Find notable cyber news and cases, enriched with sources, timelines, and signals.

U.S. survey finds high phishing exposure and weak URL-checking habits

Trend
First reported
Last updated
Happening score
H score 11
1 unique sources, 1 articles

Summary

Hide ▲

A recent 2000-person U.S. survey found that phishing exposure remains widespread and that many users still skip basic URL checks before clicking, increasing credential-theft risk. 61% said they had been successfully phished, and 75% do not check URLs before following links. The pattern matters because typosquatted login pages can still capture credentials when users enter them manually. In corporate settings, reused passwords can turn one compromised account into a broader lateral-movement risk.

Related Happenings

Instagram High Touch Support password reset security flaw

Vulnerability
H score40 First: 08.06.2026 09:00 Last: 08.06.2026 09:00 Sources 1

About this happening: **Meta's High Touch Support (HTS)** flaw enabled attackers to trigger **Instagram password resets**, creating account-takeover risk for **over 20,000 users** and weakening protect...

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
H score25 First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Jinkusu-Starkiller ecosystem shift changes threat-actor operations

Threat Actor Meta
H score39 First: 03.03.2026 13:10 Last: 03.03.2026 13:10 Sources 1

About this happening: **Jinkusu** is marketing **Starkiller** as a phishing-as-a-service platform that proxies live login pages to **bypass MFA** and capture session tokens. The service lets customers...

Jinkusu's Starkiller phishing-as-a-service ecosystem commoditizes account takeover

Threat Actor Meta
H score37 First: 20.02.2026 22:00 Last: 20.02.2026 22:00 Sources 1

About this happening: A new phishing-as-a-service operation tied to **Jinkusu** is proxying real login pages through attacker infrastructure, making **MFA bypass** and account takeover easier for low-s...

Starkiller dark-web phishing platform scales credential theft as a SaaS-style criminal service

Threat Actor Meta
H score36 First: 19.02.2026 14:00 Last: 19.02.2026 14:00 Sources 1

About this happening: The **Starkiller** phishing platform has emerged as a **SaaS-style criminal service**, raising the scale and durability of credential theft operations. It is sold on the **dark we...

Timeline

  1. 25.01.2026 17:17 2 articles · 5mo ago

    U.S. survey quantifies phishing exposure and URL-checking gaps

    Industry Or Public Sector Update

    A 2000-person survey in the U.S. found that 61% of respondents had been successfully phished and that 75% do not check URLs before clicking links, while more than 50% said it is more convenient to delete suspicious messages than report them. In corporate environments, 1Password found that a third of employees reuse passwords on work accounts and nearly half have fallen victim to phishing, increasing the risk that one compromised account could let attackers move laterally across networks and systems.

    Show sources