Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Sneaky 2FA BitB phishing activity

Malware Activity
First reported
Last updated
Happening score
H score 28
2 unique sources, 2 articles

Summary

Hide ▲

The Sneaky 2FA phishing kit has added Browser-in-the-Browser (BitB) pop-ups, making credential theft and Microsoft account takeover easier at scale. Attack chains can start from suspicious URLs such as previewdoc[.]us, where users first face Cloudflare Turnstile checks before being sent to a fake sign-in flow. The fake browser window can show a legitimate-looking Microsoft URL while the victim enters credentials into a phishing page. The same flow can also steal session details, enabling full account takeover.

Related Happenings

Enterprise browser phishing detection gaps leave one in five attacks undetected

Trend
H score29 First: 10.06.2026 18:30 Last: 10.06.2026 18:30 Sources 1

About this happening: Browser-based phishing is leaving **enterprise users** exposed, with **one in five** attacks going completely undetected across **millions of active browser sessions** from **Janu...

Open Happening

Securing the browser session layer to reduce enterprise browser-based phishing and session-layer abuse

Defensive Guidance
H score14 First: 10.06.2026 18:30 Last: 10.06.2026 18:30 Sources 1

About this happening: **Enterprise browser-session hardening** is being emphasized to reduce **browser-based phishing** and **session-layer abuse** across enterprise environments. The guidance targets...

Open Happening

Google DoubleClick malspam campaign delivering DesckVB RAT

Campaign
H score33 First: 03.06.2026 19:29 Last: 03.06.2026 19:29 Sources 1

About this happening: A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...

Open Happening

ChatGPT and Claude phishing and malvertising campaign

Campaign
H score36 First: 01.06.2026 12:30 Last: 01.06.2026 12:30 Sources 1

About this happening: The **ChatGPT**- and **Claude**-themed **phishing and malvertising campaign** is actively steering users to fake download pages that can deliver malware. Attackers are using **Goo...

Open Happening

OpenAI ChatGPT renderer Markdown link/image phishing security flaw

Vulnerability
H score16 First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...

Open Happening

Timeline

  1. 18.11.2025 20:31 2 articles · 7mo ago

    Sneaky 2FA adds BitB phishing pop-ups

    Initial Disclosure

    Researchers observed the Sneaky 2FA Phishing-as-a-Service kit using Browser-in-the-Browser (BitB) pop-ups to imitate Microsoft sign-in prompts, including a flow that sent users from previewdoc[.]us through Cloudflare Turnstile checks before loading a fake Microsoft login page. The phishing page could exfiltrate entered credentials and session details, while the operators also used obfuscation, disabled browser developer tools, conditional loading, and fast domain rotation to reduce analysis and detection.

    Show sources
    Open in new tab