Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bitpanda impersonation phishing campaign using fake MFA flow

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

A phishing campaign impersonating Bitpanda is stealing credentials and personal data from cryptocurrency brokerage users, raising account-takeover risk. The operation uses a near-perfect fake login flow, including staged MFA screens and a fraudulent site created days before analysis. Victims are prompted to submit names, phone numbers, addresses, and dates of birth, expanding the attack beyond simple password theft. The collected data could support password resets, fraudulent support requests, and access to other accounts that rely on personal verification.

Related Happenings

Meta For Business Facebook Messenger fake-verification phishing campaign

Campaign
H score29 First: 07.07.2026 10:00 Last: 07.07.2026 10:00 Sources 1

About this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...

FortiBleed Fortinet credential-theft campaign

Campaign
H score89 First: 19.06.2026 13:48 Last: 19.06.2026 13:48 Sources 1

About this happening: The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...

Latest development: 22.06.2026 11:30

The UK’s National Cyber Security Centre issued guidance for Fortinet customers impacted by FortiBleed after the campaign exposed around 75,000 credentials from FortiGate firewall and SSL VPN customers. The NCSC urged affected organizations to use Hudson Rock’s or SOCRadar’s FortiBleed checker tools and then review indicators of compromise such as unauthorized account creation and unexpected activity in log files.

Instagram accounts for Obama White House hit by account takeover attack

Incident
H score40 First: 01.06.2026 20:32 Last: 01.06.2026 20:32 Sources 1

About this happening: The **Instagram** accounts for the **Obama White House** and the **Chief Master Sergeant of the U.S. Space Force** were briefly **defaced** after attackers abused **Meta’s AI supp...

Infostealer malware operation targeting online store users

Malware Activity
H score32 First: 21.05.2026 00:36 Last: 21.05.2026 00:36 Sources 1

About this happening: A **malware operation** using **infostealer** tools infected users’ devices between **2024 and 2025**, stealing browser sessions and account credentials that enabled account theft...

BlackFile vishing extortion campaign targeting retail and hospitality organizations

Campaign
H score37 First: 24.04.2026 21:26 Last: 24.04.2026 21:26 Sources 1

About this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...

Timeline

  1. 24.02.2026 18:05 2 articles · 4mo ago

    Bitpanda impersonation phishing campaign is disclosed

    Initial Disclosure

    Cybersecurity researchers disclosed a phishing campaign impersonating cryptocurrency brokerage Bitpanda that used a near-perfect fake login page and a staged MFA flow to collect credentials and personal data. The lure began with a branded email, sent victims to a deceptive domain created days before analysis, and then redirected users back to the legitimate Bitpanda login page after harvesting names, telephone numbers, residential addresses, and dates of birth.

    Show sources