The Federal Bureau of Investigation (FBI) is publishing this Public Service Announcement (PSA) to warn the public of cyber criminal use of traffic distribution systems (TDSs) to gain access to victim networks for ransomware or other financial scams. TDS is a technology used to route internet traffic visitors to different destinations after users visit webpages, click advertisement links, sign up for promotions and discounts, or download an application. Cyber criminals use TDSs to selectively redirect users to compromised or fake login websites that can host phishing pages for online financial fraud or prompt users to download software updates containing malware.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- ROADtools and Nation-State Tactics in the Cloud
May 22, 2026
ROADtools is a publicly available toolkit for offensive and defensive security purposes that attackers have integrated into cloud attacks. The tool is designed to: Enumerate Entra ID Register devices in Entra ID Acquire, exchange and manipulate Microsoft Entra ID tokens ROADtools is an open-source framework written in Python and built for red-teaming and research. It primarily targets the identity and ...
- Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
May 22, 2026
Unit 42 researchers have observed evidence of cyberattacks by the Iran-nexus advanced persistent threat (APT) group Screening Serpens (aka UNC1549, Smoke Sandstorm and Iranian Dream Job). Based on Unite 42 visibility, researchers believe that the group targeted entities in the U.S., Israel and the United Arab Emirates, and likely two additional Middle Eastern entities. This research follows ...
- Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access Tokens
May 21, 2026
The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement (PSA) to warn the public about an emerging Phishing1-as-a-Service2 (PhaaS) platform called Kali365, first seen in April 2026. Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication3 (MFA) protocols without intercepting the user’s ...
- Key Microsoft legacy tool is still being abused to launch malware campaigns
May 21, 2026
Cybercriminals are increasingly using a legitimate legacy Windows tool to deploy infostealers and loader malware, researchers are saying. A new Bitdefender report has claimed that since the start of 2026, there’s been an uptick in activity related to a Windows utility called Microsoft HTML Application Host (MSHTA), a legitimate utility that runs special HTML-based application files known as HTAs. Read more… Source: ...
- GitHub says internal repos exfiltrated after poisoned VS Code extension attack
May 20, 2026
GitHub, the world’s biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company’s initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a “poisoned VS Code extension” as the cause. The Microsoft-owned code shack continues to ...
- Microsoft shuts down illegal code-signing operation used by ransomware criminals to mask their malware
May 19, 2026
Microsoft seized websites and took down hundreds of virtual machines running a cybercrime service that allegedly sold code-signing certificates to ransomware gangs, thus making their malware look like legitimate software – and allowing criminals to infect thousands of machines in the US, including at least 12 owned and operated by the Windows giant. Read more… Source: The ...