Tag: social-engineering
-
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat
CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp’s familiar web interface, using social engineering tactics to trick users into compromising their accounts.Investigators identified thousands of malicious URLs First seen on thehackernews.com Jump to article:…
-
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil.”It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to First seen…
-
DoorDash Confirms Data Breach Compromised User Data
Tags: access, attack, breach, cyber, cybersecurity, data, data-breach, finance, social-engineering, unauthorizedDoorDash has publicly disclosed a cybersecurity incident in which an unauthorized third party gained access to specific user information through a targeted social engineering attack against one of the company’s employees. The company confirmed that while personal data was compromised, no sensitive financial information or identification documents were accessed during the breach. The incident represents…
-
DoorDash data breach exposes personal info after social engineering attack
Tags: attack, breach, cybersecurity, data, data-breach, email, phone, social-engineering, unauthorizedDoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. >>Our team recently identified and shut down a cybersecurity incident that involved an unauthorized…
-
DoorDash data breach exposes personal info after social engineering attack
Tags: attack, breach, cybersecurity, data, data-breach, email, phone, social-engineering, unauthorizedDoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. >>Our team recently identified and shut down a cybersecurity incident that involved an unauthorized…
-
AI-Enhanced Tuoni Framework Targets Major US Real Estate Firm
A major US real estate firm has been targeted with an advanced intrusion attempt using Tuoni C2, combining social engineering, steganography and in-memory attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-tuoni-framework-targets-us-real/
-
Iranian Hackers Use SpearSpecter to Target Senior Government Leaders
An Iranian campaign called SpearSpecter is quietly targeting senior officials with tailored social engineering and fileless malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iranian-hackers-use-spearspecter-to-target-senior-government-leaders/
-
AI-Powered Expansion of Pig Butchering Scam Operations
Pig-butchering scams, the sophisticated long-con investment fraud schemes that have plagued millions globally, have reached unprecedented scale through the strategic deployment of artificial intelligence technologies. Once reliant on labor-intensive social engineering, these cybercriminal enterprises now leverage AI-generated identities, automated messaging systems, and deepfake video synthesis to orchestrate operations at an industrial scale, generating estimated annual…
-
Microsoft Entra Invitations Hijacked in Surge of TOAD Phishing Attacks
A newly identified phishing campaign is exploiting Microsoft Entra tenant invitation functionality to orchestrate TOAD (Telephone-Oriented Attack Delivery) attacks against unsuspecting users. Security researchers have uncovered how threat actors are weaponizing legitimate Microsoft Entra features to bypass email filtering and establish initial contact with victims through a deceptive social engineering vector. The campaign operates by…
-
AI-Powered Expansion of Pig Butchering Scam Operations
Pig-butchering scams, the sophisticated long-con investment fraud schemes that have plagued millions globally, have reached unprecedented scale through the strategic deployment of artificial intelligence technologies. Once reliant on labor-intensive social engineering, these cybercriminal enterprises now leverage AI-generated identities, automated messaging systems, and deepfake video synthesis to orchestrate operations at an industrial scale, generating estimated annual…
-
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT.The activity, observed this month, is being tracked by eSentire under the moniker EVALUSION.First spotted in June 2025, Amatera is assessed to be an evolution of ACR (short for “AcridRain”) Stealer, which was available under the…
-
5 key ways attack surface management will evolve in 2026
Tags: access, ai, api, attack, authentication, business, ceo, cloud, control, cyber, cybercrime, cybersecurity, data, deep-fake, defense, email, firewall, identity, incident, infrastructure, intelligence, iot, malicious, network, phishing, risk, risk-assessment, risk-management, service, social-engineering, software, supply-chain, threat, tool, vulnerability, vulnerability-management, zero-trustThe rise of IoT, which has added significantly more devices to networksThe increasing use of APIs and interconnected microservicesThe shift to remote work, which requires incorporating devices and connections from the homeThe seemingly uncontrollable inflation of shadow ITThe move to decentralized infrastructure management and cloud services, which has made the entire IT ecosystem more complicated…
-
DoorDash Hit by Cybersecurity Breach, Millions of Users Potentially Exposed
DoorDash has disclosed a social engineering-driven data breach exposing user contact details in four countries, raising concerns about delayed notification. The post DoorDash Hit by Cybersecurity Breach, Millions of Users Potentially Exposed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-doordash-breach-november-2025/
-
EVALUATION Campaign Using ClickFix Technique to Deploy Amatera Stealer and NetSupport RAT
eSentire’s Threat Response Unit (TRU) has uncovered a sophisticated malware campaign leveraging the ClickFix social engineering technique to distribute Amatera Stealer and NetSupport RAT, targeting cryptocurrency wallets, password managers, and sensitive credentials across multiple platforms. In November 2025, security researchers identified malware campaigns where threat actors deployed ClickFix as an initial access vector to compromise…
-
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials
Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under multiple aliases including APT42, Mint Sandstorm, Educated Manticore, and CharmingCypress, has demonstrated remarkable patience and…
-
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials
Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under multiple aliases including APT42, Mint Sandstorm, Educated Manticore, and CharmingCypress, has demonstrated remarkable patience and…
-
DoorDash hit by data breach after an employee falls for social engineering scam
Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen. First seen on hackread.com Jump to article: hackread.com/doordash-data-breach-employee-social-engineering-scam/
-
Agentic AI opens door to new ID challenges: Report
Tags: access, ai, api, attack, awareness, best-practice, breach, cloud, control, credentials, cyber, cyberattack, data, defense, email, exploit, governance, group, iam, identity, incident, infrastructure, network, phishing, resilience, risk, social-engineering, software, strategy, technology, threat, tool, training, vulnerability, zero-trustIdentity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, the result is a surge of both non-human identities (NHIs) and agentic identities.Key findings revealed:89% of organizations have “fully or partially incorporated AI agents into their identity infrastructure, and an additional 10% have plans to.”Of those polled, 58% estimate that, in the next 12 months, half…
-
Agentic AI opens door to new ID challenges: Report
Tags: access, ai, api, attack, awareness, best-practice, breach, cloud, control, credentials, cyber, cyberattack, data, defense, email, exploit, governance, group, iam, identity, incident, infrastructure, network, phishing, resilience, risk, social-engineering, software, strategy, technology, threat, tool, training, vulnerability, zero-trustIdentity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, the result is a surge of both non-human identities (NHIs) and agentic identities.Key findings revealed:89% of organizations have “fully or partially incorporated AI agents into their identity infrastructure, and an additional 10% have plans to.”Of those polled, 58% estimate that, in the next 12 months, half…
-
UK authorities propose law to set minimum cyber standards for critical sectors
The legislation follows a wave of social engineering attacks that rocked the nation’s retail and automotive supply chains. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/uk-authorities-law-cyber-standards-critical-sectors/805416/
-
UK authorities propose law to set minimum cyber standards for critical sectors
The legislation follows a wave of social engineering attacks that rocked the nation’s retail and automotive supply chains. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/uk-authorities-law-cyber-standards-critical-sectors/805416/
-
New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware
Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms. The campaign demonstrates how threat actors are exploiting legitimate search queries for cracked software to deliver devastating payloads that compromise user credentials and sensitive data.paste.txt”‹ The infection chain begins when users…
-
Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
5Critical 58Important 0Moderate 0Low Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild. Microsoft patched 63 CVEs in its November 2025 Patch Tuesday release, with five rated critical, and 58 rated as important. This month’s update includes patches for: Azure Monitor Agent Customer Experience Improvement Program (CEIP) Dynamics 365 Field…
-
Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity
Cybercriminals are weaponizing AI voice cloning and publicly available data to craft social engineering scams that emotionally manipulate senior citizens”, and drain billions from their savings. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/grandparents-to-c-suite-elder-fraud-reveals-gaps-in-human-centered-cybersecurity
-
North Korean hackers exploit Google’s safety tools for remote wipe
The social engineering link: The threat continues beyond device wiping, with attackers distributing malware by compromising KakaoTalk accounts of trusted contacts.GSC found that malicious files disguised as “stress-relief programs” were sent to close contacts via the messenger. “Among the victims was a professional psychological counselor who supports North Korean defector youths during resettlement by addressing…
-
North Korean hackers exploit Google’s safety tools for remote wipe
The social engineering link: The threat continues beyond device wiping, with attackers distributing malware by compromising KakaoTalk accounts of trusted contacts.GSC found that malicious files disguised as “stress-relief programs” were sent to close contacts via the messenger. “Among the victims was a professional psychological counselor who supports North Korean defector youths during resettlement by addressing…
-
Download: Strengthening Identity Security whitepaper
Identity threats are escalating. Attackers increasingly exploit compromised credentials, often undetected by organizations, and use social engineering to gain access. Most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/10/download-strengthening-identity-security-whitepaper/
-
Download: Strengthening Identity Security whitepaper
Identity threats are escalating. Attackers increasingly exploit compromised credentials, often undetected by organizations, and use social engineering to gain access. Most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/10/download-strengthening-identity-security-whitepaper/
-
»AI Threat Tracker«: So nutzen Bedrohungsakteure KI
Angreifer nutzen KI nicht mehr nur zur Steigerung ihrer Produktivität, sondern experimentieren mit neuen Funktionen und Szenarien. Es gibt erstmals Malware-Familien, die während der Ausführung Large Language Models (LLMs) verwenden. Bedrohungsakteure verwenden Social-Engineering-Methoden, um Sicherheitsvorkehrungen von KI-Tools zu umgehen. Staatlich geförderte Akteure nutzen KI, um alle Phasen ihrer Aktivitäten zu verbessern. Der Untergrund-Markt für illegale……
-
Saturday Security: Three Breaches, Three Lessons and How Attackers Keep Adapting
Tags: backup, breach, cloud, data, data-breach, espionage, service, social-engineering, tactics, theftThis week, three very different data breaches proved one thing: no sector is safe. From nation-state espionage to data theft to social engineering, the tactics vary, but the results are the same: exposed data, shaken trust, and hard lessons. Here’s what happened: ðŸ, ’ SonicWall, A nation-state actor breached its cloud backup service, stealing… First…