Tag: social-engineering
-
DeepLoad Malware Uses ClickFix and AI Evasion to Hit Enterprise Networks
New “DeepLoad” malware is turning a single user click into fileless, credential”‘stealing persistence inside enterprise networks, leveraging the ClickFix technique and AI-generated obfuscation to evade traditional defenses. DeepLoad arrives via ClickFix a social engineering technique that instructs users to paste a “fix” command into Windows Run or a terminal, making the action appear to be…
-
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.”It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers Thassanai…
-
FIFA World Cup 2026: A Match Between Fans and Scammers
Scammers are already gearing up for the FIFA World Cup 2026 with phishing attacks, online scams and a whole lot of social engineering as emotions and reckless behavior runs high among fans. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fifa-world-cup-2026-a-match-between-fans-and-scammers/
-
Fake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain Attack
Fake npm install messages are the latest social engineering trick in the open source supply chain, with attackers abusing npm post”‘install scripts to silently deploy a crypto”‘stealing remote access trojan (RAT) in what ReversingLabs is calling the “Ghost campaign.” By wrapping their payloads in realistic but entirely bogus npm install logs, the threat actors turn…
-
Cybercrime groups speed up initial access handoff through planning, coordination
A report by Google Threat Intelligence Group also shows voice-based phishing has surged amid a rise in social engineering tactics. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cybercrime-groups-speed-initial-access/815551/
-
FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts
The FBI and CISA join European agencies in warning of a widespread, easily scalable social engineering campaign targeting messaging apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fbi-cisa-warn-of-russian-hackers-hijacking-signal-and-whatsapp-accounts/
-
SilentConnect Uses Fake Invites to Deploy ScreenConnect RAT
SILENTCONNECT is a new multi-stage Windows loader that abuses fake online invitations and trusted cloud services to silently deploy the ConnectWise ScreenConnect remote access tool on victim systems. The campaign blends social engineering, living-off-the-land binaries, and low-level evasion techniques to achieve hands-on keyboard access while remaining difficult to spot in traditional monitoring. The attack starts…
-
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape
Tags: access, ai, api, attack, authentication, backup, ciso, cloud, control, credentials, data, defense, detection, email, encryption, espionage, exploit, governance, identity, infection, infrastructure, intelligence, mandiant, mfa, monitoring, network, north-korea, phishing, ransomware, resilience, saas, service, social-engineering, strategy, tactics, theft, threat, tool, updateSocial engineering becomes more interactive: While exploits remain the leading initial infection vector at 32%, the report underscores a shift toward more adaptive social engineering. Voice phishing has risen sharply, while email phishing continues to decline, signaling a move away from high-volume campaigns toward real-time interaction.Mandiant’s data shows that email phishing dropped to just 6%…
-
RSAC 2026 Innovation Sandbox – Humanix: People-Oriented Social Engineering Attack Detection and Response
Company Profile Humanix (see Figure 1) is a cybersecurity company focusing on human-centric threat detection and response, dedicated to protecting enterprises from social engineering attacks against “people”, headquartered in the San Francisco Bay Area of the United States [1]. Its core concept is: Traditional security focuses a lot of energy on systems and boundaries, and most…The…
-
Aura Confirms Data Breach Exposing 900,000 Customer Records
Tags: breach, cyber, data, data-breach, defense, exploit, incident response, network, phishing, social-engineering, threat, unauthorizedDigital security provider Aura has confirmed a data breach affecting approximately 900,000 user records following a targeted social engineering attack. The incident highlights the ongoing threat of sophisticated phishing campaigns aimed at bypassing technical defenses by exploiting human elements within an organization. Aura immediately initiated its incident response protocol upon detecting the unauthorized network activity.…
-
ClickFix treibt neue Infostealer-Kampagnen an
Tags: api, captcha, control, cyberattack, encryption, exploit, framework, github, infrastructure, intelligence, lazarus, login, malware, microsoft, powershell, rat, social-engineering, threat, windows, wordpressClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten.Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Bekannt ist das Ganze unter dem Namen ClickFix und zudem effektiv: In einer einzigen Kampagne wurden über 250 WordPress-Websites in zwölf Ländern infiziert.Während diese Kampagne zu unauffälligen, im Arbeitsspeicher ausgeführten Schadprogrammen führt, beobachtete Microsoft…
-
Microsoft Teams-Based Vishing Attack Tricks Victims Into Quick Assist Takeover
Tags: attack, breach, corporate, cyber, cyberattack, detection, identity, microsoft, phishing, social-engineering, software, threat, vulnerabilityThreat actors are increasingly relying on social engineering rather than complex software vulnerabilities to breach corporate networks. In November 2025, Microsoft’s Detection and Response Team (DART) investigated a notable identity-first intrusion where attackers successfully used Microsoft Teams voice phishing (vishing) to compromise a corporate device via Quick Assist. This incident, detailed in Microsoft’s latest Cyberattack…
