The Hacker News

JANUARY 31, 2025

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.

Social Engineering 129

Social Engineering Engineering Passwords Software 129

The Hacker News

MAY 7, 2025

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures.

Social Engineering 131

Social Engineering Malware Engineering 131

The Hacker News

MAY 30, 2025

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.

Social Engineering 115

Social Engineering Malware Encryption Engineering 115

The Hacker News

MAY 27, 2025

Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years.

Social Engineering 125

Social Engineering Phishing Engineering Technology 125

Security Affairs

AUGUST 18, 2024

Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk. However, the social-engineering tactics the group used in the case described above are noteworthy – but they are not unique.

Social Engineering 145

Social Engineering Engineering Ransomware Cybercrime 145

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. ” The target then received a text message that referenced information about his account, stating that he was in a support call with Michael. Please give me one moment.”

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. FBI warns Silent Ransom Group has targeted U.S. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S.

Social Engineering 115

Social Engineering Antivirus Phishing Authentication 115

The Hacker News

JUNE 6, 2025

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. based telecom provider Spectrum.

Social Engineering 110

Social Engineering Engineering Malware Cybersecurity 110

Digital Shadows

OCTOBER 25, 2024

During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” There has been a significant rise in ransomware actors using social engineering techniques to gain unauthorized access to sensitive systems and data.

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The actor logged the information provided by the employee and used it in real-time to gain access to corporate tools using the employee’s account.”

Social Engineering 363

Social Engineering VPN Authentication Engineering 363

eSecurity Planet

JUNE 20, 2025

The company says it contained the attack within hours and continues to operate normally, but warns that sensitive customer information may have been exposed. Social engineering: A key tactic Aflac’s preliminary findings indicate that the unauthorized party used “ social engineering tactics ” to gain access to their network.

Social Engineering 95

Social Engineering Cybersecurity Insurance Cybercrime 95

Malwarebytes

MAY 8, 2025

Using a fully authenticated web worker, this phishing kit is using a legitimate hosted web service called Pusher with the intent of manipulating sensitive profile data fields related to banking and payment information. Protect yourand your family’spersonal information by using identity protection. app accuont-app-deel[.]cc

Phishing 103

Phishing Authentication Engineering Banking 103

The Last Watchdog

NOVEMBER 11, 2024

The technology, which first emerged primarily in the world of gaming and entertainment, now promises to reshape our reality with interactive information and immersive experiences. It could also help users identify various cybersecurity attacks, whether they are types of spoofing , phishing, social engineering, or malware.

Cybersecurity 130

Cybersecurity Social Engineering Technology Threat Detection 130

Security Affairs

JANUARY 21, 2025

“The Ukrainian government’s computer emergency response team, CERT-UA, has received information about numerous cases of attempts to connect to computers using the AnyDesk program, allegedly on behalf of CERT-UA.” ” reads the advisory published by CERT-UA. UAC-0010 , UAC-0050 and UAC-0006 ).

Social Engineering 111

Social Engineering Scams Engineering Software 111

Security Affairs

OCTOBER 11, 2024

. “CyberAv3nger accounts also asked our models high-level questions about how to obfuscate malicious code, how to use various security tools often associated with post-compromise activity, and for information on both recently disclosed and older vulnerabilities from a range of products.” ” continues the report.

Malware 138

Malware Social Engineering Engineering Hacking 138

Krebs on Security

DECEMBER 29, 2024

Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website. Instead, we doubled down and published all of the supporting evidence that wasn’t included in the original story, leaving little room for doubt about its conclusions.

Scams 241

Scams Cybercrime Cryptocurrency Social Engineering 241

Security Affairs

MAY 17, 2025

Access to personal or official accounts operated by US officials could be used to target other government officials, or their associates and contacts, by using trusted contact information they obtain.” ” reads the alert issued by the FBI.

Government 125

Government Social Engineering Authentication Accountability 125

SecureWorld News

JANUARY 7, 2025

Beware the Poisoned Apple: Defending Against Malware and Social Engineering Just like Snow White was tricked into accepting a poisoned apple from the Evil Queen, malware and social engineering attacks exploit trust to deliver harmful payloads. This parallels the modern cybersecurity concept of secure remote access.

