Tag: social-engineering
-
Apple Pay Users Targeted by Phishing Attack Aimed at Stealing Payment Details
A sophisticated new phishing campaign is targeting Apple Pay users, leveraging high-quality email design and social engineering to bypass security measures. Unlike typical scams that rely on poorly spelled emails and suspicious links, this campaign uses a >>hybrid<>vishing<<, to steal Apple IDs and payment data. […] The post Apple Pay Users Targeted by Phishing Attack…
-
State-Backed Hackers Target Military Officials and Journalists on Signal in Latest Cyberattack
German intelligence and security agencies have issued a high-priority warning regarding a sophisticated cyber espionage campaign targeting military officials, diplomats, and investigative journalists across Europe. The Bundesamt für Verfassungsschutz (BfV) and the Federal Office for Information Security (BSI) identified the attackers as likely state-sponsored actors utilizing social engineering to compromise accounts on the encrypted messaging…
-
Ten career-ending mistakes CISOs make and how to avoid them
Tags: access, ai, attack, awareness, best-practice, breach, business, ciso, cloud, compliance, computing, conference, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, framework, GDPR, governance, guide, HIPAA, least-privilege, malicious, metric, monitoring, network, password, resilience, risk, social-engineering, strategy, technology, threat, tool, training, vulnerability, zero-trust2. Poor communication with the board and C-suite: Technical expertise alone no longer suffices in the modern CISO role. Security leaders who fail to translate cyber risks into business impact quickly lose credibility with decision-makers who control budgets and strategic direction.When security leaders present endless technical details without connecting them to revenue loss, regulatory fines,…
-
The Human Layer of Security: Why People are Still the Weakest Link in 2026
By 2026 humans remain cybersecurity’s weakest”, and most vital”, link as AI-enabled social engineering rises; prioritize behavioral design, real”‘time interventions, and leadership. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-human-layer-of-security-why-people-are-still-the-weakest-link-in-2026/
-
Spam Campaign Distributes Fake PDFs, Deploys Remote Monitoring Tools for Ongoing Access
An ongoing spam campaign that leverages social engineering to deploy legitimate Remote Monitoring and Management (RMM) software on victim networks. By disguising malicious payloads as essential Adobe Acrobat updates, threat actors are successfully bypassing traditional security controls and establishing persistent remote access to sensitive systems. The campaign begins with a deceptive email delivering a PDF…
-
Betterment Data Breach Exposes Sensitive Information of 1.4 Million Customers
Automated investment platform Betterment has confirmed a data breach affecting approximately 1.4 million customers. The incident, which occurred in January 2026, was the result of a targeted social engineering attack rather than a direct exploit of the company’s core infrastructure. The breach sequence began on January 9, 2026. According to Betterment’s forensic investigation, unauthorized actors…
-
Betterment breach may expose 1.4M users after social engineering attack
Breach-tracking site flags dataset following impersonation-based intrusion First seen on theregister.com Jump to article: www.theregister.com/2026/02/05/betterment_hack/
-
Cyberattackers Use Fake RTO Challan Alerts to Spread Android Malware
Tags: android, cyber, data, government, india, infrastructure, malware, office, service, social-engineering, tacticsIndian users’ trust in government services through a sophisticated Android malware campaign that impersonates Regional Transport Office (RTO) challan notifications. This campaign represents an evolution from previous RTO-themed malware, featuring advanced anti-analysis techniques, a modular three-stage architecture, and a structured backend infrastructure for data collection and remote operations. The malware spreads through social engineering tactics,…
-
Weaponized Voicemail Hack Allows Remote Access to Systems, Experts Warn
A sophisticated social engineering campaign that weaponizes fake voicemail notifications to trick victims into installing remote access tools. The attack begins when victims receive communications directing them to compromised websites displaying convincing voicemail-themed landing pages. These pages use bank-related subdomains and minimal, professional design elements to appear legitimate. The interface suggests that a new voice…
-
Cyberattackers Exploit DNS TXT Records in ClickFix Script to Execute Malicious PowerShell Commands
A new evolution in the >>ClickFix<>ClickFix<>Verify […] The post Cyberattackers Exploit DNS TXT Records in ClickFix Script to Execute Malicious PowerShell Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/dns-txt-records/
-
Info-Stealing malware expands from Windows to macOS
Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake…
-
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
Microsoft has warned that information-stealing attacks are “rapidly expanding” beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale.The tech giant’s Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since First seen on thehackernews.com Jump…
