eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing

SecureWorld News

MAY 9, 2025

The development marks a significant escalation in COLDRIVER's cyber espionage activities, which have traditionally focused on credential phishing. The malware has been observed in campaigns as recent as April 2025, targeting advisors to Western governments and militaries, journalists, think tanks, NGOs, and individuals connected to Ukraine.

Malware

SecureWorld News

AUGUST 7, 2025

The recent wave of attacks, attributed to the financially motivated threat group ShinyHunters (also tracked by Google as UNC6040), serves as a powerful case study in the effectiveness of sophisticated social engineering. The stolen data, while not including financial information or passwords in all cases, is a goldmine for attackers.

Social Engineering

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. billion (equal to USD 326 million) between 2021 and 2023. Notably, some of them were registered between September and November 2024.

Phishing

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Organizations face rising risks of AI-driven social engineering and personal device breaches. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk

SecureWorld News

APRIL 22, 2025

Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages. According to Security Alliance's findings, the campaign relied on social engineering and Zoom's remote control feature to infect targets with malware.

Cryptocurrency

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Attackers now impersonate executives, government officials, and even family members to gain trust and manipulate victims.

Social Engineering

SecureWorld News

MARCH 24, 2025

AI agents are identitiesand they need governance One of the most pressing concerns from industry leaders is that AI agents often operate as non-human identities (NHIs)with broad system access but minimal oversight. You can't stop attackers from manipulating AI, just like you can't stop them from phishing employees," Feinberg said.

Social Engineering

SecureList

AUGUST 13, 2025

Introduction Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Since our last publication on phishing tactics, there has been a significant leap in the evolution of these threats.

Phishing

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts.

Ransomware

eSecurity Planet

NOVEMBER 6, 2024

This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. This attack underscores a critical lesson for businesses: even the most vital institutions, such as a city government, are vulnerable to cyberthreats.

Ransomware

Hacker's King

DECEMBER 16, 2024

In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. Recent incidents include attacks on government agencies, critical infrastructure, and major corporations, highlighting the vulnerability of national cybersecurity defenses.

Cyber Attacks

IT Security Guru

NOVEMBER 1, 2024

Cyber attacks can compromise critical infrastructure, financial systems, and sensitive government data. Phishing and Social Engineering: These tactics manipulate individuals to disclose sensitive information. Types of Cybersecurity Threats Malware and Ransomware: These can disable systems or steal data for ransom.

Technology

SecureList

FEBRUARY 20, 2025

Kaspersky MDR customers by region Distribution of incidents by industry In 2024, the MDR team observed the highest number of incidents in the industrial (25.7%), financial (14.1%), and government (11.7%) sectors. in government, 17.8% User Execution and Phishing remain top threats. in IT, 18.3% in industrial, and 11.9%

Phishing

Penetration Testing

JULY 2, 2025

Fortinet exposes a DCRat campaign impersonating a Colombian government agency, using obfuscated multi-stage infection, steganography, and AMSI bypass to deliver the RAT.

Government

Penetration Testing

MAY 7, 2025

Hunt.io, a threat hunting platform, has revealed a sophisticated phishing campaign using ClickFix-style tactics and spoofed Indian government The post APT36 Suspected in India Gov Spoofing Phishing with ClickFix Tactics appeared first on Daily CyberSecurity.

Phishing

The Last Watchdog

AUGUST 11, 2025

Adversaries are using AI to accelerate known techniques—particularly phishing, social engineering, and impersonation. McClerin cited the rise of “platform abuse,” where vulnerabilities are introduced through poorly governed third-party APIs.

Architecture

SecureList

NOVEMBER 29, 2024

Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations. Two months later, in July 2024, CloudSorcerer launched further attacks against Russian government organizations and IT companies.

Energy and Utilities

SecureWorld News

JULY 29, 2025

The root cause of the Allianz Life breach was a social engineering attack launched on one of its cloud vendors on July 16th, according to the company's filing with the Maine Attorney General's office. It's part of a disturbing trend of social engineering attacks specifically targeting the insurance sector and other industries.

Data breaches

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Social engineering attacks Social engineering attacks occur when someone uses a fake persona to gain your trust.

Consumer Protection

Jane Frankland

JUNE 24, 2025

And today, with an increasing volume of digital challenges – from malicious to mistakes and malfunction, it’s vital we move beyond this narrative and focus on governance and empowerment instead. But a governance issue that sits squarely with those who lead. a failure of governance. The good news? Change is happening.