Cybersecurity 113

Cybersecurity Social Engineering Phishing Engineering 113

Krebs on Security

DECEMBER 18, 2024

The message included a “Google Support Case ID number” and information about the Google representative supposedly talking to him on the phone, stating the rep’s name as “Ashton” — the same name given by the caller.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. FROM ACCOUNT THEFT TO A FULL-FLEDGED SERVICE: THE EVOLUTION OF THE MODEL The phenomenon has rapidly upgraded complexity, as detailed in the Meridian Group report.

Cybercrime 140

Cybercrime Social Engineering Accountability Government 140

Security Affairs

APRIL 21, 2025

The malware is delivered via social engineering, attackers attempt to trick victims into tapping cards on infected phones. Calls enable social engineering in a Telephone-Oriented Attack Delivery (TOAD) scenario. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware 109

Malware Social Engineering Banking Engineering 109

Joseph Steinberg

FEBRUARY 11, 2021

Perhaps even scarier is the possibility that, if you share a photo of your vaccine card, a criminal may use the information to social engineer you (or a family member, co-worker, etc.) Consider the people close to you – could any of them potentially fall for some variant of such a scam?

Media 363

Media Artificial Intelligence Social Engineering Manufacturing 363

Krebs on Security

OCTOBER 20, 2023

In an interview with KrebsOnSecurity, Okta’s Deputy Chief Information Security Officer Charlotte Wylie said Okta initially believed that BeyondTrust’s alert on Oct. In both cases, the attackers managed to social engineer employees into resetting the multi-factor login requirements for Okta administrator accounts.

Social Engineering 362

Social Engineering Engineering Accountability Hacking 362

Krebs on Security

NOVEMBER 21, 2024

“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis , the assistant director in charge of the FBI’s Los Angeles field office.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. . ” reads the report published McAfee.

Social Engineering 132

Social Engineering Media Mobile Scams 132

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 332

Hacking Social Engineering Phishing Scams 332

Malwarebytes

APRIL 1, 2025

Once logged in, follow the prompts to review and confirm your tax information. The IRS’s annual Dirty Dozen list of tax scams shows common schemes that threaten your tax and financial information. And when it does, it is only to send general information and in an ongoing case with an assigned IRS employee.

Scams 138

Scams Phishing Artificial Intelligence Social Engineering 138

Krebs on Security

NOVEMBER 21, 2020

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. authenticate the phone call before sensitive information can be discussed. and 11:00 p.m.

Cryptocurrency 364

Cryptocurrency Scams Social Engineering VPN 364

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Lumma stealer: Designed to harvest personal information and sensitive data from infected devices.

Scams 123

Scams Malware Phishing Social Engineering 123

Malwarebytes

JUNE 18, 2025

It’s here that people are most likely to find phishing attempts, romance scams, sextortion threats, and more, and it’s here that everyday people should stay most cautious when receiving messages from unknown senders or in responding to allegedly urgent requests for money or information.

Scams 103

Scams Social Engineering Media Engineering 103

Krebs on Security

JANUARY 29, 2020

. “These conversations include minimal customer information and are used for frontline reps to escalate issues to managers,” said Lisa Belot , Sprint’s communications manager. Perhaps more importantly for Sprint and its customers, the forum also included numerous links and references to internal tools and procedures.

Social Engineering 326

Social Engineering Telecommunications Data privacy Engineering 326

Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 119

Encryption Password Management Cryptocurrency Social Engineering 119

Security Affairs

OCTOBER 29, 2024

The site provides a downloader called Pronsis Loader to Windows users, this malware starts an attack chain, ultimately installing SUNSPINNER and the PURESTEALER information stealer. For Android users, a malicious APK installs a variant of the CRAXSRAT backdoor, sometimes bundled with SUNSPINNER.

Malware 122

Malware Social Engineering Software Mobile 122

SecureWorld News

APRIL 22, 2025

The malware then exfiltrates sensitive data, including cryptocurrency wallet credentials, personal information, and private keys. Once the attacker has control, they can not only steal sensitive information but also manipulate the victim's actions, making it harder to detect malicious activity.

Cryptocurrency 90

Cryptocurrency Social Engineering Cybercrime Engineering 90

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Consumer fraud: Deepfakes are increasingly used to spread false information, influence elections, and create social unrest.

Social Engineering 86

Social Engineering Authentication Identity Theft Engineering 86

SecureWorld News

MAY 9, 2025

LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker," GTIG reported. The method, known as "ClickFix," leverages social engineering to bypass traditional email-based defenses.

Malware 86

Malware Social Engineering Government Engineering 86