Tag: social-engineering
-
GenAI-Infrastruktur anfällig für Cyberattacken
Chatbot-Assistenten in Unternehmen sind besonders verwundbar, da sie durch Prompt-Injection-Angriffe manipuliert werden können.In einer Umfrage der Marktanalysten von Gartner berichten 29 Prozent der Cybersicherheitsverantwortlichen, dass die in ihrer Organisation verwendeten generativen KI-Anwendungen in den vergangenen zwölf Monaten Ziel eines Cyberangriffs war.Bei 32 Prozent der Unternehmen wurden gezielt Schwachstellen in der Prompt-Struktur ausgenutzt. ‘Insbesondere Chatbot-Assistenten gelten…
-
GenAI-Infrastruktur anfällig für Cyberattacken
Chatbot-Assistenten in Unternehmen sind besonders verwundbar, da sie durch Prompt-Injection-Angriffe manipuliert werden können.In einer Umfrage der Marktanalysten von Gartner berichten 29 Prozent der Cybersicherheitsverantwortlichen, dass die in ihrer Organisation verwendeten generativen KI-Anwendungen in den vergangenen zwölf Monaten Ziel eines Cyberangriffs war.Bei 32 Prozent der Unternehmen wurden gezielt Schwachstellen in der Prompt-Struktur ausgenutzt. ‘Insbesondere Chatbot-Assistenten gelten…
-
Researchers Map Links Between Major Hacker Groups: LAPSUS$, Scattered Spider, ShinyHunters
A loosely connected cybercrime supergroup is exploiting social engineering to compromise Fortune 100 organizations and government agencies. LAPSUS$, Scattered Spider, and ShinyHunters”, three of the most notorious English-speaking cybercrime groups”, have increasingly blurred their lines through shared tactics, overlapping membership, and joint public channels. From 2023 through 2025, evidence has emerged of direct collaboration on…
-
Researchers Map Links Between Major Hacker Groups: LAPSUS$, Scattered Spider, ShinyHunters
A loosely connected cybercrime supergroup is exploiting social engineering to compromise Fortune 100 organizations and government agencies. LAPSUS$, Scattered Spider, and ShinyHunters”, three of the most notorious English-speaking cybercrime groups”, have increasingly blurred their lines through shared tactics, overlapping membership, and joint public channels. From 2023 through 2025, evidence has emerged of direct collaboration on…
-
COLDRIVER APT Group Uses ClickFix to Deliver New PowerShell-Based Backdoor BAITSWITCH
Tags: apt, backdoor, blizzard, credentials, cyber, group, malware, phishing, powershell, russia, social-engineering, threat, toolRussia-linked threat actors continue targeting civil society with sophisticated social engineering campaigns and lightweight malware tools in September 2025. The campaign delivers two previously undocumented malware families: a downloader dubbed BAITSWITCH and a PowerShell-based backdoor named SIMPLEFIX. COLDRIVER, also tracked as Star Blizzard, Callisto, and UNC4057, has historically focused on credential phishing campaigns against NGOs, think tanks, journalists,…
-
COLDRIVER APT Group Uses ClickFix to Deliver New PowerShell-Based Backdoor BAITSWITCH
Tags: apt, backdoor, blizzard, credentials, cyber, group, malware, phishing, powershell, russia, social-engineering, threat, toolRussia-linked threat actors continue targeting civil society with sophisticated social engineering campaigns and lightweight malware tools in September 2025. The campaign delivers two previously undocumented malware families: a downloader dubbed BAITSWITCH and a PowerShell-based backdoor named SIMPLEFIX. COLDRIVER, also tracked as Star Blizzard, Callisto, and UNC4057, has historically focused on credential phishing campaigns against NGOs, think tanks, journalists,…
-
Hackers Using SVG Files to Deliver Malicious Payloads
A recent malware campaign making the rounds in Latin America offers a stark example of how cybercriminals are evolving and finetuning their playbooks. Victims receive emails dressed up to look as though they come from trusted institutions, warning of lawsuits or court summons. This tried-and-tested social-engineering tactic exploits urgency to trick recipients into clicking links…
-
Hackers Exploit GitHub Notifications to Launch Phishing Attacks
Tags: attack, credentials, cyber, cybercrime, cybersecurity, email, exploit, github, hacker, malicious, open-source, phishing, social-engineeringCybersecurity researchers have uncovered a new phishing campaign that exploits GitHub’s official notification system to deliver malicious links and credential-stealing payloads. By capitalizing on the trust that open-source contributors place in GitHub’s communication channels, cybercriminals are able to bypass traditional email filters and social engineering defenses. The campaign begins with an email that closely mimics…
-
Social engineering campaigns highlight the ability to exploit human behavior