-
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method.The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials…
-
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…
-
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/attackers-livechat-phish-credit-card-personal-data
-
Social-Engineering im KI-Zeitalter
Der Aufstieg von GenAI hat Social-Engineering und Phishing auf ein neues Niveau gehoben. Was früher manuelle Arbeit erforderte, kann nun in Sekundenschnelle generiert werden. Die Folge sind perfekt personalisierte Nachrichten, geklonte Stimmen von beispielsweise Führungskräften und sogar realistische Video-Imitationen. Deepfake-Vorfälle haben sich bereits von einer Online-Kuriosität zu einem echten Geschäftsrisiko entwickelt, welches weltweit zu finanziellen…
-
ClickFix techniques evolve in new infostealer campaigns
Tags: api, attack, communications, control, credentials, data, data-breach, detection, encryption, framework, github, group, intelligence, iran, korea, lazarus, login, microsoft, north-korea, russia, social-engineering, threat, windows, wordpressNew payloads: The DoubleDonut Loader was observed delivering a new variant of Vidar Stealer, a well-known infostealer, that uses a dead drop resolver technique to retrieve its command-and-control configuration and dynamic API resolution.In addition to Vidar, two previously undocumented infostealers have been observed, one written in .NET and one in C++. Rapid7 has named these…
-
Attackers Exploit Teams, Quick Assist to Deploy Stealthy A0Backdoor
Attackers are evolving a well-known Microsoft Teams and Quick Assist social-engineering playbook to install a new, stealthy backdoor dubbed A0Backdoor. The campaign closely mirrors activity previously attributed to Blitz Brigantine (also tracked as Storm”‘1811), a financially motivated group tied to Black Basta and Cactus ransomware operations. The intrusion begins with email bombing, where victims’ inboxes are…
-
9 von 10 CISOs fürchten, dass Agentic AI Social-Engineering-Angriffe gefährlicher macht
89 Prozent der deutschen CISOs sehen durch agentische KI eine neue Qualität von Social-Engineering-Bedrohungen, während KI zugleich immer stärker zur Aufklärung von Security”‘Incidents eingesetzt wird. Der neue Splunk CISO”‘Report 2026 zeigt, dass die Rolle der CISOs komplexer wird, persönliche Haftungsrisiken steigen und Burn”‘out in Sicherheitsteams ein zentrales Problem ist. Gleichzeitig entwickelt sich Cybersicherheit zunehmend zum……
-
Kleinanzeigen-Betrug: Geschicktes Social Engineering statt „was letzte Preis?” so schützt man sich
First seen on t3n.de Jump to article: t3n.de/news/kleinanzeigen-betrug-geschicktes-social-engineering-statt-was-letzte-preis-so-schuetzt-man-sich-1733796/
-
China-nexus Threat Actor Targets Persian Gulf Region With PlugX
IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
-
MacOS-Nutzer verstärkt im Visier von Social-Engineering-Attacken
Sophos-X-Ops stellt einen Anstieg von Clickfix- und Infostealer-Kampagnen für das Betriebssystem MacOS fest und verzeichnet neue Techniken sowohl bei den Ködern als auch bei den Malware-Fähigkeiten. Clickfix ist eine zunehmend verbreitete Social-Engineering-Technik, mit der Angreifer die Anwender dazu verleiten, schädliche Software auf ihren Geräten zu installieren. Im Gegensatz zu herkömmlichen, Exploit-basierten Angriffen basiert diese Methode…
-
AI-Driven Phishing Attacks Bypass Email Filters, Land in Inboxes
AI-generated phishing is rapidly reshaping email risk, with more attacks slipping past filters and landing directly in users’ inboxes, even though AI-generated emails remain a minority of total phishing. The human element remains central: 68% of breaches involve people, and 8095% of those begin with phishing, making social engineering the dominant breach vector. Phishing volume…
-
New ClickFix Attacks Target macOS Users with MacSync Infostealer
A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
-
New ClickFix Attacks Target macOS Users with MacSync Infostealer
A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
-
89 Prozent der deutschen CISOs fürchten, dass Agentic-AI Social-Engineering-Angriffe gefährlicher macht
Cisco veröffentlicht den neuen Splunk CISO-Report 2026: Vom Risiko zur Resilienz im KI-Zeitalter, für den weltweit 650 CISOs befragt wurden davon 60 aus Deutschland. Der Report beleuchtet die sich schnell verändernde Rolle der CISOs, ihr strategisches Vorgehen bei der KI-Einführung und ihr kontinuierliches Engagement für IT-Fachkräfte inmitten zunehmend komplexer Bedingungen. ‘CISOs befinden sich im […]…
-
Did cybersecurity recently have its Gatling gun moment?
Tags: ai, attack, automation, cyber, cyberattack, cybercrime, cybersecurity, defense, detection, email, endpoint, government, hacker, intelligence, LLM, malicious, malware, phishing, ransomware, siem, social-engineering, spear-phishing, strategy, tactics, threat, tool, update, vulnerability, warfareinflection point. Both emblematic of an irreversible tipping point, where the nature of conflict was altered by its sudden asymmetry.The Gatling gun is the perfect analogy for the current cyber landscape. Just as it transformed warfare from a manual craft into an industrial process, modern threats have shifted from individual attacks to automated, high-velocity engagements.Here…
-
12 ways attackers abuse cloud services to hack your enterprise
Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, toolHiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
-
Jack & Jill went up the hill, and an AI tried to hack them
get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
-
Jack & Jill went up the hill, and an AI tried to hack them
get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…

