Tag: social-engineering
-
New Tech Support Scam Exploits Microsoft Logo to Steal User Credentials
Microsoft’s name and branding have long been associated with trust in computing, security, and innovation. Yet a newly uncovered campaign by the Cofense Phishing Defense Center demonstrates that even the most recognized logos can be hijacked by threat actors to exploit user trust. By blending classic social engineering tactics with advanced deceptive overlays, this scam…
-
CISOs brace for an “AI vs. AI” fight
Tags: ai, attack, automation, awareness, ciso, computer, conference, cyber, data, defense, detection, email, exploit, extortion, india, psychology, ransomware, social-engineering, technology, theft, threat, training, vulnerabilityCSO reporting paints an unsettling picture of what’s already happening. Autonomous AI agents are learning to execute full attack chains, from reconnaissance and exploitation to evasion and data theft, without human direction. Researchers have documented AI models used to generate extortion emails, launch ransomware, and discover new vulnerabilities in minutes. As one expert put it, attackers…
-
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden
Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
-
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden
Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
-
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden
Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
-
Scattered Lapsus$ Hunters extortion site goes dark: What’s next?
Tags: access, attack, backup, breach, business, cyber, cybercrime, data, data-breach, extortion, group, infrastructure, intelligence, leak, lockbit, ransom, ransomware, risk, russia, social-engineering, software, supply-chain, technology, threatTakedowns only slow activity: According to Jeremy Kirk, executive editor for cyber threat intelligence at research company Intel 471, police have been closing in on the individual groups represented in Scattered Lapsus$ Hunters for more than three years. This included arresting alleged members. Whether this damaged the group in the long run remained to be…
-
Meet Varonis Interceptor: AI-Native Email Security
AI-generated phishing and social engineering attacks outpace traditional email defenses. Varonis’ new Interceptor platform uses multimodal AI, vision, language, and behavior models, to detect zero-hour attacks and stop them before they reach users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/meet-varonis-interceptor-ai-native-email-security/
-
Meet Varonis Interceptor: AI-Native Email Security
AI-generated phishing and social engineering attacks outpace traditional email defenses. Varonis’ new Interceptor platform uses multimodal AI, vision, language, and behavior models, to detect zero-hour attacks and stop them before they reach users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/meet-varonis-interceptor-ai-native-email-security/
-
Meet Varonis Interceptor: AI-Native Email Security
AI-generated phishing and social engineering attacks outpace traditional email defenses. Varonis’ new Interceptor platform uses multimodal AI, vision, language, and behavior models, to detect zero-hour attacks and stop them before they reach users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/meet-varonis-interceptor-ai-native-email-security/
-
North Korean Hackers Target Developers with 338 Malicious Software Packages
Tags: attack, blockchain, control, crypto, cyber, endpoint, hacker, malicious, north-korea, social-engineering, software, supply-chain, threatNorth Korean threat actors have escalated their Contagious Interview campaign, deploying 338 malicious npm packages with over 50,000 downloads to target cryptocurrency and blockchain developers through sophisticated social engineering tactics. The state-sponsored operation represents a significant evolution in supply chain attacks, utilizing more than 180 fake personas and a dozen command and control endpoints to…
-
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Tags: access, backdoor, exploit, hacker, Internet, microsoft, social-engineering, threat, unauthorizedMicrosoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices.”Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript First seen…
-
WhatsApp Worm Targets Users with Banking Malware, Steals Login Information
Tags: attack, banking, credentials, crypto, cyber, cybersecurity, exploit, login, malicious, malware, social-engineering, tactics, wormCybersecurity researchers have uncovered a sophisticated new campaign targeting WhatsApp users in Brazil with self-propagating malware designed to steal banking credentials and cryptocurrency exchange login information. The attack, first detected on September 29, 2025, represents a dangerous evolution in social engineering tactics that exploits users’ trust in familiar contacts to spread malicious payloads across messaging…
-
Cybersecurity For Dummies, 3rd Edition eBook FREE for a Limited Time
In today’s hyper-connected world, cyber threats are more sophisticated and frequent than ever – ransomware, data breaches, and social engineering scams, targeting everyone from individuals to Fortune 500 companies. Right now, you can grab “Cybersecurity For Dummies, 3rd Edition” – a $29.99 value – completely FREE for a limited time. First seen on bleepingcomputer.com Jump…
-
Multimodal AI, A Whole New Social Engineering Playground for Hackers
Tags: ai, automation, ciso, cyber, exploit, governance, hacker, incident response, social-engineering, strategyMultimodal AI delivers context-rich automation but also multiplies cyber risk. Hidden prompts, poisoned pixels, and cross-modal exploits can corrupt entire pipelines. Discover how attackers manipulate multimodal inputs”, and the governance, testing, and incident response strategies CISOs need to stay ahead. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/multimodal-ai-a-whole-new-social-engineering-playground-for-hackers/
-
Multimodal AI, A Whole New Social Engineering Playground for Hackers
Tags: ai, automation, ciso, cyber, exploit, governance, hacker, incident response, social-engineering, strategyMultimodal AI delivers context-rich automation but also multiplies cyber risk. Hidden prompts, poisoned pixels, and cross-modal exploits can corrupt entire pipelines. Discover how attackers manipulate multimodal inputs”, and the governance, testing, and incident response strategies CISOs need to stay ahead. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/multimodal-ai-a-whole-new-social-engineering-playground-for-hackers/
-
