Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS.

Malware 308

Malware Social Engineering Engineering Hacking 308

Schneier on Security

APRIL 22, 2024

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

Malware 340

Malware Social Engineering Engineering Software 340

Security Affairs

OCTOBER 13, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000!

Malware 123

Malware DDOS Cryptocurrency Education 123

Krebs on Security

NOVEMBER 12, 2024

Satnam Narang , senior staff research engineer at Tenable , says the danger with stolen NTLM hashes is that they enable so-called “pass-the-hash” attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user’s password. This bug has earned a CVSS severity rating of 9.8 (10

Authentication 279

Authentication Engineering Malware Passwords 279

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 123

Scams Malware Phishing Social Engineering 123

The Hacker News

MAY 30, 2025

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.

Social Engineering 109

Social Engineering Malware Encryption Engineering 109

The Hacker News

MAY 7, 2025

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures.

Social Engineering 116

Social Engineering Malware Engineering 116

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Malware 119

Malware Social Engineering Software Mobile 119

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking 111

Banking Malware Energy and Utilities Encryption 111

Security Affairs

APRIL 21, 2025

Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware 106

Malware Social Engineering Banking Engineering 106

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration. Cedric Leighton , CNN Military Analyst; U.S.

Malware 88

Malware Social Engineering Engineering Government 88

Tech Republic Security

FEBRUARY 27, 2025

Trends in cybersecurity across 2024 showed less malware and phishing, though more social engineering. CrowdStrike offers tips on securing your business.

Social Engineering 204

Social Engineering Engineering Phishing Malware 204

Schneier on Security

SEPTEMBER 20, 2024

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line.

Social Engineering 315

Social Engineering Engineering Phishing Malware 315

Schneier on Security

DECEMBER 7, 2020

Clever tactic : This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming (also known as Magecart) attacks.

Media 333

Media Malware Social Engineering Engineering 333

Penetration Testing

OCTOBER 27, 2024

The ReliaQuest Threat Research Team uncovered an intensified social engineering campaign tied to the ransomware group Black Basta.

Social Engineering 97

Social Engineering Engineering Ransomware Cybersecurity 97

Tech Republic Security

MAY 13, 2025

By downloading what they believe is an AI-generated video, victims have installed malware that can steal their data or offer attackers remote access to infected devices.

Malware 126

Malware Artificial Intelligence Social Engineering Engineering 126

Tech Republic Security

DECEMBER 12, 2023

Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. Get the details.

Social Engineering 204

Social Engineering Engineering Malware Big data 204

Security Affairs

DECEMBER 1, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 71

Malware Social Engineering Antivirus Engineering 71

Penetration Testing

MAY 26, 2025

A deceptively crafted fake Google Meet page has surfaced on compromised WordPress sites, tricking unsuspecting visitors into manually The post Fake Google Meet Page Tricks Users into Running Malware appeared first on Daily CyberSecurity.

Malware 112

Malware Cybersecurity Social Engineering Engineering 112

SecureList

APRIL 16, 2025

Instead, they rely on the default severity in the rule, which is often set randomly or based on an engineer’s opinion without a clear process. Detection engineering program Before diving into the program-level approach, we will first present the detection engineering lifecycle that forms the foundation of the proposed program.

Engineering 71

Engineering Threat Detection Firewall Digital transformation 71

SecureWorld News

MARCH 13, 2025

A recent report from Tenable highlights how DeepSeek R1, an open-source AI model, can generate rudimentary malware, including keyloggers and ransomware. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware 113

Malware Cybersecurity Cyber threats Threat Detection 113

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” reads the report published by Google.

Malware 116

Malware Government Encryption Hacking 116

Penetration Testing

MAY 25, 2025

Threat actors have ramped up a new social engineering campaign, dubbed “ClickFix,” where fake CAPTCHA prompts embedded in The post Deceptive CAPTCHA: ClickFix Campaign Uses Clipboard Injection to Deliver Malware appeared first on Daily CyberSecurity.

Social Engineering 71

Social Engineering Malware Engineering Cybersecurity 71

Penetration Testing

MAY 23, 2025

Trend Micro reveals a growing threat on TikTok, where AI-generated videos deceive users into running malicious PowerShell commands The post AI-Generated Malware: TikTok Videos Push Infostealers with PowerShell Commands appeared first on Daily CyberSecurity.

Malware 107

Malware Cybersecurity Social Engineering Artificial Intelligence 107

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering 209

Social Engineering Malware Engineering Banking 209

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 79

Malware Cryptocurrency Encryption Engineering 79

Penetration Testing

DECEMBER 10, 2024

The attacks, attributed to... The post UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base appeared first on Cybersecurity News.

Social Engineering 105

Social Engineering Engineering Phishing Cybersecurity 105

Malwarebytes

APRIL 24, 2025

Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC).

Malware 94

Malware Banking Software Social Engineering 94

Security Affairs

OCTOBER 11, 2024

Observed ChatGPT behavior mainly involved reconnaissance, threat actors used the OpenAI’s platform to seek info on companies, services, and vulnerabilities, similar to search engine queries. The group used the chatbot to receive support in Android malware development and to create a scraper for the social media platform Instagram.

Malware 136

Malware Social Engineering Engineering Hacking 136

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. Last week, a seven-year-old proxy service called 911[.]re

Malware 325

Malware Cybercrime Internet Internet 325

Penetration Testing

NOVEMBER 11, 2024

Cado Security Labs has uncovered a targeted GuLoader malware campaign aimed at European industrial and engineering companies.

Engineering 122

Engineering Malware Cybersecurity 122

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged. dot-gov emails get hacked.

Hacking 296

Hacking Accountability Government Social Engineering 296

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 315

Malware Cybercrime Software Accountability 315

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Microsoft’s Bing search engine says gaihnik@mail.ru Image: spur.us. Image: Darkbeast/Ke-la.com.

Malware 306

Malware Passwords Accountability Advertising 306

Krebs on Security

MARCH 27, 2025

Many successful phishing attacks result in a financial loss or malware infection. Rather, it appears those responsible are promoting them by manipulating the search engine results shown when someone searches for one of these anti-Putin organizations.

Phishing 230

Phishing Government Engineering Internet 230

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. This command, executed via mshta.exe, downloads and launches various malware families, such as XWorm, Lumma Stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT.

Phishing 65

Phishing Malware Social Engineering Authentication 65

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. The cybersecurity world got really lucky last week. modified the way the software functions.

Social Engineering 354

Social Engineering Engineering Software Encryption 354