Tag: social-engineering
-
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…
-
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/attackers-livechat-phish-credit-card-personal-data
-
Social-Engineering im KI-Zeitalter
Der Aufstieg von GenAI hat Social-Engineering und Phishing auf ein neues Niveau gehoben. Was früher manuelle Arbeit erforderte, kann nun in Sekundenschnelle generiert werden. Die Folge sind perfekt personalisierte Nachrichten, geklonte Stimmen von beispielsweise Führungskräften und sogar realistische Video-Imitationen. Deepfake-Vorfälle haben sich bereits von einer Online-Kuriosität zu einem echten Geschäftsrisiko entwickelt, welches weltweit zu finanziellen…
-
ClickFix techniques evolve in new infostealer campaigns
Tags: api, attack, communications, control, credentials, data, data-breach, detection, encryption, framework, github, group, intelligence, iran, korea, lazarus, login, microsoft, north-korea, russia, social-engineering, threat, windows, wordpressNew payloads: The DoubleDonut Loader was observed delivering a new variant of Vidar Stealer, a well-known infostealer, that uses a dead drop resolver technique to retrieve its command-and-control configuration and dynamic API resolution.In addition to Vidar, two previously undocumented infostealers have been observed, one written in .NET and one in C++. Rapid7 has named these…
-
Attackers Exploit Teams, Quick Assist to Deploy Stealthy A0Backdoor
Attackers are evolving a well-known Microsoft Teams and Quick Assist social-engineering playbook to install a new, stealthy backdoor dubbed A0Backdoor. The campaign closely mirrors activity previously attributed to Blitz Brigantine (also tracked as Storm”‘1811), a financially motivated group tied to Black Basta and Cactus ransomware operations. The intrusion begins with email bombing, where victims’ inboxes are…
-
9 von 10 CISOs fürchten, dass Agentic AI Social-Engineering-Angriffe gefährlicher macht
89 Prozent der deutschen CISOs sehen durch agentische KI eine neue Qualität von Social-Engineering-Bedrohungen, während KI zugleich immer stärker zur Aufklärung von Security”‘Incidents eingesetzt wird. Der neue Splunk CISO”‘Report 2026 zeigt, dass die Rolle der CISOs komplexer wird, persönliche Haftungsrisiken steigen und Burn”‘out in Sicherheitsteams ein zentrales Problem ist. Gleichzeitig entwickelt sich Cybersicherheit zunehmend zum……
-
Kleinanzeigen-Betrug: Geschicktes Social Engineering statt „was letzte Preis?” so schützt man sich
First seen on t3n.de Jump to article: t3n.de/news/kleinanzeigen-betrug-geschicktes-social-engineering-statt-was-letzte-preis-so-schuetzt-man-sich-1733796/
-
China-nexus Threat Actor Targets Persian Gulf Region With PlugX
IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
-
MacOS-Nutzer verstärkt im Visier von Social-Engineering-Attacken
Sophos-X-Ops stellt einen Anstieg von Clickfix- und Infostealer-Kampagnen für das Betriebssystem MacOS fest und verzeichnet neue Techniken sowohl bei den Ködern als auch bei den Malware-Fähigkeiten. Clickfix ist eine zunehmend verbreitete Social-Engineering-Technik, mit der Angreifer die Anwender dazu verleiten, schädliche Software auf ihren Geräten zu installieren. Im Gegensatz zu herkömmlichen, Exploit-basierten Angriffen basiert diese Methode…
-
AI-Driven Phishing Attacks Bypass Email Filters, Land in Inboxes
AI-generated phishing is rapidly reshaping email risk, with more attacks slipping past filters and landing directly in users’ inboxes, even though AI-generated emails remain a minority of total phishing. The human element remains central: 68% of breaches involve people, and 8095% of those begin with phishing, making social engineering the dominant breach vector. Phishing volume…
-
New ClickFix Attacks Target macOS Users with MacSync Infostealer
A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
-
New ClickFix Attacks Target macOS Users with MacSync Infostealer
A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
-
89 Prozent der deutschen CISOs fürchten, dass Agentic-AI Social-Engineering-Angriffe gefährlicher macht
Cisco veröffentlicht den neuen Splunk CISO-Report 2026: Vom Risiko zur Resilienz im KI-Zeitalter, für den weltweit 650 CISOs befragt wurden davon 60 aus Deutschland. Der Report beleuchtet die sich schnell verändernde Rolle der CISOs, ihr strategisches Vorgehen bei der KI-Einführung und ihr kontinuierliches Engagement für IT-Fachkräfte inmitten zunehmend komplexer Bedingungen. ‘CISOs befinden sich im […]…
-
Did cybersecurity recently have its Gatling gun moment?
Tags: ai, attack, automation, cyber, cyberattack, cybercrime, cybersecurity, defense, detection, email, endpoint, government, hacker, intelligence, LLM, malicious, malware, phishing, ransomware, siem, social-engineering, spear-phishing, strategy, tactics, threat, tool, update, vulnerability, warfareinflection point. Both emblematic of an irreversible tipping point, where the nature of conflict was altered by its sudden asymmetry.The Gatling gun is the perfect analogy for the current cyber landscape. Just as it transformed warfare from a manual craft into an industrial process, modern threats have shifted from individual attacks to automated, high-velocity engagements.Here…
-
12 ways attackers abuse cloud services to hack your enterprise
Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, toolHiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
-
Jack & Jill went up the hill, and an AI tried to hack them
get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
-
Jack & Jill went up the hill, and an AI tried to hack them
get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
-
Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out!