A report by S&P says organizations should consider changes to strengthen cyber governance, training and awareness.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/social-engineering-campaigns-highlight-the-ability-to-exploit-human-behavio/760747/
-
FileFix Campaign Uses Facebook Suspension as Bait
Users Download Malware in Bid to Placate Meta. A newly surfaced FileFix social engineering campaign puts a new spin on ClickFix attacks by goading users into loading malware under the guise of reporting a wrongful account suspension to social media giant Facebook. Victims likely get sucked into the scam by following a link from a…
-
Human Factor Keeps Supply Chains Exposed to Cyberattacks
Kinly CISO Don Gibson on Overlooked Social Engineering Threats and Human Error. Supply chain attacks have evolved into a major entry point for adversaries, but their success still hinges on human error. Kinly CISO Don Gibson says organizations must strengthen processes to reduce risks from overlooked social engineering and human factors in supplier relationships. First…
-
New FileFix Steganography Campaign Spreads StealC Malware
A sophisticated new campaign that represents the first documented real-world deployment of FileFix attacks beyond proof-of-concept demonstrations. This campaign marks a significant evolution in social engineering tactics, combining advanced steganographic techniques with multilayered obfuscation to deliver the StealC information stealer through an innovative attack vector that builds upon the notorious ClickFix methodology. Researchers from Acronis’…
-
Jaguar Land Rover extends production delay following cyberattack
A hacker group linked to multiple social-engineering attacks has claimed credit for the intrusion. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/jaguar-land-rover-production-delay-cyberattack/760254/
-
New FileFix attack uses steganography to drop StealC malware
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-filefix-attack-uses-steganography-to-drop-stealc-malware/
-
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware.”The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad First seen on…
-
New Maranhão Stealer Targets Users Through Pirated Software and Cloud Services
A sophisticated new information-stealing malware campaign dubbed Maranhão Stealer has emerged, targeting gaming enthusiasts through malicious pirated software distributed via cloud-hosted platforms. The campaign, first identified by security researchers in May 2025, represents a concerning evolution in credential theft operations, combining social engineering tactics with advanced evasion techniques to compromise user accounts and cryptocurrency wallets. The Maranhão…
-
Neues Phishing-Framework stiehlt Login-Daten von Microsoft und Google
Tags: access, authentication, business, captcha, computing, credentials, cyberattack, email, endpoint, framework, google, infrastructure, intelligence, login, mail, mfa, microsoft, okta, passkey, password, phishing, risk, sans, service, social-engineering, spam, threat, toolDer Phishing-Dienst VoidProxy nutzt fortschrittliche Techniken wie Adversary-in-the-Middle, um Anmeldedaten zu stehlen.Das Threat-Intelligence-Team des Security-Anbieters Okta hat kürzlich eine Phishing-Kampagne namens VoidProxy entdeckt, die die Multi-Faktor-Authentifizierung (MFA) aushebelt. ‘Der Phishing-Dienst kann den Schutz mehrerer gängiger Verifizierungsmethoden, wie zum Beispiel SMS-Codes und Einmalpasswörter (OTP) aus Authentifizierungs-Apps umgehen”, mahnen die Sicherheitsspezialisten.Die Angreifer haben es demnach auf Unternehmen…
-
5 trends reshaping IT security strategies today
Tags: advisory, ai, application-security, attack, authentication, business, ciso, cloud, cyberattack, cybersecurity, data, detection, finance, identity, infrastructure, intelligence, monitoring, resilience, risk, service, social-engineering, software, strategy, supply-chain, technology, threat, tool2. AI-enabled attacks emerging to amplify business risks: CISOs now rank AI-powered cyberattacks as their top concern, cited by 80% of CISOs in a survey by Boston Consulting Group. That’s in contrast to a year ago when CISOs put AI-powered attacks at No. 4 on their list of top concerns.Adversaries are using generative AI for…
-
VoidProxy phishing-as-a-service operation steals Microsoft, Google login credentials
Tags: 2fa, access, ai, attack, authentication, awareness, breach, credentials, cybersecurity, data, defense, email, endpoint, finance, google, Hardware, infrastructure, login, mfa, microsoft, monitoring, okta, passkey, password, phishing, risk, sans, service, social-engineering, theft, tool, trainingCredentials go to adversary-in-the-middle server: If a victim is unwise enough to enter their primary Microsoft or Google credentials on the phishing page, the data is sent to VoidProxy’s core AitM proxy server. It’s here that the sophisticated, multi-layered nature of VoidProxy comes into play, says Okta.Federated users are redirected to additional second-stage landing pages…