Multimodal AI, A Whole New Social Engineering Playground for Hackers
Tags: ai, automation, ciso, cyber, exploit, governance, hacker, incident response, social-engineering, strategyMultimodal AI delivers context-rich automation but also multiplies cyber risk. Hidden prompts, poisoned pixels, and cross-modal exploits can corrupt entire pipelines. Discover how attackers manipulate multimodal inputs”, and the governance, testing, and incident response strategies CISOs need to stay ahead. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/multimodal-ai-a-whole-new-social-engineering-playground-for-hackers/
-
Multimodal AI, A Whole New Social Engineering Playground for Hackers
Tags: ai, automation, ciso, cyber, exploit, governance, hacker, incident response, social-engineering, strategyMultimodal AI delivers context-rich automation but also multiplies cyber risk. Hidden prompts, poisoned pixels, and cross-modal exploits can corrupt entire pipelines. Discover how attackers manipulate multimodal inputs”, and the governance, testing, and incident response strategies CISOs need to stay ahead. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/multimodal-ai-a-whole-new-social-engineering-playground-for-hackers/
-
ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface.This edition of ThreatsDay Bulletin explores these converging risks and the safeguards that help First seen on…
-
Cybercriminals Impersonate HR Departments to Harvest Your Gmail Login Details
A seemingly legitimate Zoom document share from “HR” redirected victims through a fake bot-protection gate into a Gmail login phish. User credentials are exfiltrated live via WebSocket and validated in real time. This report breaks down the social engineering, the malicious infrastructure, proof-of-concept exfiltration code, and indicators of compromise to watch for. Job seekers and…
-
Hackers Enhance ClickFix Attack Using Cache Smuggling to Stealthily Download Malicious Files
Tags: attack, compliance, cyber, cybersecurity, fortinet, hacker, malicious, social-engineering, threat, vpnCybersecurity researchers have discovered a sophisticated evolution of the ClickFix attack technique that leverages browser cache smuggling to covertly place malicious files on target systems without traditional file downloads. This advanced social engineering campaign specifically targets enterprise users through fake Fortinet VPN compliance pages, demonstrating how threat actors continuously adapt their methods to evade detection.…
-
CISOs wollen mehr Datensichtbarkeit
Die meisten CISOs wollen Einsicht in alle Datenströme in ihren Unternehmen, fast immer müssen sie dabei jedoch Kompromisse eingehen.Um hybride Cloud-Infrastrukturen zu überwachen und abzusichern, will die Mehrzahl der Sicherheitsverantwortlichen die Datenströme in ihren Betrieben transparent machen. Oft hapert es jedoch an den passenden Tools.Das besagt die Studie CISO Insights: Recalibrating Risk in the Age…
-
Unplug Gemini from email and calendars, says cybersecurity firm
Tags: ai, attack, cybersecurity, data, email, exploit, flaw, google, incident response, injection, malicious, microsoft, mitigation, privacy, risk, service, social-engineering, vulnerabilityCSO that he “fundamentally disagrees.””Social engineering is a big problem,” he said. “When you take away the risk of social engineering, it does make users safe.”The solution, he added, is for an AI agent to filter inputs.Google was asked for comment on the FireTail report. No reply had been received by our deadline, nor was…
-
New FileFix attack uses cache smuggling to evade security software
A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s system and bypassing security software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-filefix-attack-uses-cache-smuggling-to-evade-security-software/
-
Top 10 Best Fraud Prevention Companies in 2025
Fraud prevention has become one of the most important priorities for enterprises, financial institutions, and digital-first businesses in 2025. With rising cyber threats, account takeovers, synthetic identities, financial crimes, phishing, and social engineering attacks, the need for advanced fraud detection and prevention tools is at an all-time high. The top fraud prevention companies are integrating…
-
AI fuels social engineering but isn’t yet revolutionizing hacking
AI tools are still too computationally intense for cybercriminals to rely on, according to a new report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-phishing-social-engineering-reality-check-research/802261/
-
New Phishing Kit Automates ClickFix Attacks to Evade Security Defenses
Cybercriminals are increasingly automating one of the most insidious social engineering exploits”, forcing victims to manually execute malware under the guise of browser verification. The newly discovered IUAM ClickFix Generator commoditizes the ClickFix technique into an easy-to-use phishing kit, lowering the barrier for threat actors of all skill levels and enabling widespread deployment of information…
-
BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers
A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot.”The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents,” Aryaka Threat Research Labs First seen…
-
Top 10 Best Digital Risk Protection (DRP) Platforms in 2025
In today’s digital-first economy, the cyber risk landscape is evolving faster than ever before. Enterprises face threats ranging from phishing campaigns and social engineering to data breaches and brand impersonation. Digital Risk Protection (DRP) platforms are becoming indispensable for businesses to detect, analyze, and mitigate online threats that can impact brand integrity, digital assets, customer…
-
Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances
The hacker collective styling itself “Scattered Lapsus$ Hunters””, an alliance echoing elements of ShinyHunters, Scattered Spider, and Lapsus$”, has launched an extortionware portal to pressure victims into paying for delisting and purported deletion of stolen data. The group’s leverage centers on Salesforce datasets, reflecting months of intrusions achieved via social engineering, OAuth abuse, and downstream…
-
That CISO job offer could be a ‘pig-butchering’ scam
Deepfaked interview shenanigans: What followed was three months of constant messaging, which moved from SMS messages, to conversations on WhatsApp, to a (likely) deepfaked video interview.”Other than the 15-minute interview, mostly my interaction with them was a minute here and there, and of course the necessary background research on Gemini itself as well as the…