Find notable cyber news and cases, enriched with sources, timelines, and signals.

Phorpiex "Your Document" phishing campaign

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

Phorpiex is driving a high-volume phishing campaign that uses the lure "Your Document" and weaponised .lnk attachments to start a multi-stage infection chain. The operation matters because it converts a single click into initial access and can culminate in Global Group ransomware deployment across 2024 and 2025.

Related Happenings

Hotel and hospitality photo-ZIP phishing campaign

Campaign
H score40 First: 26.06.2026 12:27 Last: 26.06.2026 12:27 Sources 1

About this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...

Formbook phishing campaign using DLL sideloading and obfuscated JavaScript

Campaign
H score30 First: 20.04.2026 18:01 Last: 20.04.2026 18:01 Sources 1

About this happening: The **Formbook** phishing operation is targeting **Windows** organizations across **Greece, Spain, Slovenia, Bosnia, Croatia** and **South America**, using **DLL sideloading** and...

Medusa ransomware post-compromise deployment

Malware Activity
H score48 First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: **Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...

Storm-1175 high-velocity zero-day and N-day intrusion campaign

Campaign
H score44 First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: **Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...

Hive0163 extortion and ransomware campaign using ClickFix and malvertising

Campaign
H score35 First: 12.03.2026 19:02 Last: 12.03.2026 19:02 Sources 1

About this happening: Hive0163 is running an **active extortion and ransomware campaign** that expands access and raises the risk of **large-scale data exfiltration**. The operation uses **ClickFix**,...

Timeline

  1. 10.02.2026 18:00 2 articles · 4mo ago

    Forcepoint discloses Phorpiex "Your Document" phishing campaign

    Initial Disclosure

    Forcepoint identified a high-volume phishing campaign using emails with the subject line "Your Document" to deliver Phorpiex through weaponised Windows shortcut (.lnk) attachments, launch cmd.exe and PowerShell, fetch windrv.exe, and deploy Global Group ransomware. The campaign relied on double-extension shortcut files and disguised icons to help a single click trigger a multi-stage infection chain.

    Show sources