Tag: social-engineering
-
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069.Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder…
-
Axios npm compromise traced to targeted social engineering attack
The recent compromise of the widely used Axios npm package has been confirmed as the result of a targeted social engineering attack. The incident, which briefly exposed developers to malicious code, highlights growing risks within the open-source software supply chain. On March 31, attackers managed to publish two malicious versions of Axios to npm. These…
-
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026.”Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers,” the&…
-
Hackers Weaponize Venom Stealer via ClickFix Lures for Massive Data Exfiltration
Hackers are increasingly turning simple social engineering tricks into full-scale data theft operations, and a newly identified malware platform called Venom Stealer is a strong example of this shift. Instead of just stealing credentials once, Venom creates a continuous data exfiltration pipeline, allowing attackers to monitor and extract sensitive information long after the initial infection.…
-
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-alert-hackers-whatsapp-signal/
-
NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks
NCSC advises on countermeasures for high-risk individuals over phishing attacks on encrypted messaging services, such as Signal, WhatsApp and Facebook Messenger First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641058/NCSC-warns-high-risk-individuals-of-Signal-and-WhatsApp-social-engineering-attacks
-
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware.According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in Italy. It’s assessed that the threat actors behind…
-
Cybersecurity in the age of instant software
Tags: access, ai, attack, computing, control, credentials, cybersecurity, deep-fake, defense, detection, exploit, flaw, injection, intelligence, iot, malicious, network, open-source, programming, risk, social-engineering, software, technology, tool, update, vulnerability, zero-dayAutomating patch creation: But that’s just half of the arms race. Defenders get to use AI, too. These same AI vulnerability-finding technologies are even more valuable for defense. When the defensive side finds an exploitable vulnerability, it can patch the code and deny it to attackers forever.How this works in practice depends on another related…
-
Vietnam-Linked PXA Stealer Campaign Exploits LinkedIn to Target Professionals Globally
A newly exposed global malware campaign reveals how PXA Stealer has been wielded by Vietnam”‘linked actors to siphon sensitive data from professionals across multiple countries using trusted platforms like LinkedIn. First documented in late 2024, this campaign has evolved into a new threat that leverages social engineering, advanced payload delivery, and stealthy execution to outmaneuver…
-
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/venom-stealer-maas-commoditizes-clickfix-attacks
-
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber’s upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/routine-access-is-powering-modern-intrusions-a-new-threat-report-finds/
-
New Venom Stealer MaaS Platform Automates Continuous Data Theft
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/venom-stealer-maas-automates-data/
-
Security awareness is not a control: Rethinking human risk in enterprise security
Tags: access, attack, authentication, awareness, banking, best-practice, breach, business, control, corporate, credentials, crowdstrike, defense, email, exploit, finance, framework, Hardware, healthcare, identity, infrastructure, malware, mfa, monitoring, passkey, password, phishing, radius, risk, security-incident, social-engineering, strategy, tactics, threat, training, vulnerabilityThe predictability of human error: Human error is sometimes viewed as an exception in security incident conversations, as if a breach happened because someone made a mistake that should have been prevented. Human error is a constant in complex systems, especially in huge organizations where everyday operations are shaped by scale, pace, and conflicting agendas.…
-
The Arms Race is Already Over. You Just Don’t Know Which Side Won.
Anthropic’s Claude 4.6 found 500+ zero-days, but the real story is economic. As AI secures code, attackers are shifting to the “Trust Layer””, AI-driven social engineering and identity deception. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/the-arms-race-is-already-over-you-just-dont-know-which-side-won/
-
Don’t open that WhatsApp message, Microsoft warns
How to avoid social engineering attacks? Employee training tops the list First seen on theregister.com Jump to article: www.theregister.com/2026/03/31/whatsapp_message_bad_msi_packages/
-
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature
Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks. This defense intercepts potentially harmful commands before they are pasted into the Terminal application, breaking the infection chain. The ClickFix Attack Methodology ClickFix is a sophisticated social engineering technique designed to bypass…
-
SOC von BlueVoyant verhindert gezielten Social-Engineering-Angriff auf EU-Finanzeinrichtung
In der Vergangenheit setzte die Gruppe wiederholt auf täuschend echte digitale Identitäten etwa im Namen ukrainischer Behörden oder bekannter Softwareanbieter First seen on infopoint-security.de Jump to article: www.infopoint-security.de/soc-von-bluevoyant-verhindert-gezielten-social-engineering-angriff-auf-eu-finanzeinrichtung/a44439/
-
DeepLoad Malware Uses ClickFix and AI Evasion to Hit Enterprise Networks