-
Infostealer Attacks Hit macOS, Abusing Python and Trusted Platforms
A sharp rise in campaigns targeting macOS users, while attackers also ramp up Python”‘based stealers and abuse trusted platforms like WhatsApp and popular PDF utilities. These attacks focus on harvesting credentials, browser data, cloud keys, and cryptocurrency wallets, then quietly exfiltrating them to attacker”‘controlled infrastructure. On macOS, threat actors increasingly rely on social engineering and…
-
Fake Party Invites Lure Victims Into Installing Malicious Remote Access Tools
A sophisticated social engineering campaign targeting Windows users across the UK, using fake event invitations to silently install ScreenConnect a legitimate remote access tool that attackers have weaponized to gain complete system control. The attack chain begins with deceptive simplicity: victims receive emails that look like personal invitations from friends or colleagues. These messages are…
-
Malicious Google Play App With 50K+ Downloads Spreads Anatsa Banking Trojan
A malicious application on the Google Play Store masquerading as a legitimate document reader. The deceptive application, which has accumulated over 50,000 downloads, functions as a dropper for the notorious Anatsa banking trojan, a sophisticated malware strain known for targeting financial institutions and compromising user banking credentials. The malicious app leverages social engineering tactics by…
-
ShinyHunters escalates tactics in extortion campaign linked to Okta environments
Researchers are tracking multiple clusters that are using social engineering to gain access to victims. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/shinyhunters-tactics-extortion-okta-environ/811112/
-
ShinyHunters escalates tactics in extortion campaign linked to Okta environments
Researchers are tracking multiple clusters that are using social engineering to gain access to victims. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/shinyhunters-tactics-extortion-okta-environ/811112/
-
ShinyHunters escalates tactics in extortion campaign linked to Okta environments
Researchers are tracking multiple clusters that are using social engineering to gain access to victims. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/shinyhunters-tactics-extortion-okta-environ/811112/
-
Human Risk Management: Das Paradoxon der Sicherheitsschulungen
Security Awareness Trainings sollten auf dem Human-Risk-Management-Ansatz basieren. Unternehmen investieren Millionen von Dollar in Firewalls, Endpunktsicherheit oder Verschlüsselung. Doch eine einzige Person kann eine Katastrophe auslösen. Es reicht, wenn sie eine infizierte Datei herunterlädt oder auf einen betrügerischen Link klickt.Analysen zeigen: Zwischen 70 und 90 Prozent aller Sicherheitslücken entstehen, weil Menschen Fehler machen. Sie fallen…
-
Hacker erreichen durch die Kombination von Automatisierung, KI und Social-Engineering über mehrere Kanäle hinweg eine höhere Angriffstaktung denn je.
Check Point Software Technologies veröffentlicht die 14. Auflage seines Cyber Security-Reports. Darin fassen die Sicherheitsforscher die globalen Entwicklungen bei Cyber-Angriffen weltweit im Jahr 2025 im Vergleich zum Jahr 2024 zusammen. Hierzulande zielten pro Woche 1223 Angriffe auf deutsche Unternehmen, dies entspricht einem Anstieg von 14 Prozent im Vergleich zu Vorjahr. In Österreich gab es ebenfalls…
-
Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses
A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services exploitation to gain deep device control, evading hash-based detection through rapid polymorphism. The campaign targets Android users via a dropper app named TrustBastion, often promoted through…
-
Online-Hosting-Dienst Hugging-Face als Provider für Fernzugangstrojaner
Social-Engineering im vertrauenserweckenden Gewand mit hoher Flexibilität ist eine Gefahr für Nutzer, wenn sie aus einer vermeintlich legitimen Quelle kommt. Die Bitdefender Labs beobachten aktuell eine Kampagne zum Ausspielen von Remote-Access-Trojanern (RAT) über den bekannten Online-Hoster Hugging-Face. Die visuelle Schnittstelle, die das Opfer zum Download des Payloads veranlassen soll, ähnelt dabei legitimen Dialogfeldern von Google-Play…
-
Helpdesk Impersonation: A High-Risk Social Engineering Attack
With organizations becoming more digitally interconnected, threat actors are placing greater emphasis on manipulating people instead of breaching systems directly. One of the most deceptive and damaging tactics is helpdesk impersonation, a form of social engineering in which attackers pose as legitimate users or trusted personnel to manipulate support staff into granting unauthorized access…. First…
-
ShinyHunters ramp up new vishing campaign with 100s in crosshairs
