How does defend.network track Phishing?

defend.network publishes a daily threat briefing synthesized from ten authoritative security feeds, with every CVE verified against the NVD and CISA KEV catalog. Briefings tagged Phishing are aggregated on this page and updated daily; 8 currently cover Phishing.

Phishing Threat Intelligence

Phishing remains the most common initial attack vector, with campaigns growing more sophisticated through AI-generated content, deepfake technology, and real-time MFA bypass kits. defend.network tracks phishing campaigns that target enterprise environments, from business email compromise to credential harvesting at scale, with a focus on techniques that bypass traditional email security controls.

briefings

critical

high

of all briefings

Threat Briefings

2026-05-30

ChatGPT malware abuse, Marimo CVE-2026-39987 LLM exploitation, Russian infrastructure arrests

ChatGPT share links abused for malware delivery; Marimo CVE-2026-39987 exploited with LLM agents for post-compromise activity; Dutch authorities seize 800 Russian-linked servers and arrest hosting executives.

high Phishing Zero-Day Technology Finance

2026-05-20

Microsoft, Drupal, Linux critical patches; OAuth phishing bypasses MFA on 340+ orgs

Microsoft disrupted Fox Tempest malware-signing service; Drupal critical patches May 20; OAuth phishing bypasses MFA on 340+ Microsoft 365 organizations. CVE-2026-31635 Linux PoC public.

low Vulnerability Exploit Phishing Technology Government

2026-05-05

cPanel & MOVEit exploited; RMM phishing hits 80+ organizations

Critical vulnerabilities in cPanel and MOVEit, widespread RMM-based phishing compromising 80+ organizations, and supply-chain malware in PyTorch Lightning demand immediate patching and credential rotation.

high Phishing Vulnerability Exploit Technology Finance

2026-05-02

cPanel auth bypass; state token harvesting; SaaS extortion attacks

Critical vulnerabilities, state-sponsored token harvesting, large-scale phishing operations, and coordinated SaaS extortion attacks demand immediate defensive action across government and technology sectors.

high Phishing Credential Theft Government Technology

2026-04-05

TA416 PlugX on EU govts; UNC1069 Axios npm; device code phishing 37x

Nation-state campaigns targeting European governments and supply chain infrastructure. TA416 resumes targeting with PlugX. North Korean UNC1069 compromises Axios npm. Device code phishing surges 37x.

medium APT Phishing Government Defense

2026-03-26

AI autonomous espionage; device code phishing at 340+ orgs

AI-powered autonomous cyber espionage, device code phishing at 340+ organizations, and critical infrastructure vulnerabilities require immediate defensive action across all sectors.

medium APT Phishing Defense Government

2026-03-23

Russian phishing on Signal/WhatsApp; Oracle RCE exploited

Russian intelligence conducting mass Signal/WhatsApp phishing; critical Oracle RCE vulnerability; Trivy supply-chain attack spreads CanisterWorm across 47+ npm packages; VoidStealer bypasses Chrome encryption; Iran-backed wiper attacks on medical technology.

medium Phishing APT Government Defense

2026-03-22

Oracle RCE exploited; Iran wiper hits healthcare; Trivy worm spreads

Critical Oracle RCE, Russian state-sponsored phishing, Trivy supply-chain worm, and Iran-backed healthcare wiper attacks demand immediate emergency response and patching across enterprise infrastructure.

medium Vulnerability Exploit Phishing Technology Finance

Threat Briefings

Get the Daily Briefing in Your Inbox