Tag: social-engineering
-
Hackers Abuse Cross-Tenant Teams Chat to Deliver EtherRAT Through Malicious MSI Loader
A coordinated social-engineering campaign observed in late June 2026 combined email phishing with an abused Microsoft Teams cross”‘tenant chat to deliver a sophisticated EtherRAT implant via a malicious MSI loader. Initial access began with a targeted email masquerading as internal communication: an “Employee Survey” HTML message containing a PDF lure. When the victim opened the…
-
Home Medical Gear Firm Tells SEC Hackers Stole Patient Data
AdaptHealth Says Social Engineering Scam Also Affects External EHR Portal Data. A publicly traded home medical equipment and services supplier has told U.S. regulators that hackers recently stole a potentially large volume of patients’ health and personal information, including data from external electronic health record system portals, in a social engineering scam. First seen on…
-
Gaslight Stealer Embeds Fake System Messages to Mislead AI Malware Analysts
Tags: ai, blockchain, cyber, injection, jobs, macOS, malware, north-korea, social-engineering, softwareA new macOS stealer, tracked as Gaslight and attributed to North Korean operators, demonstrates a worrying evolution in malware design: deliberate prompt-injection to mislead AI-driven security tools. Gaslight arrives as a standalone Mach-O executable commonly luring macOS users with faux meeting software, fake job recruitment materials, blockchain or gaming downloads, and developer test packages social-engineering…
-
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware
Tags: cyber, exploit, google, intelligence, malicious, malware, powershell, rat, social-engineering, threatThreat actors are currently exploiting sophisticated ClickFix social engineering campaigns that mimic Google and Cloudflare verification systems to distribute several high-impact malware families, including StealC, HijackLoader, NetSupport RAT, and newly identified loaders. Recent threat intelligence research indicates that these campaigns have been active since late 2025, tricking users into manually executing malicious PowerShell commands. This…
-
Hackers Use Compromised Websites and transcript.pdf.js Lure to Deliver PureLog Stealer
Hackers are using compromised websites and a deceptive transcript.pdf.js lure to deliver PureLog Stealer through a layered, fileless infection chain that leans heavily on PowerShell, trusted cloud infrastructure, and in-memory execution. The campaign, described in the attached research, shows how modern stealers increasingly rely on social engineering and living-off-the-land techniques rather than noisy malware binaries.…
-
Ransomware Thugs Masquerade as Interpol to Entice Small Biz
The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-use-interpol-lure-target-small-businesses
-
Browser-Only Ransomware Uses File System Access API to Encrypt Files Without Malware Installation
A novel, practical ransomware technique that runs entirely inside the browser by abusing the File System Access API, demonstrating how AI can turn high-level malicious ideas into operational attack chains without any native payload. The proof-of-concept leverages a social engineering lure a fake AI image-enhancement/upscaler web app to convince users to grant folder-level access. Once…
-
And the Winner in Dominant Malware Delivery? ClickFix
Researchers say the highly effective social engineering technique is no longer the exception for malware attacks, it’s now the rule. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/winner-dominant-malware-delivery-clickfix
-
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs.The activity has been codenamed VEIL#DROP by Securonix. It’s suspected that the initial payloads are distributed either via spear-phishing or a drive-by compromise, which occurs when an unsuspecting user lands on…
-
MacSync Stealer Hijacks macOS via Fake Claude Code Google Ads Full Attack Chain Exposed
Tags: attack, credentials, crypto, cyber, data-breach, google, infection, macOS, malware, social-engineeringMacSync Stealer is a newly discovered macOS infostealer actively distributed through a sophisticated malvertising campaign on Google Ads that impersonates Anthropic’s Claude Code CLI. Security researchers from Beezlebub have uncovered the complete attack chain, revealing a multi-stage infection process that spans from social engineering to deep system compromise, credential harvesting, and persistent hijacking of crypto…
-
Phishers Gain Persistence at EU, Asia Hospitality Orgs
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/phishers-persistence-eu-asia-hospitality-orgs
-
2026: Cybersicherheitslage in deutschen Unternehmen
Management Summary Cybervorfälle bleiben für deutsche Unternehmen ein operatives Kernthema: 75 Prozent der befragten Organisationen waren in den vergangenen zwölf Monaten betroffen. Phishing und Social Engineering dominieren weiterhin die aktuelle Bedrohungslage und stehen für 56 Prozent der erfassten Sicherheitsvorfälle. KI-gestützte Angriffe rücken strategisch in den Fokus: 45 Prozent sehen darin das größte Cyberrisiko der kommenden……
-
Russia used social engineering to breach prominent messaging accounts, Ukraine says
Ukraine’s SBU described a long-running Russian operation that used fake tech-support workers to persuade people to hand over credentials to their messaging apps. First seen on therecord.media Jump to article: therecord.media/russia-ukraine-social-engineering-messaging-accounts
-
Scammers Abuse Shopify to Send Fake Invoices and Steal Credentials via Fake Support Calls
Scammers are increasingly exploiting Shopify’s ecosystem and its Shop order-tracking app to deliver fraudulent invoices directly into users’ purchase histories, marking a shift from traditional email-based phishing to in-app social engineering attacks. Security researchers Luis Corrons and Jakub Vavra from Gen have identified multiple campaigns in which fake receipts appear in the Shop app, impersonating…
-
Künstliche Intelligenz im Cybercrime Zwischen Faszination und Existenzangst
Sophos veröffentlicht neue Erkenntnisse der Sophos Counter Threat Unit (CTU). Die Experten analysierten in einer aktuellen Untersuchung, dass Cyberkriminelle der künstlichen Intelligenz (KI) nach wie vor ambivalent gegenüberstehen. In Untergrund-Foren und Darknet-Marktplätzen wird KI nicht nur zunehmend als potenzieller Game-Changer thematisiert, sondern auch als potenzieller Killer für kriminelle Geschäftsmodelle. Betrug auf Autopilot: Wie KI Social-Engineering…
-
2026 FIFA World Cup Faces Surge in Cyber Threats
Persistent cybercrime, social engineering, and infrastructure threats continue to plague the FIFA 2026 World Cup across the US, Canada, and Mexico. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/2026-fifa-world-cup-faces-surge-cyber-threats
-
Securing the service desk: Why social engineering attacks keep succeeding
Service desks have become a favored target for attackers seeking password resets, MFA changes, and access to corporate accounts. Specops Software breaks down how service desk social engineering attacks work and how organizations can defend against them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/securing-the-service-desk-why-social-engineering-attacks-keep-succeeding/
-
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload
A targeted malware distribution campaign that abuses a counterfeit Indian Income Tax Department assessment notice to deliver a multi-stage Remote Access Trojan (RAT)-style payload. The threat actors hosted a fake tax-assessment portal on harivo[.]vip and used social-engineering lures official branding, tax terminology, legal references, penalties, and a “Download Assessment Order & Workings” prompt to persuade…
-
Hackers Abuse UI Spoofing and Hidden iFrames to Push Malicious Installer Downloads
A sophisticated Browser-in-the-Browser (BitB) campaign that combines UI spoofing, concealed iframes and multiple anti-analysis checks to coerce victims into manually installing malware. The operation uses highly convincing fake browser windows layered over legitimate pages to simulate stalled document loads and “out of date” software dialogs, social-engineering users into downloading an executable and running it themselves.…
-
Angreifer nutzen geopolitische Unruhen für Phishing, Spendenbetrug und Social Engineering
Der wirksamste Schutz liegt deshalb im eingeübten Reflex, jede unerwartete Nachricht kritisch zu prüfen. Unternehmen sollten diesen Reflex durch regelmäßige Awareness-Trainings stärken. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/angreifer-nutzen-geopolitische-unruhen-fuer-phishing-spendenbetrug-und-social-engineering/a45551/
-
Top 10 Best Cybersecurity Awareness Training Platforms 2026
Tags: awareness, cyber, cybercrime, cybersecurity, defense, phishing, social-engineering, tactics, technology, trainingIn the complex digital landscape of 2026, technology alone is no longer enough to protect an organization from cyber threats. The human element, often cited as the weakest link, is now recognized as a critical line of defense the human firewall. Cybercriminals are increasingly targeting employees through sophisticated social engineering tactics like phishing, vishing, and…
-
Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT
A sophisticated malvertising and social-engineering campaign that pivoted from weaponized GitLab Pages to abusing claude.ai’s shared chat feature, enabling operators to deliver an in-memory remote-access trojan (RAT) via a China-themed loader chain. Across seven weeks (April 8June 14, 2026) investigators tracked 106 unique malicious hostnames across six attack waves, revealing rapid infrastructure rotation, targeted geographic…
-
ClickFix Attack Deploys Potemkin Loader, RMMProject RAT, and EtherRAT Across 11 Hosts
A sophisticated ClickFix social engineering campaign in May 2026 triggered a full hands-on-keyboard intrusion spanning 11 hosts, deploying a novel trio of malicious tools: Potemkin loader, RMMProject RAT, and EtherRAT. The attack chain began when the user visited a compromised website and pasted a base64-encoded PowerShell command into Win+R. This command abused pcalua.exe as a LOLBIN to…
-
ClickFix-Kampagnen verbreiten neue Malware-Loader
Angreifer nutzen ClickFix-Social-Engineering und gefälschte Updates, um neue Malware-Loader wie BabaDeda, Lorem Ipsum und Potemkin auf Systeme zu bringen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/clickfix-kampagnen-malware-loader
-
Rokarolla Malware Abuses Android Accessibility Services to Steal Banking Credentials
Tags: android, banking, control, credentials, crypto, cyber, infrastructure, malicious, malware, service, social-engineeringRokarolla, a new Android banking trojan named after its Command-and-Control (C2) infrastructure, that combines sophisticated social engineering, broad permissions abuse, and a flexible command set to harvest credentials from 217 targeted banking and cryptocurrency apps. Distributed via malicious websites that masquerade as popular apps (examples include a disguised landing page at hxxps://infocontablidades[.]it[.]com/). Rokarolla uses a…
-
Malware Uses Deno Permission Flags to Run Commands and Proxy Internal Network Traffic
A recent intrusion demonstrates how threat actors are shifting toward scripting runtimes to evade traditional detection: attackers delivered a modular Remote Access Trojan (RAT) built on Deno, using social engineering to install a multi-process JavaScript implant that executes commands and proxies internal network traffic. The campaign combined high-volume mailbombing with Microsoft Teams impersonation to trick…
-
CEO-Fraud 2.0: KI als Booster für Social Engineering und Deepfake-Angriffe
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/ceo-fraud-2-0-ki-booster-social-engineering-deepfake-angriffe
-
Silent Ransom Group Targets US Legal Firms With Voice Phishing and Data Theft Extortion
A concentrated data theft extortion campaign by UNC3753 also reported as Luna Moth, Chatty Spider, and Silent Ransom Group targeting dozens of U.S. professional, legal, and financial services firms. The cluster’s hallmark is fast, human-centric intrusions that combine voice phishing (vishing), social engineering, abuse of legitimate remote support tools, and in some cases physical office…
-
Silent Ransom Group Targets US Legal Firms With Voice Phishing and Data Theft Extortion
A concentrated data theft extortion campaign by UNC3753 also reported as Luna Moth, Chatty Spider, and Silent Ransom Group targeting dozens of U.S. professional, legal, and financial services firms. The cluster’s hallmark is fast, human-centric intrusions that combine voice phishing (vishing), social engineering, abuse of legitimate remote support tools, and in some cases physical office…
-
The Beginning of the End of Social Engineering
AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/beginning-end-social-engineering

