@GuardioLabs profile picture
Guardio Labs @GuardioLabs

Cybersecurity research lab at @guardiosecurity. We analyze scams, phishing, malware, and the ecosystems that keep them running. Findings here first!

Joined April 2026
  • Tweets 12
  • Following 17
  • Followers 23
8 Photos and videos
Still Google for your account login? Beware not to "WrongPress"! We found yet another Google Ads phish, this time abusing search results for ManageWP, GoDaddy's WordPress admin platform. The fake result sits right on top of the real one, and one click later you're in an AiTM (Adversary in the Middle) trap that hijacks your account 👉 more...
Google search results showing a phishing attempt impersonating ManageWP.

ALT Google search results showing a phishing attempt impersonating ManageWP.

1
2
5
3,977
2/3 The ad click first hits a cloaker, then flips real users to a fake @managewp login while too easily dodging Google's inspection of who authorized this sponsored search result! The actual kit and its infra (and attribution) is what's really interesting here...
Comparison of two ManageWP login pages, highlighting potential phishing risks.

ALT Comparison of two ManageWP login pages, highlighting potential phishing risks.

2
2
264
3/3 it's live-operated AiTM! Attacker gets real-time login attempts to Telegram and controls it all from their C2. They log in to the victims' accounts on their end while orchestrating a fake login flow on the victim's screen. So you get a 2FA text message and type it into your login screen? This is not a real 2FA prompt - you just sent it to the attacker! Here you can see an inside look at how it looks on the attacker's end - and we saw enough operator fingerprints to keep pulling this thread even more. So who's behind WrongPress and how many have already wrong-pressed? soon... đź’Ş @GoDaddy @GoogleAds
Screenshot of an attacker-controlled system managing victim login flows.

ALT Screenshot of an attacker-controlled system managing victim login flows.

2
2
221
On the menu in Vietnam: pho, banh mi, dumplings... and 30,000 hijacked Facebook business accounts 🥟 Meet "AccountDumpling": phishing sent straight through Google's own infrastructure. Yum. Looks like it's a serious business over there. Steal the account. Resell it. Fabricate fake identities. Sell "recovery" right back to the victim for a fee and even more shenanigans. Brilliant deep-dive research by our own @shaked__chen! Learn how they abused Google to send phishing emails, so many methods and tricks they used along the way, and the mistakes they made that helped us catch them red-handed and reach victims in time to save what could still be saved. (link to full research in reply...)
2
5
21
305,914
👉 guard.io/labs/accountdumplin…

"AccountDumpling" – The Google-Sent Phishing Wave Hijacking 30k Facebook Accounts

Hunting Down the Google-Sent Phishing Wave Compromising 30,000 Facebook Accounts

guard.io
1
2
192
NoMetaWhat. Ever got a phishing email from Meta that actually came from Facebook ?! Oh No.. Attackers abuse Facebook Business Manager to send real emails from noreply@business.facebook.com, then stuff the invite with their own sender name, urgency bait, and a clickable phishing link! DKIM, SPF, DMARC all pass. Of course they do. 👉 more...
1
4
6
356
2/3 The "best" part? We reproduced it in minutes. Create a Business Manager account with 1 click. Change the business name to whatever scare-text you want. Change the requester name too. Send a partner invite to any email plus any valid business ID. Now @gmail treats the mail as trusted - NoMetaWhat! And the clickable name does the rest. @Meta @facebook
1
1
2
160
3/3 Then the victim lands on a fake Meta Privacy Center and starts donating credentials. Password. Retry. 2FA code. Retry again. We saw 15 rotating phishing URLs in just 3 days, and kits now doing real-time 2FA interception. If your mail stack blindly whitelists business[.]facebook[.]com, time to rethink this. More on this campaign soon 👉
1
107
Didn’t realize a church in Pennsylvania started offering macOS storage fix services?! The ClickFix gang is back with GoogleFix, and they’ve figured out how to make @GoogleAds own ad platform do their dirty work. @GuardioLabs full report now available with a technical deep dive, and tons of in-the-wild samples here 👇 @GuardioSecurity
1
1
82
Read it here: guard.io/labs/googlefix---cl…

"GoogleFix" - Hijacking Google's Sponsored Results to Deliver Infostealers

ClickFix's Latest Evolution Now Hijacks Google's Sponsored Results Infected with AMOS Stealer Lures

guard.io
37
Guardio Labs retweeted
Guardio
@GuardioSecurity
4 Nov 2025
Lovable builds the future. Guardio scans it when it goes live. You won’t see it. You won’t feel it. But without it? You’d be clicking into scams built by AI all day long. Introducing the new integration between Guardio and Lovable - making the web a cleaner, safer place for everyone. @lovable
10
27
176
257,744
Guardio Labs retweeted
Nati Tal
@bananahacks
Mar 25
Ever wonder how your data ends up for sale in the digital shadows? It’s a massive industry where groups like ShinyHunters exploit misconfigured SaaS databases for profit. The ultimate irony: they just breached Aura, a US firm dedicated to preventing identity theft. 🤦‍♂️ ~1M records leaked due to a Salesforce configuration error. If the "protectors" aren't safe, is privacy a losing battle? Read our full report analysis - link in the reply...
1
1
3
546
Load more