Tag: social-engineering
-
Innovation without exposure: A CISO’s secure-by-design framework for business outcomes
Tags: ai, authentication, awareness, business, chatgpt, cisa, ciso, cloud, control, cyber, cybersecurity, data, detection, firmware, framework, fraud, governance, identity, injection, iot, law, leak, LLM, metric, mitre, network, nist, offense, radius, RedTeam, resilience, risk, risk-management, service, social-engineering, threat, tool, unauthorized, updateA detection engineer owning “detection as code” patterns and test harnessesA threat hunter owning telemetry quality improvements and query optimizationAn incident responder owning tabletop iterations and runbook hardeningA cloud security lead owning guardrailed landing zone enhancementsThe critical constraint is this: every experiment needs an exit plan. Either it becomes a supported capability, or it is…
-
Emerging Global Threat Landscape: A 7-Day Intelligence Analysis for Modern SOCs
Tags: ai, credentials, cyber, exploit, infrastructure, intelligence, soc, social-engineering, strategy, threatExecutive Overview The pace and sophistication of cyber threats continue to accelerate. Over the past seven days alone, multiple high-impact campaigns have targeted enterprise recovery systems, telecommunications infrastructure, academic institutions, and developer ecosystems. These incidents are not isolated. They represent coordinated shifts in attacker strategy toward infrastructure-level compromise, credential exploitation, AI-powered social engineering, and supply…
-
Social Engineering: Berüchtigte Hackergruppe sucht Frauen fürs Team
Die Cybergang Scattered Lapsus$ Hunters will offenbar beim Voice-Phishing effektiver werden. Weibliche Stimmen sollen dabei helfen. First seen on golem.de Jump to article: www.golem.de/news/social-engineering-beruechtigte-hackergruppe-sucht-frauen-fuers-team-2602-205927.html
-
Social Engineering: Berüchtigte Hackergruppe sucht Frauen fürs Team
Die Cybergang Scattered Lapsus$ Hunters will offenbar beim Voice-Phishing effektiver werden. Weibliche Stimmen sollen dabei helfen. First seen on golem.de Jump to article: www.golem.de/news/social-engineering-beruechtigte-hackergruppe-sucht-frauen-fuers-team-2602-205927.html
-
APT37 Adds New Capabilities for Air-Gapped Networks
Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
-
APT37 Adds New Capabilities for Air-Gapped Networks
Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
-
Nordkoreanische Hacker locken Entwickler mit FakeInterviews
Das nordkoreanische Hacker gerne einmal versuchen sich selbst als Entwickler anheuern zu lassen, um Unternehmen auszuspionieren ist inzwischen nichts neues mehr. Was aber neu ist, ist, dass sie versuchen Entwickler als Trittbrett auszunutzen. Nach Angaben von Forschern von Recorded Future nehmen sie ebenfalls gezielt Softwareentwickler mit Social-Engineering-Taktiken ins Visier. Eine als ‘PurpleBravo” bezeichnete Gruppe setzt…
-
Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering
Tags: social-engineeringTelegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse First seen on theregister.com Jump to article: www.theregister.com/2026/02/26/scattered_lapsus_hunters_female_recruits/
-
SLH Offers $500$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks.The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500…
-
Cyber defense: From reactive to proactive
Tags: access, ai, attack, automation, business, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, deep-fake, defense, detection, endpoint, google, infrastructure, intelligence, malware, microsoft, monitoring, phishing, ransomware, resilience, risk, service, social-engineering, threat“It’s a cat-and-mouse situation. AI is changing the speed and sophistication of attacks, and AI is making phishing and social engineering attacks, thanks to deep fakes, harder to detect,” said Kevin McCall, director, cybersecurity, risk, and regulatory at PwC US, speaking during a webcast titled, “From Risk to Resilience: Building a Smarter Cloud Security Strategy.”McCall…
-
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor’s targeting beyond Ukraine and into entities supporting the war-torn nation.The activity, which targeted an unnamed entity involved in regional First…
-
Malicious OpenClaw Tactics Deceive Users into Manual Password Entry for AMOS Infection
Malicious OpenClaw skills are being weaponized to coerce users into manually entering their passwords, enabling a new Atomic (AMOS) Stealer infection chain that abuses AI agent workflows as a social engineering channel. TrendAI Research has tracked Atomic (AMOS) Stealer’s evolution from crude “cracked” macOS software lures to a refined supply chain attack abusing OpenClaw’s skill…
-
AI is becoming part of everyday criminal workflows
Underground forums include long threads about chatbots drafting phishing emails, generating code snippets, and coaching social engineering calls. A new study examined … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/ai-in-cybercrime-research/
-
Hacker stiehlt Daten von Tausenden RTL-Mitarbeitern
Ein Hacker hat sich Zugriff auf Mitarbeiterdaten von RTL verschafft.Die RTL Group wurde offenbar Opfer einer Cyberattacke. Wie Cybernews berichtet, brüstet sich ein Cyberkrimineller namens LuneBF mit gestohlenen Daten von mehr als 27.000 Mitarbeitern der Mediengruppe. In seinem Darknet-Post behauptet der Angreifer, sich Zugriff auf die Intranet-Website der RTL Group verschafft zu haben.Als Beweis für…
-
13 ways attackers use generative AI to exploit your systems
Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-dayFacilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
-
13 ways attackers use generative AI to exploit your systems
Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-dayFacilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
-
Using threat modeling and prompt injection to audit Comet
Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how four prompt injection techniques could extract users’ private information from Gmail by exploiting the browser’s AI assistant. The vulnerabilities we found reflect how AI agents behave…
-
KI und Komplexität als Brandbeschleuniger für Cyberkriminelle
