eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. The phishing messages include links or attachments that direct users to fake Booking.com pages.

Phishing 59

Phishing Malware Social Engineering Authentication 59

SecureWorld News

APRIL 22, 2025

Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages. According to Security Alliance's findings, the campaign relied on social engineering and Zoom's remote control feature to infect targets with malware.

Cryptocurrency 100

Cryptocurrency Social Engineering Cybercrime Engineering 100

Security Affairs

JUNE 27, 2025

Iran-linked APT42 targets Israeli experts with phishing attacks, posing as security professionals to steal email credentials and 2FA codes. Credentials entered on these phishing pages are sent to the attackers, enabling them to intercept both passwords and 2FA codes and gain unauthorized access to the victims’ accounts.”

Phishing 84

Phishing Education Social Engineering Surveillance 84

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Deepfakes are revolutionizing social engineering attacks, making them more deceptive and harder to detect.

Social Engineering 96

Social Engineering Authentication Identity Theft Engineering 96

SecureWorld News

MAY 16, 2025

Scattered Spider is a financially motivated threat actor group known for its social engineering prowess, SIM-swapping attacks, and living-off-the-land (LOTL) techniques. The group is well known to employ social engineering tactics to gain access, so hardening your help desk is an immediate first step in defense," Staynings continued.

Retail 85

Retail Social Engineering Engineering Telecommunications 85

SecureWorld News

MAY 9, 2025

The development marks a significant escalation in COLDRIVER's cyber espionage activities, which have traditionally focused on credential phishing. The method, known as "ClickFix," leverages social engineering to bypass traditional email-based defenses. Cedric Leighton , CNN Military Analyst; U.S.

Malware 98

Malware Social Engineering Government Engineering 98

SecureWorld News

DECEMBER 17, 2024

This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. Simultaneously, a phishing campaign tricked targets into installing a fake kernel update. By downloading and running this code, victims essentially infected themselves."

Phishing 109

Phishing Threat Detection Social Engineering Cybercrime 109

IT Security Guru

FEBRUARY 25, 2025

Other Ways Threat Actors Exploit Human Behaviour In addition to fatigue attacks, malefactors weaponise social engineering. MFA fatigue is often coupled with social engineeringan attacker might contact the victim, masquerading as IT support, and advise them to approve the prompt to “resolve an issue.”

Social Engineering 118

Social Engineering Authentication Risk Accountability 118

Malwarebytes

MARCH 19, 2025

In reality, enabling notifications results in a flood of unwanted ads and malicious content (malvertising), potentially exposing users to phishing attempts and harmful software. QR code scams : Increasingly, scammers use QR codes on fake subsidy pages to drive users to phishing sites that steal their credentials.

Scams 96

Scams Government Identity Theft Phishing 96

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Promoting continuous learning in privacy tech, AI governance, and Zero Trust, alongside partnerships with educational institutions, helps build a skilled workforce to meet evolving regulatory demands.

Risk 173

Risk Threat Detection Technology Phishing 173

Malwarebytes

JUNE 18, 2025

They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even trick you into visiting malicious versions of legitimate websites. These numbers may look depressing, but they should instead educate.

Scams 117

Scams Social Engineering Media Engineering 117

Hacker's King

DECEMBER 16, 2024

In 2023, major ransomware incidents targeted healthcare providers, educational institutions, and large corporations. Phishing and Social Engineering : Phishing remains a popular attack method, leveraging emails, fake websites, and social media to deceive users into providing sensitive information.

Cyber Attacks 59

Cyber Attacks Phishing Penetration Testing Artificial Intelligence 59

Jane Frankland

MAY 16, 2025

Fraudsters use AI, social engineering, and emotional manipulation to steal not just money, but also trust, time, and peace of mind. MFA Bypass Methods: SIM swaps, malware, or phishing sites that trick you into revealing or approving access. Stricter accountability for social platforms and tech companies.

