Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ongoing Dropbox credential-theft phishing campaign

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

An ongoing phishing campaign is stealing Dropbox credentials from corporate users and can enable account takeover and follow-on fraud. The operation uses urgent-business and procurement-themed emails, PDF attachments, hidden links, and a spoofed Dropbox login page to lure victims. Stolen logins are sent to attacker-controlled Telegram infrastructure, increasing the risk of internal access and misuse.

Related Happenings

Google sponsored search ManageWP phishing campaign

Campaign
First: 07.05.2026 00:36 Last: 07.05.2026 00:36 Sources 1

About this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...

Open Happening

Phishing-resistant authentication to block post-breach credential abuse and relay attacks

Defensive Guidance
First: 09.04.2026 17:02 Last: 09.04.2026 17:02 Sources 1

About this happening: **Phishing-resistant authentication** is being emphasized as the control that can stop post-breach account takeover when exposed email records fuel **credential stuffing**, **AiTM...

Open Happening

Storm infostealer server-side decryption activity

Malware Activity
First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **Storm** infostealer now steals **browser credentials**, **session cookies**, and **crypto wallets** and forwards them to attacker infrastructure for **server-side decryption...

Open Happening

Telegram-linked Digital Lutera Android payment-fraud campaign

Campaign
First: 17.03.2026 18:30 Last: 17.03.2026 18:30 Sources 1

About this happening: A **Telegram-linked Android payment-fraud campaign** is actively coordinating access attempts and sharing intercepted login data, increasing the risk of **account takeover** and f...

Open Happening

Fake shipment tracking SMS phishing campaign

Campaign
First: 16.03.2026 16:45 Last: 16.03.2026 16:45 Sources 1

About this happening: A **global surge** in **fake shipment tracking phishing campaigns** is stealing **funds and credentials** at scale, with activity rising from almost none in 2024 to **over 100 cam...

Open Happening

Timeline

  1. 02.02.2026 02:00 2 articles · 3mo ago

    Forcepoint warns of Dropbox credential-phishing campaign

    Initial Disclosure

    Forcepoint X-Labs warned that an ongoing multi-stage phishing campaign is targeting corporate Dropbox users with procurement-themed emails, PDF attachments, hidden AcroForm links, and a spoofed Dropbox login page to steal usernames and passwords. The delivery chain is designed to bypass SPF, DKIM and DMARC checks, route victims through a legitimate-looking ‘Trusted Cloud Storage’ page, and send stolen credentials to a Telegram channel operated by the attackers for possible account takeover and follow-on fraud.

    Show sources
    Open in new tab