Malware, Penetration Testing and Social Engineering

Black Basta Ransomware Group Elevates Social Engineering with Microsoft Teams and Malicious QR Codes

Penetration Testing

OCTOBER 27, 2024

The ReliaQuest Threat Research Team uncovered an intensified social engineering campaign tied to the ransomware group Black Basta.

Social Engineering

Social Engineering Engineering Ransomware Cybersecurity

UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base

Penetration Testing

DECEMBER 10, 2024

The attacks, attributed to... The post UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base appeared first on Cybersecurity News.

Social Engineering

Social Engineering Engineering Phishing Cybersecurity

Penetration Testing Services: Pricing Guide

CyberSecurity Insiders

JANUARY 28, 2022

For many businesses, penetration testing is an important part of their security protocol. However, penetration testing can be costly and difficult to find the right service for your needs. However, penetration testing can be costly and difficult to find the right service for your needs. Duration of the test.

Penetration Testing

Penetration Testing Data breaches Social Engineering Security Awareness

Deceptive CAPTCHA: ClickFix Campaign Uses Clipboard Injection to Deliver Malware

Penetration Testing

MAY 25, 2025

Threat actors have ramped up a new social engineering campaign, dubbed “ClickFix,” where fake CAPTCHA prompts embedded in The post Deceptive CAPTCHA: ClickFix Campaign Uses Clipboard Injection to Deliver Malware appeared first on Daily CyberSecurity.

Social Engineering

Social Engineering Malware Engineering Cybersecurity

Understanding the difference between attack simulation vs penetration testing

CyberSecurity Insiders

MARCH 28, 2023

Attack simulation and penetration testing are both methods used to identify vulnerabilities in a company’s cybersecurity infrastructure, but there are some differences between the two. The post Understanding the difference between attack simulation vs penetration testing appeared first on Cybersecurity Insiders.

Penetration Testing

Penetration Testing Social Engineering Phishing Engineering

Redline Stealer Malware Evolves with Sneaky New Tricks, Spreads Globally

Penetration Testing

APRIL 17, 2024

McAfee Labs researchers have uncovered a dangerous new variant of the Redline Stealer malware that uses clever obfuscation tactics and aggressive social engineering to trick victims and evade detection.

Penetration Testing

Penetration Testing Malware Social Engineering Engineering

Elastic Uncovers Stealthy Campaign Using GHOSTPULSE and ARECHCLIENT2 Malware

Penetration Testing

JUNE 18, 2025

Elastic uncovers a sophisticated ClickFix campaign deploying the GHOSTPULSE loader to deliver ARECHCLIENT2 malware, leveraging social engineering for credential theft and remote access.

Social Engineering

Social Engineering Malware Engineering Phishing

Fake Google Meet Page Tricks Users into Running Malware

Penetration Testing

MAY 26, 2025

A deceptively crafted fake Google Meet page has surfaced on compromised WordPress sites, tricking unsuspecting visitors into manually The post Fake Google Meet Page Tricks Users into Running Malware appeared first on Daily CyberSecurity.

Malware

Malware Cybersecurity Social Engineering Engineering

Penetration Testing Remote Workers

SecureWorld News

JUNE 28, 2020

With many organizations now planning their annual penetration tests ("pentest" for short), a change is needed in order to accommodate remote workers. It also begs what are you allowed to test versus what is now considered taboo considering end-users may be operating with their own personal equipment?

Penetration Testing

Penetration Testing Social Engineering VPN Phishing

How Much Does Penetration Testing Cost? 11 Pricing Factors

eSecurity Planet

JUNE 20, 2023

After surveying trusted penetration testing sources and published pricing, the cost of a penetration test for the average organization is $18,300. and different types of penetration tests (black box, gray box, white box, social engineering, etc.).

Penetration Testing

Penetration Testing Social Engineering Engineering eCommerce

Mocha Manakin: New Threat Group Uses “Paste and Run” to Deploy Custom NodeJS RAT!

Penetration Testing

JUNE 22, 2025

Red Canary uncovers Mocha Manakin, a new threat group using "paste and run" social engineering to deploy NodeInitRAT, a custom NodeJS RAT with potential ransomware links.

Social Engineering

Social Engineering Engineering Ransomware Malware

Copybara Fraud Campaign Leverages On-Device Fraud and Social Engineering Tactics

Penetration Testing

MARCH 6, 2024

Threat actors (TAs) are weaponizing a combination of social engineering, phishing infrastructure, and an advanced Android banking trojan to... The post Copybara Fraud Campaign Leverages On-Device Fraud and Social Engineering Tactics appeared first on Penetration Testing.

