Tag: social-engineering
-
Hackers Use AI-Generated Summaries to Deliver Ransomware Payloads
Tags: ai, cyber, cybercrime, email, hacker, injection, malicious, ransomware, social-engineering, strategy, toolCybercriminals have unveiled a novel variation of the ClickFix social engineering technique that weaponizes AI-powered summarization tools to stealthily distribute ransomware instructions. By leveraging invisible prompt injection and a “prompt overdose” strategy, attackers embed malicious directives within hidden HTML elements that AI summarizers in email clients, browser extensions, and productivity platforms faithfully reproduce in their…
-
Social Engineering: Krypto-Anleger verliert Bitcoin im Wert von 90 Millionen USD
Betrüger haben einen Krypto-Anleger um ein Vermögen gebracht. Der Geschädigte ist nun um 783 Bitcoin ärmer. Das Geld sieht er wohl nie wieder. First seen on golem.de Jump to article: www.golem.de/news/social-engineering-krypto-anleger-verliert-bitcoin-im-wert-von-90-millionen-usd-2508-199488.html
-
Ransomware-Report Q2 2025 von Coveware – Mehr Social Engineering und höhere Lösegeldsummen
First seen on security-insider.de Jump to article: www.security-insider.de/loesegeldzahlungen-steigerung-q2-2025-coveware-a-36f8ed642f1cd875192449746b155500/
-
ClickFix Exploit Emerges: Microsoft Flags Cross-Platform Attacks Targeting Windows and macOS
Tags: attack, cyber, exploit, intelligence, macOS, malicious, microsoft, social-engineering, threat, windowsMicrosoft Threat Intelligence has spotlighted the escalating adoption of the ClickFix social engineering technique, a sophisticated method that manipulates users into executing malicious commands on their devices, bypassing traditional automated security defenses. Observed since early 2024, this tactic has targeted thousands of enterprise and end-user systems daily, delivering payloads such as Lumma Stealer infostealers, remote…
-
The new battleground for CISOs is human behavior
Attackers don’t always need a technical flaw. More often, they just trick your people. Social engineering works, and AI makes it harder to catch.” Only about one in four … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/22/social-engineering-threats-2025/
-
The Triple Threats CISOs cannot ignore: A Perfect Storm of Digital Frontlines, Dark AI and Quantum Leaps
Tags: ai, ciso, computer, computing, corporate, cyber, cybersecurity, data, deep-fake, email, encryption, firewall, fraud, governance, incident response, intelligence, malicious, penetration-testing, phishing, resilience, risk, scam, service, siem, soc, social-engineering, technology, threat, tool, training, vulnerabilityAdrian Hia, Managing Director for Asia Pacific at Kaspersky.Smart Security Operations Centers (SOCs) that leverage AI and real-time analytics to monitor, respond, and adapt to these complex new threats are critical. Adrian Hia further shared, “When incidents occur, response becomes critical. Every minute equates to dollars lost. organisations in Southeast Asia are increasingly relying on…
-
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages
Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3.Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which is…
-
Drittanbieter-Tools ohne PAM können zu gefährlichen Einstiegspunkten für Cyberkriminelle werden
Die Datenpanne bei Workday ist ein perfektes Beispiel für das anhaltende und wachsende Risiko, das von Social-Engineering-Angriffstaktiken auf Drittanbieterplattformen ausgeht. Die Situation spiegelt einen beunruhigenden Trend bei Anbietern von Unternehmenssoftware wider und scheint mit einer breiteren Welle jüngster Angriffe verbunden zu sein, die in ähnlicher Weise CRM-Systeme mehrerer globaler Unternehmen über ausgefeilte Social-Engineering- und OAuth-basierte…
-
Prepping the Front Line for MFA Social Engineering Attacks
Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest security assets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/prepping-front-line-mfa-social-engineering-attacks
-
Prepping the Front Line for MFA Social Engineering Attacks
Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest security assets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/prepping-front-line-mfa-social-engineering-attacks
-
URL-based threats become a go-to tactic for cybercriminals
Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/21/phishing-url-based-threats/
-
Workday Hit by Social Engineering Attack, Third-Party Data Exposed
Workday’s recent data breach might be tied to ShinyHunters, a group accused of exploiting Salesforce CRM at firms like Google, Adidas, Qantas, and Louis Vuitton. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-workday-data-breach-august/
-
Threat Actors Impersonate as Google Support to Sniff Out Your Login Credentials
Threat actors are posing as Google support agents in an increasing number of complex social engineering attacks in order to take advantage of account recovery tools and obtain user credentials without authorization. These campaigns leverage legitimate-looking communication channels, such as spoofed phone numbers associated with Google’s official contact information, to build credibility and manipulate victims…
-
Workday Discloses Data Breach Following CRM-Targeted Social Engineering Attack
Workday, a leading provider of human resources and financial management software, has confirmed that it fell victim to a data breach stemming from a social engineering attack targeting a third-party Customer Relationship Management (CRM) system. According to the company, the breach did not impact its customer tenants or the secure data therein; instead, the compromised…
-
Phishing 2025: URLs als größte Gefahr für Nutzer
Das Cybersecurity-Unternehmen Proofpoint hat in seinem ‘Human Factor Report 2025″ alarmierende Entwicklungen im Bereich Phishing und Social Engineering dokumentiert. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-urls-gefahr-fuer-nutzer