Tags: advisory, attack, authentication, breach, communications, control, credentials, cybercrime, cybersecurity, data, data-breach, finance, google, group, hacker, hacking, infrastructure, intelligence, login, mfa, microsoft, mobile, okta, phishing, phone, saas, security-incident, social-engineering, tactics, theft, tool, unauthorized<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?w=1024" alt="ShinyHunters data dump" class="wp-image-4124689" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?quality=50&strip=all 2260w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=300%2C182&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=768%2C466&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1024%2C621&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1536%2C931&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=2048%2C1241&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1150%2C697&quality=50&strip=all 1150w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=277%2C168&quality=50&strip=all 277w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=139%2C84&quality=50&strip=all 139w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=792%2C480&quality=50&strip=all 792w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=594%2C360&quality=50&strip=all 594w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=412%2C250&quality=50&strip=all 412w” width=”1024″ height=”621″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> CSOIn operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known…
-
ShinyHunters ramp up new vishing campaign with 100s in crosshairs
Tags: advisory, attack, authentication, breach, communications, control, credentials, cybercrime, cybersecurity, data, data-breach, finance, google, group, hacker, hacking, infrastructure, intelligence, login, mfa, microsoft, mobile, okta, phishing, phone, saas, security-incident, social-engineering, tactics, theft, tool, unauthorized<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?w=1024" alt="ShinyHunters data dump" class="wp-image-4124689" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?quality=50&strip=all 2260w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=300%2C182&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=768%2C466&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1024%2C621&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1536%2C931&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=2048%2C1241&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1150%2C697&quality=50&strip=all 1150w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=277%2C168&quality=50&strip=all 277w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=139%2C84&quality=50&strip=all 139w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=792%2C480&quality=50&strip=all 792w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=594%2C360&quality=50&strip=all 594w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=412%2C250&quality=50&strip=all 412w” width=”1024″ height=”621″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> CSOIn operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known…
-
Identitäten im Fokus von Cyberkriminellen
Tags: access, business, cloud, cyberattack, email, incident response, mail, password, phishing, ransomware, service, social-engineering, software, vulnerabilityCyberkriminelle haben es inzwischen vermehrt auf digitale Identitäten abgesehen.Der State of Incident Response Report 2026 von Eye Security zeigt: Cyberangriffe auf Unternehmen erfolgen zunehmend unbemerkt und die Schäden entstehen innerhalb von Minuten. Demnach setzen die Angreifer inzwischen weniger darauf, Systeme zu hacken, sondern bestehende Zugänge ausnutzen.Identitätsbasierte Angriffe dominieren das Feld, wobei 97 Prozent dieser Vorfälle…
-
Social Engineering Hackers Target Okta Single Sign On
ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate Data. Security experts warn that an active and ongoing campaign being waged by ShinyHunters extortionists has at least 150 organizations in its sights across a range of sectors, with attackers using live voice phishing to bypass multifactor authentication, steal cloud data and hold it…
-
AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report
Tags: access, ai, attack, automation, chatgpt, compliance, control, data, detection, finance, google, governance, infrastructure, injection, insurance, intelligence, malicious, malware, microsoft, ml, monitoring, RedTeam, risk, saas, social-engineering, supply-chain, tactics, technology, threat, tool, vulnerability, zero-trustArtificial intelligence and machine learning (AI/ML) are no longer emerging capabilities inside enterprise environments. In 2025, they became a persistent operating layer for how work gets done. Developers ship faster, marketers generate more content, analysts automate research, and IT teams rely on AI to streamline troubleshooting and operations. The productivity gains are real, but so…
-
CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams
Tags: advisory, cisa, cyber, cybersecurity, infrastructure, malicious, risk, scam, social-engineering, tactics, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize on the chaos and emotional vulnerability of affected populations by deploying sophisticated social engineering tactics disguised as legitimate relief efforts. According to…
-
Phishing-Kits imitieren vermehrt Telefongespräche
Digitale Angriffe verlagern sich zunehmend weg von simplen Massenmails hin zu gezielten, telefonbasierten Betrugsversuchen. Parallel dazu haben sich auch die Werkzeuge der Angreifer verändert: Moderne Phishing-Kits sind heute so ausgelegt, dass sie die speziellen Anforderungen sprachbasierter Social-Engineering-Angriffe in Vishing-Kampagnen unterstützen. Das ergaben jüngste Untersuchungen von Okta-Threat-Intelligence. Immer häufiger werden solche Kits gegen Konten bei Google,…