Scams 130

Scams Password Management Passwords Banking 130

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Social engineering attacks Social engineering attacks occur when someone uses a fake persona to gain your trust.

Consumer Protection 101

Consumer Protection Identity Theft Scams Social Engineering 101

Hacker's King

MAY 24, 2025

In simpler terms, phishing scams, brute force attacks, and MFA bypass techniques. Phishing attacks Phishing so far makes for the most dangerous aspect of cybersecurity. Unlike the traditional methods of sending more information about a certain service, a phishing email acts the complete opposite.

Cyber Attacks 59

Cyber Attacks Passwords Phishing Education 59

eSecurity Planet

APRIL 8, 2025

Xanthorox reasoner advanced mimics human reasoning, helping attackers craft more believable phishing messages or manipulate targets through social engineering. It features a live web scraper tool that pulls data from over 50 search engines for real-time reconnaissance. ” How are security teams responding?

Social Engineering 98

Social Engineering Phishing Engineering Cybercrime 98

The Last Watchdog

APRIL 22, 2025

As AI technology advances, attackers are shifting their focus from technical exploits to human emotions using deeply personal and well-orchestrated social engineering tactics. Educate and train: Empower executives and their families to make informed decisions about online activities.

Authentication 100

Authentication Social Engineering Technology Media 100

SecureWorld News

MARCH 18, 2025

Some reports indicate that Chinese smishing groups are selling SMS phishing kits, enabling scammers to efficiently spoof toll operators and target users in multiple states, including Massachusetts, Florida, and Texas. This level of sophistication underscores why public education is our first line of defense.

Scams 96

Scams Mobile Phishing Education 96

Responsible Cyber

NOVEMBER 23, 2024

Investigations revealed that employee phishing was the primary vector for the breach, exposing the vulnerabilities created by insufficient training and awareness programs. Another crucial aspect that emerged as a primary cause of these vendor breaches is the lack of employee training regarding cybersecurity practices.

Risk 81

Risk Healthcare Education Cybersecurity 81

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing 102

Phishing Authentication Engineering Banking 102

Security Boulevard

MARCH 17, 2025

In reality, many of the most successful breaches stem from simple tactics like phishing emails, social engineering, and exploiting basic security misconfigurations. People frequently fall for scams, phishing, and other attacks due to a lack of awareness, trust in seemingly legitimate sources, or simple human error.

Cybersecurity 52

Cybersecurity Social Engineering Scams Engineering 52

Hacker's King

OCTOBER 26, 2024

Cybersecurity Week is a global initiative that brings together various stakeholders—government agencies, educational institutions, and private companies—to promote understanding and awareness of cybersecurity issues. These sessions not only educate participants but also foster a sense of community among those invested in cybersecurity.

Cybersecurity 59

Cybersecurity Cyber threats Education Passwords 59

Hacker's King

DECEMBER 17, 2024

How the Malware Operates Initial Access : Attackers gain access to the targeted network using phishing, exploiting vulnerabilities, or leveraging stolen credentials. Train Employees Educating employees about phishing and social engineering tactics can reduce the likelihood of attackers gaining initial access to networks.

Banking 52

Banking Social Engineering Malware Cyber threats 52

SecureWorld News

JANUARY 21, 2025

Step 7: Awareness and education Pestie parallel: Pestie provides homeowners with clear instructions to ensure the product is used effectively. Just as an uninformed homeowner might misuse pest spray, an untrained employee is more likely to fall victim to phishing or social engineering attacks.

CISO 112

CISO Cybersecurity Cyber threats Social Engineering 112

SecureList

NOVEMBER 29, 2024

The campaign, which we dubbed EastWind , used phishing emails with malicious shortcuts attached to deliver malware to target computers. The attack starts with phishing emails purporting to be a court order or summons from an institution in Colombia’s judicial system. In 2023, there were 16 active partners.

Energy and Utilities 98

Energy and Utilities Ransomware Malware Government 98

Jane Frankland

JUNE 27, 2025

It’s why we train employees, run phishing simulations, and issue compliance mandates. Mistakes, like clicking on a phishing link, or oversights, like weak password maintenance, often take center stage. Tailor Strategies – One-size-fits-all approaches to cybersecurity education don’t work.

Cybersecurity 130

Cybersecurity Risk Phishing Education 130

Hacker's King

OCTOBER 22, 2024

With increasing threats, such as ransomware, data breaches, and phishing attacks, the demand for skilled cybersecurity experts is on the rise. His expertise and ability to educate companies on security vulnerabilities have made him a millionaire. Cybersecurity influencers like Troy Hunt, the creator of Have I Been Pwned?

Cybersecurity 59

Cybersecurity CISO Engineering Education 59

Security Affairs

JUNE 29, 2025

House banned WhatsApp on government devices due to security concerns Russia-linked APT28 use Signal chats to target Ukraine official with malware China-linked APT Salt Typhoon targets Canadian Telecom companies U.S.

Data breaches 64

Data breaches Ransomware Social Engineering Telecommunications 64

BH Consulting

JUNE 18, 2025

That was the message from a recent webinar that BH Consulting founder and CEO Brian Honan delivered for Géant, which provides networks and services to the research and education sector in Europe. Phishing has opened the door to smishing (phishing via SMS text message), vishing (video) and quishing (QR codes). You mean a scam.”

Cybersecurity 52

Cybersecurity Phishing Scams Education 52

Security Through Education

MAY 5, 2025

To me, one the most appealing aspects of becoming a professional social engineer was red teaming on an onsite job. I finally got to go on an onsite social engineering adversarial simulation (often referred to as physical pen testing). Written by Rosa Rowles Human Risk Analyst, Social-Engineer, LLC

Social Engineering 59

Social Engineering Engineering Banking Phishing 59

SecureList

NOVEMBER 28, 2024

Based on limited telemetry, we believe with medium to low confidence that some of the initial infections were spear-phishing emails. In this most recent campaign, the actor uses spear-phishing emails, embedding a JavaScript loader as the initial infection vector.

Malware 113

Malware Government Software Spyware 113

Malwarebytes

JUNE 30, 2025

Smishing (SMS phishing) has quickly become one of the most effective tools in the attacker’s playbook. We’re also seeing a growing number of PDF phishing attacks, where malicious documents act as entry points for broader compromise. And while smishing is rising fast, it’s not alone.

Mobile 100

Mobile Malware Spyware Scams 100

Webroot

APRIL 22, 2025

Phishing and social engineering : Using your personal information, scammers can craft more convincing phishing emails or messages to trick you into giving up even more sensitive details, like passwords and PIN numbers. This makes it accessible to a worldwide network of criminals.

Data breaches 75

Data breaches Identity Theft Passwords eCommerce 75

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Meanwhile, “RansomHub” is rising rapidly due to its attractive ransomware-as-a-service (RaaS) model.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Security Through Education

JUNE 2, 2025

But lately, those little squares have been showing up in a much sneakier way, thanks to something called Quishing its basically phishing, but with a QR code. Visit social-engineer.org for expert tips, tools, and resources to stay secure. Written by Josten Pea Human Risk Analyst, Social-Engineer, LLC

Scams 52

Scams Social Engineering Mobile Antivirus 52

Security Through Education

MARCH 18, 2025

Social media provides us with a fast, efficient, and exciting way to share our interests and experiences with our friends, but who outside of our sphere REALLY needs to know all this information about us? Unfortunately, this can put us at risk for spear phishing attacks, identity theft , and other forms of data compromise.

Accountability 52

Accountability Social Engineering Media Password Management 52

Security Affairs

FEBRUARY 9, 2025

US Justice Department says cybercrime forum allegedly affected 17 million Americans Cybercrime is increasingly complex.

Spyware 64

Spyware Cybercrime Scams Social Engineering 64