Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Calendly-themed brand-impersonation phishing campaign targeting ad manager accounts

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

An ongoing Calendly-themed phishing campaign is impersonating major brands to steal Google Workspace and Facebook business credentials, creating takeover risk for ad and enterprise accounts.

Related Happenings

AccountDumpling Google AppSheet Facebook phishing campaign

Campaign
First: 01.05.2026 21:09 Last: 01.05.2026 21:09 Sources 1

About this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...

Open Happening

OAuth device-code phishing campaign targeting SaaS accounts

Campaign
First: 04.04.2026 17:17 Last: 04.04.2026 17:17 Sources 1

About this happening: A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...

Open Happening

TikTok for Business phishing campaign using Turnstile and reverse proxy

Campaign
First: 26.03.2026 16:09 Last: 26.03.2026 16:09 Sources 1

About this happening: A **phishing campaign** is targeting **TikTok for Business accounts** and uses **Cloudflare Turnstile** to block automated analysis before exposing a **reverse-proxy** credential-...

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

1Campaign-DuppyMeister ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 24.02.2026 23:45 Last: 24.02.2026 23:45 Sources 1

About this happening: **1Campaign** is a long-running **cloaking service** that helps operators keep **malicious Google Ads** online while evading **researcher scrutiny** and automated inspection. The...

Open Happening

Timeline

  1. 02.12.2025 16:00 2 articles · 5mo ago

    Calendly-themed brand impersonation targets business credentials

    Initial Disclosure

    An ongoing Calendly-themed phishing campaign impersonates over 75 brands, including Unilever, Disney, MasterCard, LVMH, and Uber, to steal Google Workspace, Facebook Business, and Google MCC ad manager credentials from targeted business users.

    Show sources
    Open in new tab