Tag: social-engineering
-
Did cybersecurity recently have its Gatling gun moment?
Tags: ai, attack, automation, cyber, cyberattack, cybercrime, cybersecurity, defense, detection, email, endpoint, government, hacker, intelligence, LLM, malicious, malware, phishing, ransomware, siem, social-engineering, spear-phishing, strategy, tactics, threat, tool, update, vulnerability, warfareinflection point. Both emblematic of an irreversible tipping point, where the nature of conflict was altered by its sudden asymmetry.The Gatling gun is the perfect analogy for the current cyber landscape. Just as it transformed warfare from a manual craft into an industrial process, modern threats have shifted from individual attacks to automated, high-velocity engagements.Here…
-
12 ways attackers abuse cloud services to hack your enterprise
Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, toolHiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
-
Jack & Jill went up the hill, and an AI tried to hack them
get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
-
Jack & Jill went up the hill, and an AI tried to hack them
get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
-
Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out!
Tags: access, ai, apt, attack, cloud, credentials, cybersecurity, data, email, exploit, extortion, google, incident response, injection, intelligence, LLM, metric, phishing, ransomware, rce, remote-code-execution, saas, service, social-engineering, software, theft, threat, vulnerability, zero-dayThis is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).…
-
Threat intelligence by ESET is a game changer
Tags: ai, business, ciso, cybersecurity, data, detection, edr, exploit, identity, india, intelligence, phishing, service, social-engineering, threat, vulnerability, zero-dayThe Advent of AI Ransomware detections in India surged by 70% between the second half of 2024 and the first half of 2025 as per ESET’s Telemetry. Phishing remains the most prevalent cyberthreat affecting Indian users, underscoring the ongoing need for vigilance and education around social engineering tactics.Attacks are increasing on edge systems and appliances as…
-
Teams Social Engineering Campaign Drops A0Backdoor Malware
Attackers are using Microsoft Teams impersonation to deliver A0Backdoor malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teams-social-engineering-campaign-drops-a0backdoor-malware/
-
Wenn Phishing plötzlich perfekt klingt: KI hebt Social Engineering auf ein neues Level
Der Fokus verschiebt sich deutlich: Nicht mehr der sprachliche Fehler verrät den Angriff sondern die dahinterliegende Manipulationsstrategie. Neben überzeugenden Texten nutzen Angreifer zunehmend technische Tricks, um ihre Kampagnen noch glaubwürdiger zu machen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-phishing-ploetzlich-perfekt-klingt-ki-hebt-social-engineering-auf-ein-neues-level/a44060/
-
Fighting Fire with Fire: AI-Assisted Microsegmentation to Combat AI-Enabled Hackers
Thanks to GenAI, cyberattacks are coming faster and harder than ever before. The IC3 consortium at MIT Sloan warns that: “AI is being used regularly in cyberattacks to create malware, phishing campaigns, and deepfake-driven social engineering, such as fake customer service calls. Large language models are being employed to generate code and phishing content. There……
-
Geheimdienste warnen: Spione kapern reihenweise Signal- und Whatsapp-Konten
Tags: social-engineeringDie Angreifer geben sich häufig als Support-Mitarbeiter aus und versuchen, per Social Engineering in Signal- und Whatsapp-Konten einzudringen. First seen on golem.de Jump to article: www.golem.de/news/geheimdienste-warnen-spione-kapern-reihenweise-signal-und-whatsapp-konten-2603-206293.html
-
How Piggybacking Attacks Threaten Organizational Security?
Organizations invest heavily in advanced cybersecurity technologies such as endpoint detection, identity access management, zero trust architecture, and continuous monitoring. However, a significant number of security incidents still originate from physical security weaknesses rather than purely digital vulnerabilities. Such often overlooked threats are piggybacking attacks. It is a social engineering and physical access attack technique……
-
How Piggybacking Attacks Threaten Organizational Security?
Organizations invest heavily in advanced cybersecurity technologies such as endpoint detection, identity access management, zero trust architecture, and continuous monitoring. However, a significant number of security incidents still originate from physical security weaknesses rather than purely digital vulnerabilities. Such often overlooked threats are piggybacking attacks. It is a social engineering and physical access attack technique……
-
How Piggybacking Attacks Threaten Organizational Security?