Social Engineering

Social Engineering Engineering Penetration Testing Banking

AI-Generated Malware: TikTok Videos Push Infostealers with PowerShell Commands

Penetration Testing

MAY 23, 2025

Trend Micro reveals a growing threat on TikTok, where AI-generated videos deceive users into running malicious PowerShell commands The post AI-Generated Malware: TikTok Videos Push Infostealers with PowerShell Commands appeared first on Daily CyberSecurity.

Malware

Malware Cybersecurity Social Engineering Artificial Intelligence

Sophisticated Social Engineering Campaign Linked to Black Basta Ransomware

Penetration Testing

MAY 13, 2024

Rapid7 analysts have uncovered a new, highly targeted social engineering campaign potentially linked to the Black Basta ransomware group.

Social Engineering

Social Engineering Engineering Penetration Testing Ransomware

TA571 and ClearFake Use Social Engineering to Deliver PowerShell Malware

Penetration Testing

JUNE 17, 2024

Proofpoint researchers have discovered a sophisticated social engineering technique that leverages clipboard manipulation to deliver malware through PowerShell scripts.

Social Engineering

Social Engineering Engineering Malware Cybersecurity

Good, Perfect, Best: how the analyst can enhance penetration testing results

SecureList

FEBRUARY 10, 2023

Penetration testing is something that many (of those who know what a pentest is) see as a search for weak spots and well-known vulnerabilities in clients’ infrastructure, and a bunch of copied-and-pasted recommendations on how to deal with the security holes thus discovered.

Penetration Testing

Penetration Testing Cybersecurity Banking Social Engineering

Gootloader Malware Expands Its Reach with Advanced Social Engineering and SEO Poisoning

Penetration Testing

JANUARY 20, 2025

Sophos X-Ops has released an in-depth analysis of the notorious Gootloader malware family, highlighting its use of advanced The post Gootloader Malware Expands Its Reach with Advanced Social Engineering and SEO Poisoning appeared first on Cybersecurity News.

Social Engineering

Social Engineering Engineering Malware Cybersecurity

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

The Hacker News

SEPTEMBER 5, 2024

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. It was developed

Penetration Testing

Penetration Testing Social Engineering Malware Engineering

OpenAI bans ChatGPT accounts linked to Russian, Chinese cyber ops

Security Affairs

JUNE 9, 2025

OpenAI banned ChatGPT accounts tied to Russian and Chinese hackers using the tool for malware, social media abuse, and U.S. The blocked accounts were used to assist malware development, social media automation, and research about U.S. satellite tech research. We banned the OpenAI accounts used by this adversary.”

Accountability

Accountability Social Engineering Media Penetration Testing

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

Penetration Testing

JUNE 16, 2025

Water Curse is using GitHub to distribute malicious open-source projects, weaponizing 76 accounts with multi-stage malware targeting developers, red teamers, and gamers.

Malware

Malware Accountability Social Engineering Engineering

North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft

Penetration Testing

JUNE 22, 2025

North Korean APT BlueNoroff (TA444) exploited deepfakes in Zoom calls to trick a crypto foundation employee into installing custom macOS malware for digital asset theft.

Malware

Malware Scams Social Engineering Cryptocurrency

ClickFix: The Rising Threat of Clipboard-Based Social Engineering

Penetration Testing

NOVEMBER 19, 2024

In a detailed report, Proofpoint researchers have unveiled the alarming rise of a unique social engineering method dubbed ClickFix, which exploits human behavior to spread malware through self-inflicted compromises.

Social Engineering

Social Engineering Engineering Malware Cybersecurity

Behind the Followers: Malicious Python Package Harvests Instagram Credentials

Penetration Testing

JUNE 9, 2025

Beware 'imad213,' a fake Instagram booster stealing credentials via social engineering and bot services. Learn how to protect your account.

Social Engineering

Social Engineering Engineering Accountability Scams

ClearFake Campaign Employs Novel Social Engineering Tactic to Deliver LummaC2 Infostealer

Penetration Testing

JUNE 3, 2024

This JavaScript framework, previously known for its drive-by downloads and fake browser update schemes, has now... The post ClearFake Campaign Employs Novel Social Engineering Tactic to Deliver LummaC2 Infostealer appeared first on Penetration Testing.

Social Engineering

Social Engineering Engineering Penetration Testing Malware

Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers

Penetration Testing

OCTOBER 19, 2024

A new and dangerous social engineering tactic, dubbed ClickFix, has emerged as a significant cybersecurity threat in 2024, according to a recent report from the Sekoia Threat Detection & Research... The post Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers appeared first on Cybersecurity News.

Social Engineering

Social Engineering Threat Detection Engineering Cybersecurity

Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware

Penetration Testing

MARCH 15, 2025

A sophisticated phishing campaign impersonating Booking.com is targeting organizations in the hospitality industry, using a novel social engineering The post Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware appeared first on Cybersecurity News.

