Find notable cyber news and cases, enriched with sources, timelines, and signals.

Same scammers campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

The cloud storage subscription scam campaign has escalated over the past few months, pushing users worldwide toward phishing pages and fake checkout forms that can capture credit card details. The operation uses repeated fake payment-failure warnings to create urgency and drive victims into unnecessary purchases.

Related Happenings

Magecart Stripe and Google Tag Manager card-skimming campaign

Campaign
H score36 First: 04.06.2026 23:47 Last: 04.06.2026 23:47 Sources 1

About this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...

Microsoft Azure Monitor callback phishing campaign

Campaign
H score29 First: 21.03.2026 16:09 Last: 21.03.2026 16:09 Sources 1

About this happening: A **callback phishing campaign** is abusing **Microsoft Azure Monitor** alerts to send fake billing warnings through legitimate Microsoft mail flow, making the messages more belie...

Google Coin fake Gemini chatbot crypto scam campaign

Campaign
H score29 First: 18.02.2026 23:47 Last: 18.02.2026 23:47 Sources 1

About this happening: The **Google Coin** presale scam is using a fake **Google Gemini** chatbot to push visitors into sending **irreversible crypto payments** to attackers. It pairs brand impersonatio...

AgreeTo Outlook add-in hit by cyberattack

Incident
H score31 First: 11.02.2026 19:45 Last: 11.02.2026 19:45 Sources 1

About this happening: The **AgreeTo Outlook add-in** was compromised when an attacker took over its abandoned domain and used it to deliver a **fake Microsoft login page**, putting users' credentials a...

Microsoft Exchange Online email quarantine disruption

Service Disruption
H score21 First: 09.02.2026 12:47 Last: 09.02.2026 12:47 Sources 1

About this happening: Microsoft's **Exchange Online** is facing an ongoing **email delivery disruption** that is **quarantining legitimate messages** and blocking some customers from **sending or recei...

Latest development: 18.02.2026 18:26

Microsoft’s preliminary post-incident report for Exchange Online says a logic error in heuristic detection aimed at novel credential phishing campaigns misclassified thousands of legitimate URLs as phishing links, quarantined legitimate emails, blocked links in Microsoft Teams messages, and generated false-positive XDR alerts during the February 5-12 incident window.

Timeline

  1. 31.01.2026 18:21 1 articles · 5mo ago

    Cloud account suspension lure dated 24 Jan 2026

    Exploitation Observed

    A personalized cloud-storage scam email dated Sat,24 Jan-2026 told the recipient to resolve a payment problem immediately, warning that the cloud account could be suspended and that photos, files, and backups could be lost if the issue was not fixed.

    Show sources
  2. 31.01.2026 18:21 1 articles · 5mo ago

    Cloud account locked lure dated 26 Jan 2026

    Exploitation Observed

    A second scam email dated Mon,26 Jan-2026 claimed the cloud account had been locked and warned that photos and videos would be removed unless the payment issue was resolved immediately, continuing the same fake renewal pressure.

    Show sources
  3. 31.01.2026 18:21 1 articles · 5mo ago

    Photos-and-videos deletion lure dated 30 Jan 2026

    Exploitation Observed

    A third scam email dated Fri,30 Jan-2026 used a blocked-account warning and threatened to remove photos and videos, while the broader spam run kept sending multiple versions each day from randomly generated domains.

    Show sources
  4. 31.01.2026 18:21 2 articles · 5mo ago

    Cloud storage phishing chain and affiliate monetization

    Initial Disclosure

    A worldwide cloud-storage phishing campaign used repeated payment-failure emails, storage.googleapis.com redirector HTML files, fake storage scans, Google Cloud branding, and 80% discount loyalty upgrades to funnel victims to affiliate checkout forms that promoted VPN services and other subscription products while collecting credit card details. Legitimate Google Drive and Microsoft OneDrive policies delete files only after long grace periods, underscoring that the immediate deletion warnings were deceptive.

    Show sources