Organizations invest heavily in advanced cybersecurity technologies such as endpoint detection, identity access management, zero trust architecture, and continuous monitoring. However, a significant number of security incidents still originate from physical security weaknesses rather than purely digital vulnerabilities. Such often overlooked threats are piggybacking attacks. It is a social engineering and physical access attack technique……
-
When AI safety constrains defenders more than attackers
Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerabilityThe attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
-
When AI safety constrains defenders more than attackers
Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerabilityThe attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
-
GhostClaw Masquerades as OpenClaw in Bid to Plunder Developer Data
A malicious npm package, @openclaw-ai/openclawai, that impersonates the legitimate OpenClaw CLI while quietly deploying a full-featured infostealer and RAT against developers’ machines. Internally branded “GhostLoader,” this threat combines polished social engineering, encrypted payload delivery, and long”‘term persistence to exfiltrate almost every valuable secret a developer holds from SSH keys and cloud credentials to AI agent […]…
-
Social-Engineering-Angriffe auf Basis künstlicher Intelligenz gewinnen rasant an Bedeutung
Künstliche Intelligenz verändert die Bedrohungslandschaft grundlegend, besonders im Bereich Social-Engineering. Was früher oft an auffälligen Rechtschreibfehlern, unnatürlichen Formulierungen oder erkennbaren Manipulationen zu durchschauen war, wirkt heute professionell, individuell zugeschnitten und nahezu fehlerfrei. Texte, Stimmen und sogar Videos lassen sich innerhalb weniger Minuten täuschend echt erstellen. Das macht betrügerische Kontaktaufnahmen glaubwürdiger und erhöht das Risiko für…
-
Rogues gallery: 15 worst ransomware groups active today
Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, data-breach, defense, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, insurance, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vpn, vulnerability, windows, zero-dayBlack Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
-
Fake Claude Code install guides push infostealers in InstallFix attacks
Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-claude-code-install-guides-push-infostealers-in-installfix-attacks/
-
Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer
Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex attack chain, ultimately deploying Lumma Stealer malware. The campaign uses social engineering to trick users into executing malicious commands, highlighting growing risks to Windows…
-
RMM Tools Crucial for IT Operations, But Growing Threat as Attackers Weaponize Them
Threat actors are increasingly weaponizing trusted administrative software to bypass security defenses. By exploiting legitimate software, cybercriminals gain persistent, hands-on-keyboard (HOK) access while hiding within normal network activity. Initial Access and Attack Methods RMM compromises typically begin with targeted social engineering and phishing campaigns. Attackers trick employees into downloading a malicious RMM agent disguised as…
-
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware.The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the Windows…
-
2026 Browser Data Reveals Major Enterprise Security Blind Spots
The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware’s 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based phishing, extensions, and social engineering drive new security blind spots. First seen on…
-
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts
A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake CAPTCHA flow that tricks users into running malicious commands on their own systems. Attackers pose as executives from fictitious funds such as SolidBit…
-
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts
A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake CAPTCHA flow that tricks users into running malicious commands on their own systems. Attackers pose as executives from fictitious funds such as SolidBit…
-
Invisible Threats: Source Code Exfiltration in Google Antigravity FireTail Blog
Mar 04, 2026 – Viktor Markopoulos – Invisible Threats: Source Code Exfiltration in Google Antigravity”TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions inside seemingly empty C++ comments, threat actors can force the AI assistant to package up the developer’s code and send it to…
-
Ransomware auf Speed ist die große Herausforderung für CISOs
Künstliche Intelligenz (KI) verändert die Cyberbedrohungslandschaft nicht durch völlig neue Angriffsarten, sondern durch Skalierung, Geschwindigkeit und Präzision. Das bestätigen die Ergebnisse des jüngsten <>. Sie automatisieren bekannte Methoden wie Phishing oder Social-Engineering und passen sie in Echtzeit an. In Folge stehen Unternehmen vor einer neuen Realität, […] First seen on netzpalaver.de Jump to article: netzpalaver.de/2026/03/03/ransomware-auf-speed-ist-die-grosse-herausforderung-fuer-cisos/
-
Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations
Tags: access, attack, botnet, credentials, cyber, data, ddos, defense, espionage, exploit, government, group, infrastructure, intelligence, Internet, iran, leak, malware, military, monitoring, ransomware, service, social-engineering, technology, theft, threat, tool, update, vulnerabilityFollowing the joint military operation known as Operation Epic Fury, the Tenable Research Special Operations (RSO) team is providing an update regarding potential cyber counteroffensive operations conducted by Iran-linked threat actors. Key takeaways: Following Operation Epic Fury, Iran-linked threat actors are expected to launch counteroffensive operations against critical infrastructure and opportunistic targets. Several Iranian-linked threat…
-
Why Cyber Attackers Benefit More from AI Technology than Defenders
Tags: ai, attack, cyber, cybersecurity, defense, offense, risk, social-engineering, technology, tool, vulnerabilityAI is transforming both cyber offense and defense, but the attackers hold distinct advantages. AI tools can be used for attacks and defense but the attackers are less concerned with quality or problems. They can use risky or unvetted technology with impunity as they aren’t overly concerned if it causes harm. The result is they…
-
Dust Specter APT Targets Government Officials in Iraq
Tags: access, ai, api, apt, attack, backdoor, browser, chrome, cisco, cloud, control, data, detection, encryption, google, government, group, infrastructure, iran, iraq, malicious, malware, monitoring, network, open-source, password, powershell, rat, service, social-engineering, software, threat, tool, update, windowsIntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Due to significant overlap in tools, techniques, and procedures (TTPs), as well as victimology, between this campaign and activity associated with Iran-nexus APT groups, ThreatLabz assesses with medium-to-high confidence that an…