Phishing

Phishing Malware Social Engineering Engineering

North Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies to Spread Malware Trio

Penetration Testing

APRIL 27, 2025

Threat analysts at Silent Push have uncovered a new campaign orchestrated by the North Korean state-sponsored APT group, The post North Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies to Spread Malware Trio appeared first on Daily CyberSecurity.

Malware

Malware Cybersecurity Social Engineering Cyber Attacks

Sophos X-Ops Alerts: ‘Inhospitality’ Malspam Targets Hotels with Deceptive Tactics

Penetration Testing

DECEMBER 19, 2023

Sophos X-Ops is warning the hospitality industry that the “Inhospitality” malspam campaign represents a cunning blend of social engineering and malware, specifically targeting the hospitality industry.

Penetration Testing

Penetration Testing Social Engineering Engineering Malware

PureHVNC RAT Spreads Through Fake Job Offers and Multi-Stage Obfuscation

Penetration Testing

MAY 29, 2025

A new wave of attacks uncovered by Netskope Threat Labs reveals a sophisticated global malware campaign delivering the The post PureHVNC RAT Spreads Through Fake Job Offers and Multi-Stage Obfuscation appeared first on Daily CyberSecurity.

Malware

Malware Cybersecurity Social Engineering Scams

Black Basta Resurgence: Social Engineering Campaign Delivers Zbot, DarkGate, and Custom Malware

Penetration Testing

DECEMBER 5, 2024

The notorious Black Basta ransomware group is back, employing sophisticated social engineering tactics and deploying advanced malware payloads in their latest campaign.

Social Engineering

Social Engineering Engineering Malware Ransomware

Warning: Thousands of Ads Promote Fake AI Video Tools Distributing Malware

Penetration Testing

MAY 28, 2025

A recent investigation by The post Warning: Thousands of Ads Promote Fake AI Video Tools Distributing Malware appeared first on Daily CyberSecurity. As artificial intelligence tools rise in popularity, so too does their abuse by cybercriminals.

Artificial Intelligence

Artificial Intelligence Malware Cybersecurity Social Engineering

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

Hot for Security

APRIL 19, 2021

Notorious FIN7 gang stole payment card details from retailers around the world Cybercrime gang posed as penetration testing firm to recruit hackers. More details on how the malware operated can be read about in this technical paper by Bitdefender Labs. Gorman of the Western District of Washington. ”

Penetration Testing

Penetration Testing Retail Cybersecurity Social Engineering

Critical Actions Post Data Breach

SecureWorld News

DECEMBER 30, 2024

If malware is detected on workplace computers, these devices must be promptly disconnected from the network to prevent further spread. Malware Email and file upload mechanisms to external platforms remain the primary methods for infiltrating corporate systems.

Data breaches

Data breaches Social Engineering Passwords Accountability

Cybersecurity Research Topics for Beginners: Exploring the Fundamentals

CyberSecurity Insiders

MAY 28, 2023

Malware Analysis: Explore malware types, their behavior, and the techniques used for analyzing and detecting them. Investigate malware’s propagation methods, evasion techniques, and methods for identifying and mitigating potential threats.

Cybersecurity

Cybersecurity Penetration Testing Social Engineering IoT

ValleyRAT Campaign Leverages Shellcode and Social Engineering to Target Chinese Speakers

Penetration Testing

AUGUST 17, 2024

In a recent discovery by FortiGuard Labs, an ongoing cyber campaign has been identified, aggressively deploying the ValleyRAT malware to target Chinese-speaking users.

Social Engineering

Social Engineering Engineering Malware Cybersecurity

Storm-1811 Exploits Quick Assist for Social Engineering, Paving Way for Black Basta Ransomware

Penetration Testing

MAY 15, 2024

This nefarious scheme involves a novel tactic of exploiting Microsoft’s Quick Assist, a legitimate remote assistance tool, to gain... The post Storm-1811 Exploits Quick Assist for Social Engineering, Paving Way for Black Basta Ransomware appeared first on Penetration Testing.

Social Engineering

Social Engineering Engineering Penetration Testing Ransomware

Inside a Python Infostealer: How Attackers Abuse Legitimate Platforms for Credential Theft

Penetration Testing

MARCH 6, 2024

A Cybereason Security Services analysis uncovers a sophisticated infostealer campaign that leverages GitHub, GitLab, Telegram, and common social engineering tactics to compromise victims.

Penetration Testing

Penetration Testing Social Engineering Engineering Malware

FIN7 hacking gang’s “pen tester” jailed for seven years by US court

Hot for Security

JUNE 25, 2021

In a typical attack, boobytrapped emails would be sent to targeted companies posing as legitimate communications through cunning use of social engineering. If the recipient opened the included attachment, their computer would be infected by a version of the Carbanak malware.

