphish are created equally

"big game" invoice scammers switching from training invoices to infosec #dailyphish

#dailyphish #bec

#dailyphish hosted on AWS original-office-doc203.s3.us-east-1.amazonaws[.]com/sharedocumentlive.html

dont threaten me with a good time #dailyphish #bdubs

#dailychallenge #dailyphish. Real sender, or spoofed? why?

#dailyphish targeting indonesia github[.]com/gorzhon99/2025-DGT

#dailyphish #crimeware . classic migration from o365 to zoho

#dailyphish #crimeware
share-networking[.]it[.]com/download

interesting #dailyphish leveraging @figma.com for hosting a phish landing page

#crimeware #dailyphish gg73g36fbk4ls6vc37fn36fbs73nv.square[.]site

#dailyphish #apt #in

interesting #dailyphish leveraging @figma.com for hosting the payload. you need to request access to the phish to receive the landing page, which is one way to defeat automated scanners

well, if you say so #apt #dailyphish slnavydrive-authenticationreq-securefile-com.sevalla[.]app

Gamaredon using one of the RAR vulns to unpack the payload directly into the startup folder 6a3ef719d859d2005dbc5feb68e4a236 #apt #dailyphish

#dailyphish #crimeware decent openai phish that just asks for a credit card

#gamaredon #apt #dailyphish

Запит на отримання інформації командира військової частини А0135_11-967_10.11.2025.HTA 2a04a7584d90cff161be936b0b3f43c0
Запит командира військової частини А0135.rar 5df7ff42d566156ce7c478f1a40896e3

Interesting abuse of Railway to host this APT phish, targeting the Sri Lankan government #dailyphish #apt hosted on nrmlgml-production[.]up[.]railway[.]app cc @jazco.dev

#dailyphish #gamaredon

here's a recent gamaredon phish. cant stop wont stop ->
Повістка про виклик_357-16230-25_24.10.2025.pdf:.._.._.._.._.._.._AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Startup_357-16230-25_24.10.2025.HTA
f2368a466c7a67ab3690736dd9d84f62

#dailyphish interesting phish spoofing UK gov drive[.]usercontent[.]google[.]com/download?id=11Qu_rF2cmNQomQ8J_kYfz_CCHtyYelAH&export=download -> inftrimool[.]xyz

this #dailyphish may look like #apt, but it is actually 419-style scammers

interesting use of @vercel.com for today's #dailyphish
mscsharepoint[.]vercel[.]app/?email=[]

seeing approximately a million of these #dailyphish today

interesting #dailyphish .. send them a message talking about a previously sent password protected pdf (that wasn't ever sent), to get the person to reach out and ask for the malicious file

big run of these customized pass-protected pdf phishes #dailyphish