-
Financial Firms Elevate Cyber Resilience Under Pressure
Barclays’ Becky Pinkard on Regulation, Containment, Leadership and AI. Regulatory pressure has made cyber resilience an operational necessity. Becky Pinkard, managing director, global cyber operations at Barclays, discusses how social engineering, containment strategies, leadership practices and automation shape stronger defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/financial-firms-elevate-cyber-resilience-under-pressure-a-29432
-
Why domain-based attacks will continue to wreak havoc
Tags: access, ai, apple, attack, authentication, breach, business, cisa, cisco, cloud, control, crowdstrike, cyber, cybercrime, cybersecurity, data, deep-fake, defense, detection, dkim, dmarc, dns, edr, email, endpoint, exploit, firewall, infrastructure, leak, linkedin, login, malicious, malware, network, phishing, ransomware, risk, service, soc, social-engineering, tactics, threat, tool, training, unauthorized, vulnerabilityWebsite spoofing, where pseudo-sites are designed to trick visitors into believing they are on the real site.Domain spoofing, when the URL mimics the URL of the real site.Email domain phishing, which involves messages sent from legit-looking email domains to trick people into clicking on dangerous links or open malicious attachments.DNS hijacking redirects traffic from legitimate…
-
Hackers Reap Minimal Gains from Massive npm Supply Chain Breach
On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious releases for several widely-used packages, most notably debug, chalk, and dozens of related dependencies. Within two hours of the…
-
Menschenzentrierte Cybersicherheit gewinnt an Bedeutung
Tags: ai, awareness, ciso, cyersecurity, deep-fake, gartner, mail, monitoring, password, phishing, risk, risk-management, social-engineering, threat, tool, trainingLesen Sie, worauf es beim Human Risk Management ankommt.Die Rolle des CISO in Unternehmen hat sich stark gewandelt, vom Cybersicherheitsexperten mit Technikfokus hin zu einem Manager von Mensch und Maschine. Gerade diese Kompetenzen sind insbesondere essentiell, um größten Cybersicherheitsrisiken zu reduzieren. Immer wieder nutzen Cyberkriminelle Social Engineering und somit menschliches Handeln, um Unternehmen effektiv zu…
-
KI-Vishing Wenn eine bekannte Stimme zum Sicherheitsrisiko wird
Künstliche Intelligenz verändert die Bedrohungslage im Bereich Social-Engineering grundlegend insbesondere durch sogenanntes Voice-Phishing, kurz Vishing. Bei dieser Methode inszenieren Cyberkriminelle mit KI-generierten Stimmen täuschend echte Anrufe, um Mitarbeiter zu Zahlungen oder zur Herausgabe sensibler Informationen zu bewegen. Wenn KI die Stimme von Vorgesetzten imitiert Die Methode ist ebenso raffiniert wie gefährlich: Angreifer nutzen […] First…
-
APT37 Targets Windows with Rust Backdoor and Python Loader
Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windowsIntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
-
APT37 Targets Windows with Rust Backdoor and Python Loader
Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windowsIntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
-
APT37 Targets Windows with Rust Backdoor and Python Loader
Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windowsIntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
-
Lazarus APT Deploys ClickFix Technique to Exfiltrate Sensitive Intelligence Data
The notorious Lazarus APT group, suspected of having Northeast Asian origins and internally tracked as APT-Q-1 by Qi’anxin, has evolved its attack methodologies by incorporating the sophisticated ClickFix social engineering technique into their cyber espionage operations. This development represents a significant escalation in the group’s capabilities to deceive victims and steal sensitive intelligence data through…
-
Cyberkrimineller Arbeitsmarkt: Warnendes Indiz für Angriffszunahme mittels Social Engineering
Tags: social-engineeringFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/cyberkriminelle-arbeitsmarkt-warnung-indiz-zunahme-angriffe-social-engineering
-
You should be aware of these latest social engineering trends
It’s raining (phishing) emails: Unlike other attacks in the cybersecurity landscape, social engineering does not focus on exploiting vulnerabilities in code or network architecture. Instead, it exploits human behavior, which is often the weakest link in the security chain. And stress on an already busy day is an extremely effective trigger.The following examples show how…

