Phishing , Threat Intelligence Microsoft Teams, Quick Assist weaponized in helpdesk spoofing intrusions April 21, 2026 Share By SC Staff (Adobe Stock) Threat actors have been exploiting Microsoft Teams and Quick Assist to remotely compromise systems as part of a new helpdesk impersonation campaign, Cyber Security News reports. Attacks commence with the distribution of an unsolicited Teams message purportedly from an internal IT support staff that lures targeted employees into disregarding built-in external contact alerts and permitting a Microsoft Quick Assist-based remote assistance session, according to Microsoft Defender Security Research analysts. Approving the session allows total control of the targeted device within a minute, with threat actors then executing reconnaissance commands for user privilege checking, host detail gathering, and network connectivity evaluation before launching a staged payload that leverages DLL side-loading for illicit code execution via trusted apps. Attackers were also observed to have harnessed Windows Remote Management to compromise domain controllers and other high-value targets, as well as leveraged the Rclone tool for sensitive business data exfiltration. Curtailing exposure from such an attack requires the implementation of Quick Assist and remote management tool restrictions, activating Attack Surface Reduction rules and Windows Defender Application Control, and strengthening employee training. SC Staff Related Malware Formbook infostealer deployed in clandestine phishing campaigns SC Staff April 21, 2026 Organizations in multiple South American countries, Bosnia, Croatia, Greece, Slovenia, and Spain have had their Windows systems stealthily infected with the Formbook information-stealing malware in a pair of phishing campaigns, reports Infosecurity Magazine. Phishing Tycoon 2FA relinquishes crown to similar PhaaS platforms SC Staff April 20, 2026 Last month's takedown of over 300 active domains used by the Tycoon 2FA phishing-as-a-service platform, which was once the most prolific PhaaS kit, has prompted threat actors to transfer to the Mamba 2FA, Sneaky 2FA, and EvilProxy platforms that have since integrated Tycoon 2FA's tools, according to SecurityWeek. Phishing Apple account notifications abused for iPhone purchase phishing scams SC Staff April 20, 2026 The phishing campaign involves creating an Apple ID and strategically placing scam text within the first and last name fields. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Defacement Dictionary Attack Disruption Distributed Scans Domain Hijacking Fault Line Attacks Hybrid Attack Password Cracking Reconnaissance You can skip this ad in 5 seconds