New “DeepLoad” malware is turning a single user click into fileless, credential”‘stealing persistence inside enterprise networks, leveraging the ClickFix technique and AI-generated obfuscation to evade traditional defenses. DeepLoad arrives via ClickFix a social engineering technique that instructs users to paste a “fix” command into Windows Run or a terminal, making the action appear to be…
-
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.”It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers Thassanai…
-
FIFA World Cup 2026: A Match Between Fans and Scammers
Scammers are already gearing up for the FIFA World Cup 2026 with phishing attacks, online scams and a whole lot of social engineering as emotions and reckless behavior runs high among fans. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fifa-world-cup-2026-a-match-between-fans-and-scammers/
-
Fake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain Attack
Fake npm install messages are the latest social engineering trick in the open source supply chain, with attackers abusing npm post”‘install scripts to silently deploy a crypto”‘stealing remote access trojan (RAT) in what ReversingLabs is calling the “Ghost campaign.” By wrapping their payloads in realistic but entirely bogus npm install logs, the threat actors turn…
-
Cybercrime groups speed up initial access handoff through planning, coordination
A report by Google Threat Intelligence Group also shows voice-based phishing has surged amid a rise in social engineering tactics. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cybercrime-groups-speed-initial-access/815551/
-
FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts
The FBI and CISA join European agencies in warning of a widespread, easily scalable social engineering campaign targeting messaging apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fbi-cisa-warn-of-russian-hackers-hijacking-signal-and-whatsapp-accounts/
-
SilentConnect Uses Fake Invites to Deploy ScreenConnect RAT
SILENTCONNECT is a new multi-stage Windows loader that abuses fake online invitations and trusted cloud services to silently deploy the ConnectWise ScreenConnect remote access tool on victim systems. The campaign blends social engineering, living-off-the-land binaries, and low-level evasion techniques to achieve hands-on keyboard access while remaining difficult to spot in traditional monitoring. The attack starts…
-
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape
Tags: access, ai, api, attack, authentication, backup, ciso, cloud, control, credentials, data, defense, detection, email, encryption, espionage, exploit, governance, identity, infection, infrastructure, intelligence, mandiant, mfa, monitoring, network, north-korea, phishing, ransomware, resilience, saas, service, social-engineering, strategy, tactics, theft, threat, tool, updateSocial engineering becomes more interactive: While exploits remain the leading initial infection vector at 32%, the report underscores a shift toward more adaptive social engineering. Voice phishing has risen sharply, while email phishing continues to decline, signaling a move away from high-volume campaigns toward real-time interaction.Mandiant’s data shows that email phishing dropped to just 6%…
-
RSAC 2026 Innovation Sandbox – Humanix: People-Oriented Social Engineering Attack Detection and Response
Company Profile Humanix (see Figure 1) is a cybersecurity company focusing on human-centric threat detection and response, dedicated to protecting enterprises from social engineering attacks against “people”, headquartered in the San Francisco Bay Area of the United States [1]. Its core concept is: Traditional security focuses a lot of energy on systems and boundaries, and most…The…
-
Aura Confirms Data Breach Exposing 900,000 Customer Records
Tags: breach, cyber, data, data-breach, defense, exploit, incident response, network, phishing, social-engineering, threat, unauthorizedDigital security provider Aura has confirmed a data breach affecting approximately 900,000 user records following a targeted social engineering attack. The incident highlights the ongoing threat of sophisticated phishing campaigns aimed at bypassing technical defenses by exploiting human elements within an organization. Aura immediately initiated its incident response protocol upon detecting the unauthorized network activity.…
-
ClickFix treibt neue Infostealer-Kampagnen an
Tags: api, captcha, control, cyberattack, encryption, exploit, framework, github, infrastructure, intelligence, lazarus, login, malware, microsoft, powershell, rat, social-engineering, threat, windows, wordpressClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten.Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Bekannt ist das Ganze unter dem Namen ClickFix und zudem effektiv: In einer einzigen Kampagne wurden über 250 WordPress-Websites in zwölf Ländern infiziert.Während diese Kampagne zu unauffälligen, im Arbeitsspeicher ausgeführten Schadprogrammen führt, beobachtete Microsoft…
-
Microsoft Teams-Based Vishing Attack Tricks Victims Into Quick Assist Takeover
Tags: attack, breach, corporate, cyber, cyberattack, detection, identity, microsoft, phishing, social-engineering, software, threat, vulnerabilityThreat actors are increasingly relying on social engineering rather than complex software vulnerabilities to breach corporate networks. In November 2025, Microsoft’s Detection and Response Team (DART) investigated a notable identity-first intrusion where attackers successfully used Microsoft Teams voice phishing (vishing) to compromise a corporate device via Quick Assist. This incident, detailed in Microsoft’s latest Cyberattack…
-
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method.The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials…