Tag: social-engineering
-
Gamayun APT Exploits New MSC EvilTwin Vulnerability to Deliver Malicious Payloads
Tags: apt, cyber, exploit, group, infrastructure, malicious, microsoft, powershell, social-engineering, threat, vulnerability, windowsWater Gamayun, a Russia”‘aligned advanced persistent threat (APT) group, has launched a new multi”‘stage intrusion campaign that weaponizes the recently disclosed MSC EvilTwin vulnerability in Windows Microsoft Management Console (MMC). Leveraging a blend of compromised infrastructure, social engineering, and heavily obfuscated PowerShell, the attackers exploited CVE”‘2025″‘26633 to inject malicious code into mmc.exe, ultimately delivering hidden…
-
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack
Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trustThis blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
-
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack
Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trustThis blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
-
FraudWeek So schützen sich Organisationen vor Betrug und Phishing
Jedes Jahr ruft die International-Fraud-Awareness-Week (Internationale Woche zur Sensibilisierung für Betrug) Unternehmen, öffentliche Einrichtungen und Nutzer dazu auf, sich eingehender mit den Risiken von Betrug, Social-Engineering und anderen Formen der digitalen Manipulation auseinanderzusetzen. Die im Jahr 2000 gestartete Initiative zielt darauf ab, weltweit das Bewusstsein dafür zu schärfen, wie sich Betrugsmaschen entwickeln, wie Angreifer menschliches…
-
DPRK’s FlexibleFerret Tightens macOS Grip
The actor behind the Contagious Interview campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprks-flexibleferret-tightens-macos-grip
-
ClickFix Attack Uses Steganography to Hide Malware in Fake Windows Security Update
Cybersecurity researchers at Huntress have uncovered a sophisticated ClickFix campaign that leverages steganography to conceal malicious code within PNG images disguised as Windows Update screens. The attack chain delivers multiple variants of information-stealing malware, including LummaC2 and Rhadamanthys, through a deceptive social engineering technique that tricks users into executing commands via the Windows Run prompt.…
-
3 SOC Challenges You Need to Solve Before 2026
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns.The Storm on the HorizonGlobal world instability, coupled with rapid technological advancement, will force security teams to adapt not just their…
-
3 SOC Challenges You Need to Solve Before 2026
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns.The Storm on the HorizonGlobal world instability, coupled with rapid technological advancement, will force security teams to adapt not just their…
-
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
Tags: access, cisa, cyber, cybersecurity, infrastructure, mobile, social-engineering, spyware, unauthorizedThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications.”These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, First…
-
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?
Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerabilityThe Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…
-
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?
Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerabilityThe Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…
-
TamperedChef Campaign Exploits Everyday Apps to Deploy Malware and Enable Remote Access
The Acronis Threat Research Unit has uncovered a sophisticated global malvertising campaign called TamperedChef that disguises malware as legitimate everyday applications to compromise systems worldwide. The operation uses social engineering, search engine optimization tactics, and fraudulently obtained digital certificates to trick users into installing backdoors that grant attackers remote access and control over infected machines.…
-
TamperedChef Campaign Exploits Everyday Apps to Deploy Malware and Enable Remote Access
The Acronis Threat Research Unit has uncovered a sophisticated global malvertising campaign called TamperedChef that disguises malware as legitimate everyday applications to compromise systems worldwide. The operation uses social engineering, search engine optimization tactics, and fraudulently obtained digital certificates to trick users into installing backdoors that grant attackers remote access and control over infected machines.…
-
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat
CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp’s familiar web interface, using social engineering tactics to trick users into compromising their accounts.Investigators identified thousands of malicious URLs First seen on thehackernews.com Jump to article:…
-
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil.”It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to First seen…
-
DoorDash Confirms Data Breach Compromised User Data
Tags: access, attack, breach, cyber, cybersecurity, data, data-breach, finance, social-engineering, unauthorizedDoorDash has publicly disclosed a cybersecurity incident in which an unauthorized third party gained access to specific user information through a targeted social engineering attack against one of the company’s employees. The company confirmed that while personal data was compromised, no sensitive financial information or identification documents were accessed during the breach. The incident represents…
-
DoorDash data breach exposes personal info after social engineering attack
