Krebs on Security

DECEMBER 29, 2024

Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. Image: Shutterstock, Dreamansions. KrebsOnSecurity.com turns 15 years old today!

Scams

Security Affairs

APRIL 7, 2025

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. ” Source News4Jax The charges relate to his alleged role in the Scattered Spider cybercrime group (also known as UNC3944 , 0ktapus ). .” ” reported News4Jax. In January 2024, U.S.

Cybercrime

Krebs on Security

JULY 24, 2025

An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries. However, BEC scams were the second most costly form of cybercrime reported to the feds last year, with nearly $2.8

Scams

Krebs on Security

NOVEMBER 21, 2024

That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina. Click to enlarge.

Identity Theft

Security Affairs

JUNE 28, 2025

The FBI reports that the cybercrime group Scattered Spider is now targeting the airline sector. The cybercriminals are using social engineering techniques to gain access to target organizations by impersonating employees or contractors. The FBI warns that Scattered Spider is now targeting the airline sector.

Social Engineering

SecureWorld News

APRIL 22, 2025

A sophisticated cybercrime campaign, dubbed Elusive Comet , has been uncovered, in which North Korean threat actors are exploiting Zoom's remote control feature to infiltrate the systems of cryptocurrency professionals.

Cryptocurrency

Krebs on Security

OCTOBER 18, 2024

USDoD was known to use the hacker handles “ Equation Corp ” and “ NetSec ,” and according to the cyber intelligence platform Intel 471 NetSec posted a thread on the now-defunct cybercrime community RaidForums on Feb. national infrastructure.

Social Engineering

Security Boulevard

MAY 8, 2025

Today, it is safe to say that social engineering has become the most dangerous and costly form of cybercrime that businesses face. The post Protect Yourself From Cybers Costliest Threat: Social Engineering appeared first on Security Boulevard.

Social Engineering

Security Affairs

JULY 2, 2025

“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.” At the end of June, the FBI reports that the cybercrime group Scattered Spider is now targeting the airline sector. reads the alert published by the FBI on X.

Data breaches

SecureWorld News

JUNE 26, 2025

The suspects, all French nationals, were detained during coordinated raids conducted by the Cybercrime Brigade of the Paris Police headquarters in Hauts-de-Seine, Seine-Maritime, and Réunion. A global threat, a global response The arrests also underscore a shift in the geography of cybercrime.

Cybercrime

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. FBI warns Silent Ransom Group has targeted U.S. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S.

Social Engineering

eSecurity Planet

JULY 14, 2025

Airlines become top targets Airlines are now a prime focus for cybercrime groups. Scattered Spider is known for using clever social engineering to trick IT help desks into bypassing security protocols, especially multi-factor authentication (MFA).

Insurance

Security Affairs

DECEMBER 25, 2024

TraderTraitor activity is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously.” The FBI will continue to expose and combat the DPRKs use of illicit activitiesincluding cybercrime and virtual currency theftto generate revenue for the regime. BTC ($308M).

Cryptocurrency

Security Affairs

APRIL 21, 2025

The malware is delivered via social engineering, attackers attempt to trick victims into tapping cards on infected phones. Calls enable social engineering in a Telephone-Oriented Attack Delivery (TOAD) scenario. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware

Security Affairs

MAY 17, 2025

Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S. The financially motivated group UNC3944 (also known as Scattered Spider , 0ktapus ) is known for social engineering and extortion. They exploit help desks and outsourced IT via social engineering for high-impact attacks.

Retail

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Deepfakes are revolutionizing social engineering attacks, making them more deceptive and harder to detect.

Social Engineering

Security Affairs

FEBRUARY 3, 2025

” Crazy Evil is referred as a traffer team, which is a group of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages. The cybercrime gang focused on targeting the Web3 and decentralized finance industry. These factors make it a persistent cyber threat.

Scams

Penetration Testing

MAY 12, 2025

Sophos X-Ops has uncovered a cunning cybercrime campaign using fake CAPTCHA pages to trick users into running PowerShell The post CAPTCHA Trap: Fake Verification Unleashes Lumma Stealer on Unsuspecting Users appeared first on Daily CyberSecurity.

Cybercrime

SecureWorld News

FEBRUARY 14, 2025

Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day. And 2025 will be no different, as increasingly sophisticated online hackers seek to take advantage of Valentine's themed email traffic, social media advertisements, or marketing campaigns, and exploit heightened emotions and a desire to connect.

Scams

SecureWorld News

DECEMBER 17, 2024

Researchers at Datadog Security Labs have uncovered a year-long, large-scale cybercrime campaign by a threat actor tracked as MUT-1244. This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials.

Phishing

SecureWorld News

MARCH 20, 2025

Phishing plays straight out of the cybercrime playbook "March Madness brings heightened cybersecurity risks this year, especially with the expansion of sports gambling beyond traditional office pools creating new attack vectors for credential harvesting and financial fraud," warns J.

Scams

Malwarebytes

JUNE 18, 2025

Social engineering and extortion Scams are so difficult to analyze because they vary both in their delivery method and their method of deceit. A message that tries to trick a person into clicking a package tracking link is a simple act of social engineering—relying on false urgency or faked identity to fool a victim.

Scams

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media.

Social Engineering

Security Affairs

JULY 1, 2025

. “Europol expects online fraud to outpace other types of serious and organised crime as it is being accelerated by AI, aiding social engineering and access to data.” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, cybercrime)

Scams

SecureWorld News

MAY 16, 2025

Scattered Spider is a financially motivated threat actor group known for its social engineering prowess, SIM-swapping attacks, and living-off-the-land (LOTL) techniques. The group is well known to employ social engineering tactics to gain access, so hardening your help desk is an immediate first step in defense," Staynings continued.

Retail

Malwarebytes

AUGUST 7, 2025

The attacks underscore the vulnerability that all businesses face—large or small—in preventing cyberattacks that begin through basic social engineering scams. According to the outlet Bleepi n g Computer , the ShinyHunters cybercrime group is still stealing business data through this attack campaign. Train your staff.

Scams

Webroot

MARCH 3, 2025

March is a time for leprechauns and four-leaf clovers, and as luck would have it, its also a time to learn how to protect your private data from cybercrime. Social engineering attacks Social engineering attacks occur when someone uses a fake persona to gain your trust.

Consumer Protection

Security Affairs

OCTOBER 11, 2024

Code snippets in attacker supplied prompts indicated it had standard surveillanceware capabilities” OpenAI finally reported that China-linked group SweetSpectre used ChatGPT for reconnaissance, vulnerability research, malware development, and social engineering.

Malware

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. Researchers from Gen Digital who discovered the threat, believe it is in its early development phase. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption

Security Affairs

APRIL 17, 2025

In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js Another notable technique observed by researchers in recent campaign employs inline JavaScript execution via Node.js to deploy malicious payloads. components.

Social Engineering

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays.

Phishing

Security Affairs

MAY 17, 2025

“Contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.” ” reads the alert issued by the FBI.

Government

Security Affairs

JULY 8, 2025

He said in a statement to the Cybercrimes police station that he was approached as he was leaving a bar in the capital of São Paulo to give his password to the criminals and run codes on the system to generate fraud.” The breach likely stemmed from social engineering, not system flaws. ” continues Globo.com.

Social Engineering

SecureWorld News

JULY 29, 2025

The root cause of the Allianz Life breach was a social engineering attack launched on one of its cloud vendors on July 16th, according to the company's filing with the Maine Attorney General's office. It's part of a disturbing trend of social engineering attacks specifically targeting the insurance sector and other industries.

Data breaches

Security Affairs

MARCH 10, 2025

Using this social engineering trick, threats like stealers, RATs, Trojans, and crypto miners can persist undetected. While investigating the increased use of Windows Packet Divert ( WPD ) tools by crooks to distribute malware under this pretense, the researchers spotted the campaign.

Cryptocurrency

SecureWorld News

JULY 28, 2025

The threat actors are bypassing traditional endpoint protections by directly attacking the hypervisor layer, utilizing social engineering and identity compromise to hijack administrative access and deploy ransomware from within. critical infrastructure—this time by compromising the backbone of enterprise virtualization: VMware vSphere.

Social Engineering

eSecurity Planet

JUNE 20, 2025

Social engineering: A key tactic Aflac’s preliminary findings indicate that the unauthorized party used “ social engineering tactics ” to gain access to their network. This common cybercrime method often involves tricking individuals into revealing sensitive information or granting access.

Social Engineering