-
Hackers target Workday in social engineering attack
Researchers cite increasing evidence of collaboration between Scattered Spider and the cybercrime group ShinyHunters in the campaign. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-target-workday-in-social-engineering-attack/758095/
-
ClickFix Phishing Attacks Surge Nearly 400% in Just One Year
Phishing evolves: ClickFix attacks jump 400% in a year while quishing rises, proving criminals favor social engineering over malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/clickfix-phishing-surges-2025/
-
ShinyHunters strike again: Workday breach tied to Salesforce-targeted social engineering wave
Social engineering jackpot for ShinyHunters: The Workday breach slots into a much larger pattern of attacks exploiting Salesforce instances across multiple industries. Reports attribute the campaign to ShinyHunters, the notorious BreachForums admin, whom Google was tracking as UNC6040 when it first disclosed the campaign.Victims include Google itself, which said attackers accessed a Salesforce environment in…
-
Workday: Datenleck bei großem Cloud-Softwarekonzern
Cyberkriminelle sind per Social Engineering in eine CRM-Plattform eingedrungen. Workday ist nur einer von vielen betroffenen Konzernen. First seen on golem.de Jump to article: www.golem.de/news/workday-datenleck-bei-grossem-cloud-softwarekonzern-2508-199297.html
-
Workday hit in wave of social engineering attacks
A campaign of voice-based social engineering attacks targeting users of Salesforce’s services appears to have struck HR platform Workday First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366629343/Workday-hit-in-wave-of-social-engineering-attacks
-
Workday hit by social engineering data breach targeting its CRM platform
The human resources software company Workday announced that some customer information was obtained in a social engineering attack. First seen on therecord.media Jump to article: therecord.media/workday-social-engineering-data-breach
-
Ransomware-Gruppe Interlock zielt auf Command-andInfrastruktur bei deutschen Hosting-Providern
Arctic Wolf Labs, das Threat-Research-Team von Arctic Wolf, hat am 15. August 2025 eine aktualisierte Analyse zur Ransomware-Gruppe Interlock veröffentlicht. Der Akteur setzt auf neue Social-Engineering-Taktiken (ClickFix/FileFix) und zielt häufig auf virtuelle Umgebungen ab. Besonders relevant: Arctic Wolf identifizierte neue Indikatoren für eine Kompromittierung (IOCs) aus eigener Telemetrie, darunter Command-and-Control-Infrastruktur bei deutschen Hosting-Providern (z.B. 168.119.96[.]41).…
-
HR giant Workday discloses data breach after Salesforce attack
Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hr-giant-workday-discloses-data-breach-amid-salesforce-attacks/
-
Workday Data Breach Exposes HR Records via Third-Party CRM Hack
Tags: access, breach, cyber, data, data-breach, risk, security-incident, social-engineering, software, supply-chain, unauthorizedEnterprise software giant Workday has disclosed a security incident involving unauthorized access to employee information through a compromised third-party customer relationship management (CRM) platform. The breach, discovered as part of a broader social engineering campaign targeting multiple large organizations, has raised concerns about supply chain security risks in the enterprise software sector. Incident Details and…
-
HR giant Workday discloses data breach amid Salesforce attacks
Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hr-giant-workday-discloses-data-breach-amid-salesforce-attacks/
-
Scattered Spider and ShinyHunters’ Next Move: Leaking Data
Extortionists Detail Fresh Victims, Although Sensitivity of Stolen Data Unclear. Extortionists tied to the Scattered Spider and ShinyHunters hacking collectives have begun naming victims and leaking data via a new, dedicated Telegram channel. Many of the breaches appear to trace to social engineering attacks that gained attackers access to a victim’s Salesforce instance. First seen…
-
ClickFix macOS Malware Targets User Login Credentials
Security researchers have identified a new malware campaign targeting macOS users through a sophisticated ClickFix technique that combines phishing and social engineering to steal cryptocurrency wallet details, browser credentials, and sensitive personal data. The Odyssey Stealer malware, discovered by X-Labs researchers in August 2025, represents an evolution of earlier ClickFix attacks that previously focused on…
-
Social Engineering laut Unit 42 Haupteinfallstor 2025
Tags: social-engineeringFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/social-engineering-forschung-unit-42-haupteinfallstor-2025
-
Tips to Protect Yourself on LinkedIn from Fraud, Social Engineering, and Espionage
Tags: business, cyber, cybersecurity, data, espionage, fraud, jobs, linkedin, malicious, phishing, risk, social-engineering, spam, tool, vulnerabilityLinkedIn is a great communication tool for business professionals that informs, provides opportunities, and fosters collaboration”Š”, “Šwhich is exactly why it is attractive to sophisticated cyber adversaries, including aggressive nation state actors, who use LinkedIn for nefarious activities such as information gathering, target profiling, human-asset engagement, fraud, social engineering, and trust building. Urgent and time…
-
Social Engineering als Haupteinfallstor 2025
Die neue Social-Engineering-Edition des 2025 Global Incident Response Report von Unit 42 zeigt: Social Engineering ist 2025 das häufigste Einfallstor für Cyberangriffe [1]. In mehr als einem Drittel der über 700 analysierten Fälle weltweit nutzten Angreifer Social Engineering als Einstieg, also den gezielten Versuch, Menschen durch Täuschung zu bestimmten Handlungen zu verleiten und so Sicherheitskontrollen……

