Find notable cyber news and cases, enriched with sources, timelines, and signals.

CypherLoc phishing-led browser scareware campaign

Campaign
First reported
Last updated
Happening score
H score 49
1 unique sources, 1 articles

Summary

Hide ▲

The CypherLoc operation has driven around 2.8 million attacks since the start of 2026, using phishing emails to send users to malicious pages that lock browsers and pressure them into calling a fraudulent support number. The scale and user-facing scam flow raise the risk of panic and possible credential theft.

Related Happenings

REF6045 ClickFix banking fraud campaign targeting Mexican financial users

Campaign
H score36 First: 08.07.2026 15:52 Last: 08.07.2026 15:52 Sources 1

About this happening: The **REF6045** campaign is actively targeting **customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges**, using **ClickFix** lures to push victims...

Enterprise browser users face a rising shadow AI, credential abuse, and browser-native attack trend

Trend
H score22 First: 05.06.2026 17:00 Last: 05.06.2026 17:00 Sources 1

About this happening: **Enterprise users** are showing a sharp rise in **shadow AI**, **credential abuse**, and **browser-native attack exposure**, increasing risk at the browser layer. The trend matte...

Browser-layer visibility guidance for browser-native threats

Defensive Guidance
H score22 First: 05.06.2026 17:00 Last: 05.06.2026 17:00 Sources 1

About this happening: **Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...

Google DoubleClick malspam campaign delivering DesckVB RAT

Campaign
H score33 First: 03.06.2026 19:29 Last: 03.06.2026 19:29 Sources 1

About this happening: A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...

OpenAI ChatGPT renderer Markdown link/image phishing security flaw

Vulnerability
H score16 First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...

Timeline

  1. 20.05.2026 13:00 2 articles · 1mo ago

    Barracuda warns about CypherLoc browser scareware campaign

    Campaign Scope Update

    Barracuda said CypherLoc, a browser-based scareware campaign, had been seen in around 2.8 million attacks since the start of 2026, typically arriving through phishing email links or attachments that send users to malicious pages. The pages use hidden code, URL fragment and cryptographic integrity checks to avoid scanners and sandboxes, then force the browser into full-screen mode, hide controls, display fake warnings and a fraudulent support phone number, and route callers to human operators posing as Microsoft support staff.

    Show sources