Hacking

Hacking Penetration Testing Social Engineering Retail

CoinMarketCap Hacked: “Doodle” Graphic Delivers Malware, Stealing $43K+ from User Wallets

Penetration Testing

JUNE 23, 2025

CoinMarketCap suffered a client-side attack on June 20, 2025, using a fake "doodle" graphic to deliver Inferno Drainer, stealing over $43,000 from user wallets.

Hacking

Hacking Malware Social Engineering Cryptocurrency

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

These data packets can contain malware such as a trojan, ransomware, or similar dangerous program. Targeted Phishing and Social Engineering: In some cases, attackers may employ targeted phishing emails or social engineering techniques to gain initial access to a system within the target network.

Social Engineering

Social Engineering Penetration Testing Engineering Malware

Getting the Most Value Out of the OSCP: After the Exam

Security Boulevard

JUNE 2, 2025

Introduction Throughout this series, Ive shared practical advice for PEN-200: Penetration Testing with Kali Linux students seeking to maximize the professional, educational, and financial value of pursuing the Offensive Security Certified Professional (OSCP) certification.

Penetration Testing

Penetration Testing Engineering Wireless Cybersecurity

When Good Tools Go Bad: Dual-Use in Cybersecurity

Security Boulevard

APRIL 8, 2025

Penetration Testing Frameworks: Frameworks like Metasploit simulate real-world attacks to identify security weaknesses. Encryption Technologies: Encryption protects data confidentiality and integrity, but attackers also use it to conceal malware, establish encrypted communication channels, and secure stolen data.

Cybersecurity

Cybersecurity Penetration Testing DNS Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Details of SANS Holiday Hack Challenge 2021

CyberSecurity Insiders

DECEMBER 14, 2021

The event will also witness a host of demos and sessions from top cybersecurity experts who will be ready to offer a knowledge share on topics such as Blockchain Technology’s usage in security field, adversary emulation, cloud assessment, mobile malware, penetration testing, Red Teaming, Threat Hunting, Social Engineering and Web Apps.

Hacking

Hacking Penetration Testing Social Engineering Mobile

Black Basta Ransomware Group Elevates Social Engineering with Microsoft Teams and Malicious QR Codes

UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base

Trending Sources

Penetration Testing Services: Pricing Guide

Deceptive CAPTCHA: ClickFix Campaign Uses Clipboard Injection to Deliver Malware

Understanding the difference between attack simulation vs penetration testing

Redline Stealer Malware Evolves with Sneaky New Tricks, Spreads Globally

Elastic Uncovers Stealthy Campaign Using GHOSTPULSE and ARECHCLIENT2 Malware

Fake Google Meet Page Tricks Users into Running Malware

Penetration Testing Remote Workers

How Much Does Penetration Testing Cost? 11 Pricing Factors

Mocha Manakin: New Threat Group Uses “Paste and Run” to Deploy Custom NodeJS RAT!

Copybara Fraud Campaign Leverages On-Device Fraud and Social Engineering Tactics

AI-Generated Malware: TikTok Videos Push Infostealers with PowerShell Commands

Sophisticated Social Engineering Campaign Linked to Black Basta Ransomware

TA571 and ClearFake Use Social Engineering to Deliver PowerShell Malware

Good, Perfect, Best: how the analyst can enhance penetration testing results

Gootloader Malware Expands Its Reach with Advanced Social Engineering and SEO Poisoning

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

OpenAI bans ChatGPT accounts linked to Russian, Chinese cyber ops

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft

ClickFix: The Rising Threat of Clipboard-Based Social Engineering

Behind the Followers: Malicious Python Package Harvests Instagram Credentials

ClearFake Campaign Employs Novel Social Engineering Tactic to Deliver LummaC2 Infostealer

Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers

Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware

North Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies to Spread Malware Trio

Sophos X-Ops Alerts: ‘Inhospitality’ Malspam Targets Hotels with Deceptive Tactics

PureHVNC RAT Spreads Through Fake Job Offers and Multi-Stage Obfuscation

Black Basta Resurgence: Social Engineering Campaign Delivers Zbot, DarkGate, and Custom Malware

Warning: Thousands of Ads Promote Fake AI Video Tools Distributing Malware

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

Critical Actions Post Data Breach

Cybersecurity Research Topics for Beginners: Exploring the Fundamentals

ValleyRAT Campaign Leverages Shellcode and Social Engineering to Target Chinese Speakers

Storm-1811 Exploits Quick Assist for Social Engineering, Paving Way for Black Basta Ransomware

Inside a Python Infostealer: How Attackers Abuse Legitimate Platforms for Credential Theft

FIN7 hacking gang’s “pen tester” jailed for seven years by US court

CoinMarketCap Hacked: “Doodle” Graphic Delivers Malware, Stealing $43K+ from User Wallets

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Getting the Most Value Out of the OSCP: After the Exam

When Good Tools Go Bad: Dual-Use in Cybersecurity

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Details of SANS Holiday Hack Challenge 2021

Stay Connected