Phishing

New 'Greatness' Phishing Platform Targets M365 Users in Browser Attacks

Nishant Sharma

12 Jan 2026 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

New 'Greatness' Phishing-as-a-Service Platform Emerges Targeting Microsoft 365 Users

The "Greatness" Phishing-as-a-Service (PhaaS) platform is actively being offered to threat actors, providing advanced phishing kits to facilitate credential harvesting.
This platform specifically targets Microsoft 365 users, employing sophisticated multi-stage attack flows within web browsers to trick victims into revealing their login credentials.
Greatness PhaaS incorporates bot protection, IP address blocking, and anti-analysis measures, making it challenging for security researchers and systems to detect and mitigate its operations.

Source: SecurityAffairs | Date: January 10, 2026

References

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79 - SecurityAffairs
Security Affairs newsletter Round 558 by Pierluigi Paganini – INTERNATIONAL EDITION - SecurityAffairs

Read more

Critical Copilot Prompt Injection Exposes Browser Data

This newsletter is AI generated and may hallucinate sometimes 😊 New One-Click Microsoft Copilot Vulnerability Grants Attackers Access to Sensitive Data * A "Reprompt" vulnerability in Microsoft Copilot allows attackers to exfiltrate sensitive user data with a single click via prompt injection techniques. * The flaw exploits browser-integrated AI, manipulating the

Browser Security Updates: Skimming, Chrome Extension, SmartScreen

This newsletter is AI generated and may hallucinate sometimes 😊 Long-Running Web Skimming Campaign Targets Online Checkout Pages * A persistent web skimming campaign, active for over two years, has been identified, targeting online e-commerce checkout pages to steal payment card information. * Attackers inject malicious JavaScript code into legitimate websites, which intercepts

Browser Security Brief: Web-Based LLM Attacks & Prompt Injection Campaigns

This newsletter is AI generated and may hallucinate sometimes 😊 Widespread Campaign Exploits LLMs Through Web-Based Prompt Injection * Threat actors are conducting widespread campaigns exploiting Large Language Models (LLMs) through techniques like prompt injection, data exfiltration, and model manipulation. * These attacks frequently leverage web application interfaces, using browsers as the primary

Browser Security Update: No Critical Browser-Specific Threats Identified

This newsletter is AI generated and may hallucinate sometimes 😊 Blog Scraping Unavailable * Perplexity AI blog deployed anti-bot protection, making automated scraping impossible. * Perplexity AI blog content is now inaccessible to automated data extraction tools. * Accessing the content now demands manual interaction or advanced browser rendering techniques. Source: Perplexity AI | Date: