The Last Watchdog

MARCH 24, 2025

24, 2025, CyberNewswire — Arsen , a leading cybersecurity company specializing in social engineering defense, today announced the full release of Conversational Phishing, a groundbreaking feature embedded in its phishing simulation platform. Paris, France, Mar. To learn more about Conversational Phishing, users can visit [link].

Social Engineering 130

Social Engineering Engineering Phishing Security Awareness 130

Adam Shostack

JANUARY 2, 2025

The most important stories around threat modeling, appsec and secure by design for May, 2024. A memorial service for Ross Anderson will be held June 22 in Cambridge. Bruce Schneier wrote an obituary for Ross at CACM. Im told there will be a way to view the service remotely, and: [link] Passcode: L3954FrrEF.

Engineering 130

Engineering Software Government 130

Penetration Testing

MAY 22, 2025

cryptocurrency exchange Coinbase recently disclosed that it had fallen victim to a sophisticated social The post Social Engineering Attack: Coinbase Customer Data Stolen, 70K Users Affected appeared first on Daily CyberSecurity. The publicly listed U.S.

Social Engineering 74

Social Engineering Engineering Cryptocurrency Cybersecurity 74

Schneier on Security

FEBRUARY 24, 2025

Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than any human, or any of the AI models in the study. When they couldn’t win, they sometimes resorted to cheating. In one case, o1-preview found itself in a losing position.

Engineering 288

Engineering Hacking 288

Schneier on Security

JANUARY 30, 2025

They exploit people who are using search engines to search sites like Reddit. There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. ” Boingboing post.

Malware 232

Malware Engineering 232

Krebs on Security

NOVEMBER 12, 2024

Satnam Narang , senior staff research engineer at Tenable , says the danger with stolen NTLM hashes is that they enable so-called “pass-the-hash” attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user’s password.

Authentication 280

Authentication Engineering Malware Passwords 280

Krebs on Security

DECEMBER 10, 2024

. “Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett , lead software engineer at Rapid7.

Engineering 258

Engineering Authentication Software Ransomware 258

Schneier on Security

JUNE 6, 2025

By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive employment schemes, covert influence operations and scams.

Social Engineering 174

Social Engineering Scams Engineering Cyber threats 174

The Hacker News

JUNE 2, 2025

The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. Out of bounds read and write in V8 in Google

Engineering 144

Engineering 144

The Hacker News

MAY 23, 2025

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News.

Social Engineering 138

Social Engineering Malware Engineering 138

The Hacker News

MAY 27, 2025

Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years.

Social Engineering 123

Social Engineering Phishing Engineering Technology 123

Schneier on Security

DECEMBER 2, 2024

Here are the technical details , discovered through reverse engineering. I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.

Engineering 317

Engineering 317

Schneier on Security

FEBRUARY 25, 2025

This attack proves that UI manipulation and social engineering can bypass even the most secure wallets. No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. The industry needs to move to end to end prevention, each transaction must be validated.

Cryptocurrency 239

Cryptocurrency Social Engineering Hacking Engineering 239

Krebs on Security

FEBRUARY 11, 2025

Tenable senior staff research engineer Satnam Narang noted that since 2022, there have been nine elevation of privilege vulnerabilities in this same Windows component — three each year — including one in 2024 that was exploited in the wild as a zero day (CVE-2024-38193).

Artificial Intelligence 216

Artificial Intelligence Engineering Software Internet 216

SecureWorld News

JUNE 5, 2025

This year's findings highlight major detection coverage gaps and systemic detection engineering challenges that impact the effectiveness of enterprise SIEMs in detection and responding to adversary activity. What's clear is that the traditional approach to detection engineering is broken. Here are key takeaways from the report.

Engineering 104

Engineering Authentication CISO Architecture 104

Security Boulevard

JANUARY 15, 2025

Sweet Security today added a cloud detection engine to its cybersecurity portfolio that makes use of a large language model (LLM) to identify potential threats in real-time. The post Sweet Security Leverages LLM to Improve Cloud Security appeared first on Security Boulevard.

Engineering 124

Engineering Cybersecurity 124

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. FBI warns Silent Ransom Group has targeted U.S. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. ” reads the alert issued by the FBI.

Social Engineering 116

Social Engineering Antivirus Phishing Engineering 116

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey.

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

The Hacker News

MAY 30, 2025

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.

Social Engineering 117

Social Engineering Malware Encryption Engineering 117

The Hacker News

MAY 7, 2025

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures.

Social Engineering 125

Social Engineering Malware Engineering 125

Penetration Testing

NOVEMBER 11, 2024

Cado Security Labs has uncovered a targeted GuLoader malware campaign aimed at European industrial and engineering companies.

Engineering 125

Engineering Malware Cybersecurity 125

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged.

Hacking 297

Hacking Accountability Government Social Engineering 297

The Hacker News

MAY 27, 2025

Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud.

Manufacturing 117

Manufacturing Mobile Engineering 117

eSecurity Planet

OCTOBER 18, 2024

It is generalized and entry-level, but it demonstrates a core level of competency that can be a building block of almost any career in cybersecurity, whether in administration, engineering, or development. It’s obviously a step to penetration testing, but it’s also helpful for architect, engineer, and analyst jobs.

Cybersecurity 125

Cybersecurity Artificial Intelligence Penetration Testing CISO 125

Schneier on Security

AUGUST 29, 2024

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret. She was a remarkable person.

Engineering 339

Engineering Internet Internet 339

The Hacker News

MAY 13, 2025

Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. The Most Powerful Person on the

Social Engineering 105

Social Engineering Engineering Cybersecurity 105

Krebs on Security

JUNE 10, 2025

While WebDAV isn’t enabled by default in Windows, its presence in legacy or specialized systems still makes it a relevant target, said Seth Hoyt , senior security engineer at Automox. “Exploitation relies on the user clicking a malicious link.

130

130

Security Affairs

OCTOBER 30, 2024

Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an Inappropriate implementation issue that resides in Chrome’s V8 JavaScript engine.

Engineering 135

Engineering Architecture Hacking Information Security 135

Krebs on Security

MARCH 27, 2025

Rather, it appears those responsible are promoting them by manipulating the search engine results shown when someone searches for one of these anti-Putin organizations.

Phishing 231

Phishing Government Engineering Internet 231

Adam Shostack

FEBRUARY 20, 2025

Whether youre an engineer, security professional, or product leader, this discussion may help you refine your approach to building secure systems efficiently. The Four Question Framework At its core, we can make threat modeling more accessible to all engineers by asking four simple questions: 1. Here are some key takeaways: 1.

Cybersecurity 130

Cybersecurity Engineering 130

Duo's Security Blog

MAY 28, 2025

AI significantly exacerbates the situation by amplifying the scale, speed and sophistication of account takeover attacks, enabling automated and highly adaptive social engineering techniques. Seamless Help Desk Verification: A new tech partnership enabling identity verification for help desks, safeguarding against social engineering attacks.

Social Engineering 124

Social Engineering Engineering Phishing Marketing 124

Zero Day

MAY 14, 2025

It took ChatGPT Deep Research minutes to reverse-engineer my full GitHub repo, when I'd need days. Here's why this is a big deal.

Engineering 99

Engineering 99

The Last Watchdog

MARCH 12, 2025

Acting as a proactive teammate, Aptori’s AI Security Engineer works alongside developers and security teams to identify security weaknesses, assess risk, and implement fixes in real-time. The result is deeper coverage and more precise security insights.

Risk 130

Risk Engineering Digital transformation Technology 130

Adam Shostack

JANUARY 2, 2025

The list of threat actors includes both internal attacker, internal malicious user, and Google engineers. I dont want to make too much of this, but making our diagrams easy to read so we can spend our mental energy on other things pays off. I think that means the first two are internal to the GCP customer. What can go wrong?

Engineering 246

Engineering Authentication 246

The Hacker News

MAY 8, 2025

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.

Cryptocurrency 115

Cryptocurrency Engineering Phishing Cybersecurity 115

Krebs on Security

MAY 22, 2025

Kalinkin is an IT engineer for the Russian state-owned energy giant Gazprom. The ringleaders of the DanaBot conspiracy are named as Aleksandr Stepanov , 39, a.k.a. JimmBee , and Artem Aleksandrovich Kalinkin , 34, a.k.a. Onix , both of Novosibirsk, Russia. His Facebook profile name is “Maffiozi.”

Malware 254

Malware Cybercrime Government Banking 254

The Last Watchdog

MAY 16, 2025

In this Q&A, Merza explains why todays playbooks fall shortand how Crogls knowledge engine could help SOCs bridge the intelligence-to-action gap. Merza: Because SOCs must reverse-engineer every advisory into their own context. LW: How is Crogls “knowledge engine” different from SOAR or AI playbooks?

Engineering 100

Engineering Architecture Healthcare Internet 100