New VENOM phishing attacks steal senior executives' Microsoft logins

Thursday, April 9, 2026 at 09:37 PM UTC·Source: BleepingComputer

Updated: Thursday, April 9, 2026 at 09:38 PM UTC

Executive Summary

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]

Analysis

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]

Source Attribution

Originally published by BleepingComputer on Apr 9, 2026.

Related Threats

LOWPhishing

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.

6d agoDark Reading

CRITICALPhishing

Delta Electronics ASDA-Soft

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.</strong></p> <p>The following versions of Delta Electronics ASDA-Soft are affected:</p> <ul> <li>ASDA-Soft <=V7.2.2.0</li> </ul> <div cla

CVE-2026-5726

Apr 16, 2026CISA Advisories

MEDIUMPhishing

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. [...]

Apr 14, 2026BleepingComputer