Find notable cyber news and cases, enriched with sources, timelines, and signals.

Signal support-lure phishing campaign targeting European officials and journalists

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

Germany's BfV and BSI warned that a likely state-sponsored actor is running a Signal phishing campaign that can steal PINs and device-link access, putting political, military, diplomatic, and investigative-journalist accounts at risk. The operation uses fake "Signal Support" and "Signal Security ChatBot" contacts to coax targets into sharing SMS verification codes. A second lure pushes victims to scan a QR code, which can give attackers access to chats and contact lists on a device they control. The same technique could also be adapted to WhatsApp because of similar device-linking and two-step verification features.

Related Happenings

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled

Public Sector Action
H score71 First: 17.06.2026 16:12 Last: 17.06.2026 16:12 Sources 1

About this happening: India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...

Signal adds in-app phishing confirmations and warning messages

Security Tool/Service
H score14 First: 12.05.2026 22:40 Last: 12.05.2026 22:40 Sources 1

About this happening: **Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...

PromptSpy backdoor for Android with Gemini API automation

Malware Activity
H score22 First: 11.05.2026 16:02 Last: 11.05.2026 16:02 Sources 1

About this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...

QR code phishing surged across email threats in Q1 2026

Trend
H score73 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Timeline

  1. 07.02.2026 13:15 1 articles · 5mo ago

    BfV and BSI warn of Signal support-lure phishing against European officials and journalists

    Initial Disclosure

    On 2026-02-07, Germany's BfV and BSI issued a joint advisory about a likely state-sponsored campaign that uses fake "Signal Support" and "Signal Security ChatBot" contacts on Signal to coerce high-ranking targets in politics, the military, diplomacy, and investigative journalism in Germany and Europe into sharing SMS PINs or verification codes or scanning a QR code for device linking. The method can expose chats, contact lists, profile settings, and block lists, can let attackers capture incoming messages and impersonate victims, does not depend on malware or a Signal vulnerability, may also be extended to WhatsApp, and defenders are urged to enable Registration Lock and review linked devices.

    Show sources