Tags: attack, breach, cybersecurity, data, data-breach, email, phone, social-engineering, unauthorizedDoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. >>Our team recently identified and shut down a cybersecurity incident that involved an unauthorized…
-
DoorDash data breach exposes personal info after social engineering attack
Tags: attack, breach, cybersecurity, data, data-breach, email, phone, social-engineering, unauthorizedDoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. >>Our team recently identified and shut down a cybersecurity incident that involved an unauthorized…
-
AI-Enhanced Tuoni Framework Targets Major US Real Estate Firm
A major US real estate firm has been targeted with an advanced intrusion attempt using Tuoni C2, combining social engineering, steganography and in-memory attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-tuoni-framework-targets-us-real/
-
Iranian Hackers Use SpearSpecter to Target Senior Government Leaders
An Iranian campaign called SpearSpecter is quietly targeting senior officials with tailored social engineering and fileless malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iranian-hackers-use-spearspecter-to-target-senior-government-leaders/
-
AI-Powered Expansion of Pig Butchering Scam Operations
Pig-butchering scams, the sophisticated long-con investment fraud schemes that have plagued millions globally, have reached unprecedented scale through the strategic deployment of artificial intelligence technologies. Once reliant on labor-intensive social engineering, these cybercriminal enterprises now leverage AI-generated identities, automated messaging systems, and deepfake video synthesis to orchestrate operations at an industrial scale, generating estimated annual…
-
Microsoft Entra Invitations Hijacked in Surge of TOAD Phishing Attacks
A newly identified phishing campaign is exploiting Microsoft Entra tenant invitation functionality to orchestrate TOAD (Telephone-Oriented Attack Delivery) attacks against unsuspecting users. Security researchers have uncovered how threat actors are weaponizing legitimate Microsoft Entra features to bypass email filtering and establish initial contact with victims through a deceptive social engineering vector. The campaign operates by…
-
AI-Powered Expansion of Pig Butchering Scam Operations
Pig-butchering scams, the sophisticated long-con investment fraud schemes that have plagued millions globally, have reached unprecedented scale through the strategic deployment of artificial intelligence technologies. Once reliant on labor-intensive social engineering, these cybercriminal enterprises now leverage AI-generated identities, automated messaging systems, and deepfake video synthesis to orchestrate operations at an industrial scale, generating estimated annual…
-
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT.The activity, observed this month, is being tracked by eSentire under the moniker EVALUSION.First spotted in June 2025, Amatera is assessed to be an evolution of ACR (short for “AcridRain”) Stealer, which was available under the…
-
5 key ways attack surface management will evolve in 2026
Tags: access, ai, api, attack, authentication, business, ceo, cloud, control, cyber, cybercrime, cybersecurity, data, deep-fake, defense, email, firewall, identity, incident, infrastructure, intelligence, iot, malicious, network, phishing, risk, risk-assessment, risk-management, service, social-engineering, software, supply-chain, threat, tool, vulnerability, vulnerability-management, zero-trustThe rise of IoT, which has added significantly more devices to networksThe increasing use of APIs and interconnected microservicesThe shift to remote work, which requires incorporating devices and connections from the homeThe seemingly uncontrollable inflation of shadow ITThe move to decentralized infrastructure management and cloud services, which has made the entire IT ecosystem more complicated…
-
DoorDash Hit by Cybersecurity Breach, Millions of Users Potentially Exposed
DoorDash has disclosed a social engineering-driven data breach exposing user contact details in four countries, raising concerns about delayed notification. The post DoorDash Hit by Cybersecurity Breach, Millions of Users Potentially Exposed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-doordash-breach-november-2025/
-
EVALUATION Campaign Using ClickFix Technique to Deploy Amatera Stealer and NetSupport RAT
eSentire’s Threat Response Unit (TRU) has uncovered a sophisticated malware campaign leveraging the ClickFix social engineering technique to distribute Amatera Stealer and NetSupport RAT, targeting cryptocurrency wallets, password managers, and sensitive credentials across multiple platforms. In November 2025, security researchers identified malware campaigns where threat actors deployed ClickFix as an initial access vector to compromise…
-
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials
Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under multiple aliases including APT42, Mint Sandstorm, Educated Manticore, and CharmingCypress, has demonstrated remarkable patience and…
-
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials
Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under multiple aliases including APT42, Mint Sandstorm, Educated Manticore, and CharmingCypress, has demonstrated remarkable patience and…
-
DoorDash hit by data breach after an employee falls for social engineering scam
Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen. First seen on hackread.com Jump to article: hackread.com/doordash-data-breach-employee-social-engineering-scam/