Tags: access, ai, apt, attack, cloud, credentials, cybersecurity, data, email, exploit, extortion, google, incident response, injection, intelligence, LLM, metric, phishing, ransomware, rce, remote-code-execution, saas, service, social-engineering, software, theft, threat, vulnerability, zero-dayThis is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).…
-
Threat intelligence by ESET is a game changer
Tags: ai, business, ciso, cybersecurity, data, detection, edr, exploit, identity, india, intelligence, phishing, service, social-engineering, threat, vulnerability, zero-dayThe Advent of AI Ransomware detections in India surged by 70% between the second half of 2024 and the first half of 2025 as per ESET’s Telemetry. Phishing remains the most prevalent cyberthreat affecting Indian users, underscoring the ongoing need for vigilance and education around social engineering tactics.Attacks are increasing on edge systems and appliances as…
-
Teams Social Engineering Campaign Drops A0Backdoor Malware
Attackers are using Microsoft Teams impersonation to deliver A0Backdoor malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teams-social-engineering-campaign-drops-a0backdoor-malware/
-
Wenn Phishing plötzlich perfekt klingt: KI hebt Social Engineering auf ein neues Level
Der Fokus verschiebt sich deutlich: Nicht mehr der sprachliche Fehler verrät den Angriff sondern die dahinterliegende Manipulationsstrategie. Neben überzeugenden Texten nutzen Angreifer zunehmend technische Tricks, um ihre Kampagnen noch glaubwürdiger zu machen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-phishing-ploetzlich-perfekt-klingt-ki-hebt-social-engineering-auf-ein-neues-level/a44060/
-
Fighting Fire with Fire: AI-Assisted Microsegmentation to Combat AI-Enabled Hackers
Thanks to GenAI, cyberattacks are coming faster and harder than ever before. The IC3 consortium at MIT Sloan warns that: “AI is being used regularly in cyberattacks to create malware, phishing campaigns, and deepfake-driven social engineering, such as fake customer service calls. Large language models are being employed to generate code and phishing content. There……
-
Geheimdienste warnen: Spione kapern reihenweise Signal- und Whatsapp-Konten
Tags: social-engineeringDie Angreifer geben sich häufig als Support-Mitarbeiter aus und versuchen, per Social Engineering in Signal- und Whatsapp-Konten einzudringen. First seen on golem.de Jump to article: www.golem.de/news/geheimdienste-warnen-spione-kapern-reihenweise-signal-und-whatsapp-konten-2603-206293.html
-
How Piggybacking Attacks Threaten Organizational Security?
Organizations invest heavily in advanced cybersecurity technologies such as endpoint detection, identity access management, zero trust architecture, and continuous monitoring. However, a significant number of security incidents still originate from physical security weaknesses rather than purely digital vulnerabilities. Such often overlooked threats are piggybacking attacks. It is a social engineering and physical access attack technique……
-
When AI safety constrains defenders more than attackers
Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerabilityThe attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
-
When AI safety constrains defenders more than attackers
Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerabilityThe attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
-
How Piggybacking Attacks Threaten Organizational Security?
Organizations invest heavily in advanced cybersecurity technologies such as endpoint detection, identity access management, zero trust architecture, and continuous monitoring. However, a significant number of security incidents still originate from physical security weaknesses rather than purely digital vulnerabilities. Such often overlooked threats are piggybacking attacks. It is a social engineering and physical access attack technique……
-
How Piggybacking Attacks Threaten Organizational Security?
Organizations invest heavily in advanced cybersecurity technologies such as endpoint detection, identity access management, zero trust architecture, and continuous monitoring. However, a significant number of security incidents still originate from physical security weaknesses rather than purely digital vulnerabilities. Such often overlooked threats are piggybacking attacks. It is a social engineering and physical access attack technique……
-
GhostClaw Masquerades as OpenClaw in Bid to Plunder Developer Data
A malicious npm package, @openclaw-ai/openclawai, that impersonates the legitimate OpenClaw CLI while quietly deploying a full-featured infostealer and RAT against developers’ machines. Internally branded “GhostLoader,” this threat combines polished social engineering, encrypted payload delivery, and long”‘term persistence to exfiltrate almost every valuable secret a developer holds from SSH keys and cloud credentials to AI agent […]…
-
Social-Engineering-Angriffe auf Basis künstlicher Intelligenz gewinnen rasant an Bedeutung
Künstliche Intelligenz verändert die Bedrohungslandschaft grundlegend, besonders im Bereich Social-Engineering. Was früher oft an auffälligen Rechtschreibfehlern, unnatürlichen Formulierungen oder erkennbaren Manipulationen zu durchschauen war, wirkt heute professionell, individuell zugeschnitten und nahezu fehlerfrei. Texte, Stimmen und sogar Videos lassen sich innerhalb weniger Minuten täuschend echt erstellen. Das macht betrügerische Kontaktaufnahmen glaubwürdiger und erhöht das Risiko für…