Cyber Risk

Jane Frankland

MAY 16, 2025

Fraudsters use AI, social engineering, and emotional manipulation to steal not just money, but also trust, time, and peace of mind. Here’s a breakdown of the most widespread and damaging scams today: Impersonation Scams (51% of fraud cases) where fraudsters pose as: Banks, HMRC, DVLA, or government agencies. Couriers (e.g.,

Scams

Security Through Education

AUGUST 12, 2025

Vishing or voice phishing has rapidly become one of the most dangerous tools in a social engineer’s arsenal. Furthermore, the Anti-Phishing Working Group (APWG) has documented a steady quarterly increase in vishing attacks, underscoring the growing threat to businesses. What makes vishing so effective?

Social Engineering

SecureList

NOVEMBER 28, 2024

Based on limited telemetry, we believe with medium to low confidence that some of the initial infections were spear-phishing emails. The secure USB drive was developed by a government entity in Southeast Asia to securely store and transfer files between machines in sensitive environments.

Malware

Duo's Security Blog

JUNE 26, 2025

End-to-end phishing resistance means we protect your users from phishing attacks at every step of the identity lifecycle, starting with enrollment, to OS and application login, all the way to the help desk.

Authentication

Malwarebytes

JULY 2, 2025

Qantas says the breach occurred after a cybercriminal targeted a call centre and managed to gain access to the third party platform, presumably via social engineering. The breach at a third party provider is extra painful since Qantas concluded an uplift of third and fourth-party cyber-risk governance processes in 2024.

Social Engineering

SecureWorld News

APRIL 14, 2025

With these insights, security personnel know which attack vectors to watch more closely, how to orchestrate the defenses, and what new phishing and social engineering trends to warn employees about. Agencies like the FBI, CISA, and NSA in the U.S.,

Media

Hacker's King

DECEMBER 17, 2024

How the Malware Operates Initial Access : Attackers gain access to the targeted network using phishing, exploiting vulnerabilities, or leveraging stolen credentials. Train Employees Educating employees about phishing and social engineering tactics can reduce the likelihood of attackers gaining initial access to networks.

Banking

SecureList

JANUARY 30, 2025

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples.

Accountability

SecureWorld News

JUNE 4, 2025

While the company emphasized that no financial data or passwords were exposed, the incident raises concerns about the potential for highly targeted phishing and social engineering , particularly given the brand's clientele of high-net-worth individuals (HNWIs). That's why MFA adoption remains low in many cases."

Retail

Security Affairs

JUNE 29, 2025

House banned WhatsApp on government devices due to security concerns Russia-linked APT28 use Signal chats to target Ukraine official with malware China-linked APT Salt Typhoon targets Canadian Telecom companies U.S.

Data breaches

eSecurity Planet

MAY 1, 2025

AI phishing coach: This tool replaces traditional, static training with real-time, personalized coaching. RSA targets passwordless and help desk threats RSA unveiled a new enterprise-ready passwordless platform aimed at thwarting advanced identity attacks, especially those that attempt to bypass help desks using social engineering.

Cybersecurity

Hacker's King

OCTOBER 26, 2024

Cybersecurity Week is a global initiative that brings together various stakeholders—government agencies, educational institutions, and private companies—to promote understanding and awareness of cybersecurity issues. Be Cautious with Email Attachments: Phishing attacks often come disguised as legitimate emails.

Cybersecurity

SecureList

DECEMBER 9, 2024

This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. This information was disseminated, making the vulnerable systems high-visibility targets for threat actors, especially as Fortinet products are commonly found in government, healthcare, and other critical sectors.

Internet

Security Affairs

DECEMBER 1, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Hacker's King

OCTOBER 22, 2024

As businesses, governments, and individuals continue to migrate to digital platforms, the risk of cyberattacks rises exponentially. With increasing threats, such as ransomware, data breaches, and phishing attacks, the demand for skilled cybersecurity experts is on the rise.

Cybersecurity

BH Consulting

OCTOBER 24, 2024

Cyber Ireland, the national cybersecurity cluster supported by the Irish Government, worked in partnership with EI and NCSC, giving input into the initiative’s development before its launch. MORE Cofense looks at a recent phishing campaign that used HR-related themes. MORE Have you signed up to our monthly newsletter?

Social Engineering