Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Same scammers campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The cloud storage subscription scam campaign has escalated over the past few months, pushing users worldwide toward phishing pages and fake checkout forms that can capture credit card details. The operation uses repeated fake payment-failure warnings to create urgency and drive victims into unnecessary purchases.

Related Happenings

Microsoft Azure Monitor callback phishing campaign

Campaign
First: 21.03.2026 16:09 Last: 21.03.2026 16:09 Sources 1

About this happening: A **callback phishing campaign** is abusing **Microsoft Azure Monitor** alerts to send fake billing warnings through legitimate Microsoft mail flow, making the messages more belie...

Open Happening

Google Coin fake Gemini chatbot crypto scam campaign

Campaign
First: 18.02.2026 23:47 Last: 18.02.2026 23:47 Sources 1

About this happening: The **Google Coin** presale scam is using a fake **Google Gemini** chatbot to push visitors into sending **irreversible crypto payments** to attackers. It pairs brand impersonatio...

Open Happening

AgreeTo Outlook add-in hit by cyberattack

Incident
First: 11.02.2026 19:45 Last: 11.02.2026 19:45 Sources 1

About this happening: The **AgreeTo Outlook add-in** was compromised when an attacker took over its abandoned domain and used it to deliver a **fake Microsoft login page**, putting users' credentials a...

Open Happening

Microsoft Exchange Online email quarantine disruption

Service Disruption
First: 09.02.2026 12:47 Last: 09.02.2026 12:47 Sources 1

About this happening: Microsoft's **Exchange Online** is facing an ongoing **email delivery disruption** that is **quarantining legitimate messages** and blocking some customers from **sending or recei...

Latest development: 18.02.2026 18:26

Microsoft’s preliminary post-incident report for Exchange Online says a logic error in heuristic detection aimed at novel credential phishing campaigns misclassified thousands of legitimate URLs as phishing links, quarantined legitimate emails, blocked links in Microsoft Teams messages, and generated false-positive XDR alerts during the February 5-12 incident window.

Open Happening

ShinyHunters vishing campaign targeting SSO accounts

Campaign
First: 02.02.2026 15:46 Last: 02.02.2026 15:46 Sources 1

About this happening: The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...

Latest development: 26.05.2026 22:46

ShinyHunters claims it breached Charter Communications on April 1 by vishing an employee's Microsoft Entra account, then used that access to export millions of consumer and business customer records from the company's Salesforce instance; Charter says no sensitive personal information or CPNI was exfiltrated.

Open Happening

Timeline

  1. 31.01.2026 18:21 1 articles · 3mo ago

    Cloud account suspension lure dated 24 Jan 2026

    Exploitation Observed

    A personalized cloud-storage scam email dated Sat,24 Jan-2026 told the recipient to resolve a payment problem immediately, warning that the cloud account could be suspended and that photos, files, and backups could be lost if the issue was not fixed.

    Show sources
    Open in new tab
  2. 31.01.2026 18:21 1 articles · 3mo ago

    Cloud account locked lure dated 26 Jan 2026

    Exploitation Observed

    A second scam email dated Mon,26 Jan-2026 claimed the cloud account had been locked and warned that photos and videos would be removed unless the payment issue was resolved immediately, continuing the same fake renewal pressure.

    Show sources
    Open in new tab
  3. 31.01.2026 18:21 1 articles · 3mo ago

    Photos-and-videos deletion lure dated 30 Jan 2026

    Exploitation Observed

    A third scam email dated Fri,30 Jan-2026 used a blocked-account warning and threatened to remove photos and videos, while the broader spam run kept sending multiple versions each day from randomly generated domains.

    Show sources
    Open in new tab
  4. 31.01.2026 18:21 2 articles · 3mo ago

    Cloud storage phishing chain and affiliate monetization

    Initial Disclosure

    A worldwide cloud-storage phishing campaign used repeated payment-failure emails, storage.googleapis.com redirector HTML files, fake storage scans, Google Cloud branding, and 80% discount loyalty upgrades to funnel victims to affiliate checkout forms that promoted VPN services and other subscription products while collecting credit card details. Legitimate Google Drive and Microsoft OneDrive policies delete files only after long grace periods, underscoring that the immediate deletion warnings were deceptive.

    Show sources
    Open in new tab