Social Engineering

Silent Ransom Group escalates from vishing to physical infiltration. FBI FLASH alert warns 38+ law firms already breached, with operatives plugging USB drives into office computers.

Peter Stokes, 19, was detained while boarding a flight to Japan. Federal prosecutors allege he participated in breaches that forced companies to pay millions in ransoms.

North Korean threat actors are befriending targets on Facebook, building trust over weeks, then delivering RokRAT malware through trojanized PDF readers. Military and government officials targeted.

New extortion group BlackFile impersonates IT helpdesks via phone calls to steal credentials and demand seven-figure ransoms. Targets include retail chains and hospitality companies.

Google Cloud uncovers UNC6692, a threat actor impersonating IT helpdesk staff on Microsoft Teams to deploy the modular SNOW malware suite targeting senior executives.

Threat actors pose as VCs on LinkedIn, share weaponized Obsidian vaults that silently deploy an AI-generated backdoor using blockchain C2 infrastructure.

Microsoft Defender Experts identify multi-stage malware campaign using WhatsApp messages to deliver VBS scripts that bypass UAC and establish persistent Windows backdoors.

A new macOS infostealer combines ClickFix social engineering with Nuitka-compiled Python to evade detection. First documented campaign pairing these techniques.

Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.

Storm-1811 actors flood inboxes with spam, then call via Microsoft Teams posing as IT support. Quick Assist grants access for A0Backdoor deployment.

Active phishing campaign uses spoofed email chains to trick LastPass users into revealing master passwords. Attackers generate thousands of URL variants leading to fake SSO pages.

Scattered Lapsus$ Hunters offers $500-$1,000 to recruit women for IT help desk social engineering attacks. The supergroup combines LAPSUS$, Scattered Spider, and ShinyHunters tactics.

Elastic Security Labs uncovers ClickFix campaign abusing compromised bincheck.io to deliver MIMICRAT, a custom C++ RAT with SOCKS5 tunneling and token impersonation capabilities.

Microsoft warns of ClickFix variant using nslookup commands to stage malware via DNS traffic. Delivers ModeloRAT through fileless attack chain.

SANS ISC documents phishing campaign using fabricated incident reports to steal MetaMask wallet credentials. Attackers host phishing pages on AWS S3.

Microsoft warns of ClickFix variant that deliberately crashes Chrome, then social-engineers victims into running PowerShell. Only domain-joined hosts targeted.

Check Point documents 44% spike in fake Valentine's domains with 97.5% unclassified. Four in ten Valentine-themed emails are scams targeting U.S. consumers.

Germany's BfV and BSI issued a joint advisory warning of state-sponsored phishing campaigns targeting politicians, military officials, and journalists through Signal's device linking feature.

Learn how to detect deepfakes with visual clues, audio patterns, and authentication methods. Covers detection signs, AI tools, and practical defense strategies.

Learn what phishing is, the different types of phishing attacks (email, SMS, voice), red flags to watch for, and how to protect yourself from scams.

Attackers exploit Google Presentations' publish mode to host phishing pages that bypass Google's own security warnings, targeting Vivaldi Webmail users.

New campaign combines fake CAPTCHA pages with signed Microsoft scripts to bypass security tools and install Amatera infostealer on enterprise systems.

Extortion group confirms voice phishing attacks stealing SSO credentials from Crunchbase, Betterment, and more. Custom phishing kits enable real-time MFA bypass.

Fake maintenance emails urge users to backup their vaults before a deadline, redirecting victims to credential-harvesting sites. The campaign launched over MLK weekend.

North Korean APT-Q-1 now combines fraudulent cryptocurrency job postings with ClickFix social engineering to deploy GolangGhost backdoor and BeaverTail stealer.

Hudson Rock research reveals 220 legitimate business websites hijacked for ClickFix malware attacks after admin credentials were stolen by infostealers.