Tags: access, ai, api, authentication, automation, ciso, cloud, cyberattack, cyersecurity, exploit, incident response, intelligence, network, phishing, saas, service, siem, soar, soc, social-engineering, tool, vulnerabilityCyberangriffe werden immer schneller, wodurch sich die Zeitspanne zwischen der ersten Kompromittierung und den negativen Folgen verkürzt.Der Einzug von KI hat den benötigten Zeitaufwand für Cyberattacken massiv verkürzt, so dass menschliche Verteidiger nicht mehr mithalten können. So lautet das vielleicht wenig überraschende Ergebnis des 2026 Global Incident Response Report von Palo Alto Networks. Für die…
-
New phishing campaign tricks employees into bypassing Microsoft 365 MFA
Tags: access, attack, awareness, business, credentials, defense, email, google, identity, incident response, least-privilege, login, malicious, mfa, microsoft, monitoring, office, phishing, risk, saas, social-engineering, trainingmicrosoft.com. But the attacker has pre-registered their device to get the code for [the victim] to verify.”David Shipley, head of Canadian security awareness training provider Beauceron Security, said OAuth device code attacks have been gaining steam since 2024. “It’s the natural evolutionary response to improvements in account security, particularly MFA”, he said. The easiest defense is…
-
Figure Data Breach Exposes Nearly 1 Million Customers Online
Fintech lender Figure suffered a social-engineering breach that led to a data dump online. Have I Been Pwned found 967,200 exposed email records. The post Figure Data Breach Exposes Nearly 1 Million Customers Online appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-figure-data-breach-967200-email-records/
-
Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via DNS
Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The >>ClickFix<>fix<< a fake browser error, has undergone significant evolution. Security researcher Muhammad Hassoub has observed attackers moving away from high-noise tools that trigger immediate […] The post Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via…
-
Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via DNS
Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The >>ClickFix<>fix<< a fake browser error, has undergone significant evolution. Security researcher Muhammad Hassoub has observed attackers moving away from high-noise tools that trigger immediate […] The post Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via…
-
Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via DNS
Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The >>ClickFix<>fix<< a fake browser error, has undergone significant evolution. Security researcher Muhammad Hassoub has observed attackers moving away from high-noise tools that trigger immediate […] The post Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via…
-
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations
Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise”‘wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side”‘loading, and dual malware families (Latrodectus and Supper) to gain persistence, perform reconnaissance, and prepare the environment for potential follow”‘on…
-
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations
Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise”‘wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side”‘loading, and dual malware families (Latrodectus and Supper) to gain persistence, perform reconnaissance, and prepare the environment for potential follow”‘on…
-
MetaMask Users Targeted by Phishing Emails with Fake Security Report to Bypass Detection
A new phishing campaign is targeting MetaMask users with cleverly crafted emails designed to trick recipients into enabling a fake Two-Factor Authentication (2FA) setup. The lure includes a forged “security report” PDF meant to mimic a legitimate notification about unusual login activity, adding credibility and emotional urgency to the scam. The attack blends social engineering…
-
New Phishing Campaign Exploits Booking.com Partners, Targets Customers in Multi-Stage Fraud Scheme
New phishing activity is again abusing the Booking.com ecosystem to defraud both hotel partners and their guests, using a coordinated multi”‘stage campaign that blends email, infrastructure abuse, and social engineering across email and WhatsApp. The primary objective is financial gain, using tailored phishing kits to first capture partner credentials and then harvest guest payment data. The operators…
-
13 Fragen gegen Drittanbieterrisiken
Tags: access, api, ceo, ciso, cloud, cyberattack, cyersecurity, detection, firewall, identity, incident response, infrastructure, ISO-27001, mfa, monitoring, password, PCI, risk, saas, sans, service, social-engineering, software, threat, update, vulnerabilityDrum prüfe”¦Die zunehmende Abhängigkeit von IT-Dienstleistern und Software von Drittanbietern vergrößert die Angriffsfläche von Unternehmen erheblich. Das wird auch durch zahlreiche Cyberattacken immer wieder unterstrichen. Zwar lassen sich die Risiken in Zusammenhang mit Third-Party-Anbietern nicht gänzlich beseitigen, aber durchaus reduzieren. Dabei sollten Sicherheitsentscheider eine zentrale Rolle spielen, wie Randy Gross, CISO bei CompTIA, erklärt: “CISOs…
-
Context-Based Attestation: A Practical Approach to High-Confidence Identity Verification
<div cla From hiring and onboarding fraud to service desk social engineering, attackers increasingly exploit identity workflows with stolen identities, forged documents, and deepfake-enabled impersonation. Gartner® warns that “by 2028, one in four candidate profiles will be fake.”1 Their latest CISO Edge research mentions, “Deploy detection and prevention capabilities, such as automated identity verification and assessment…
-
Matanbuchus 3.0 Unleashes AstarionRAT via ClickFix Social Engineering and Silent MSI Installs
Matanbuchus 3.0 has resurfaced in a tightly orchestrated intrusion chain that blends ClickFix social engineering, silent MSI installations, DLL sideloading, and a new remote access trojan dubbed AstarionRAT, underscoring how mature loaders are evolving toward stealthy, multi”‘stage operations rather than simple payload delivery.”‹ The attack starts with a ClickFix prompt that convinces the victim to copy and…