Security Affairs

JANUARY 22, 2025

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024.

Ransomware

Thales Cloud Protection & Licensing

MAY 7, 2025

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 - 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error. High-profile breaches illustrate the devastating impact of credential-based attacks.

Phishing

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. ” reads the press release published by DoJ.

Cybercrime

SecureWorld News

APRIL 22, 2025

Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages. According to Security Alliance's findings, the campaign relied on social engineering and Zoom's remote control feature to infect targets with malware. billion hack of the Bybit exchange in February 2025.

Cryptocurrency

SecureWorld News

MAY 16, 2025

Scattered Spider is a financially motivated threat actor group known for its social engineering prowess, SIM-swapping attacks, and living-off-the-land (LOTL) techniques. The group is well known to employ social engineering tactics to gain access, so hardening your help desk is an immediate first step in defense," Staynings continued.

Retail

SecureWorld News

JUNE 9, 2025

Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing. Aircraft themselves are nodes on data networks, constantly transmitting telemetry, engine performance metrics, and passenger connectivity data.

Cybersecurity

IT Security Guru

FEBRUARY 25, 2025

Other Ways Threat Actors Exploit Human Behaviour In addition to fatigue attacks, malefactors weaponise social engineering. MFA fatigue is often coupled with social engineeringan attacker might contact the victim, masquerading as IT support, and advise them to approve the prompt to “resolve an issue.”

Social Engineering

SecureWorld News

JULY 28, 2025

The threat actors are bypassing traditional endpoint protections by directly attacking the hypervisor layer, utilizing social engineering and identity compromise to hijack administrative access and deploy ransomware from within. While several members were recently arrested in the U.K. ,

Social Engineering

eSecurity Planet

JULY 27, 2025

agencies have issued a joint cybersecurity alert warning about the escalating threat posed by the Interlock ransomware operation, which has increasingly targeted businesses, healthcare providers, and critical infrastructure entities across North America and Europe. Interlock also uses social engineering methods. Four major U.S.

Healthcare

Malwarebytes

JUNE 18, 2025

They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even trick you into visiting malicious versions of legitimate websites. They can text you fraudulent tracking links for packages you never bought.

Scams

Hacker's King

DECEMBER 16, 2024

From ransomware to sophisticated state-sponsored attacks, no organization is immune. Types of Recent Cyber Attacks Ransomware Attacks : Ransomware continues to be one of the most prevalent and damaging types of cyber attacks. Simulated phishing exercises can help staff become more aware of these threats.

Cyber Attacks

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities. Anti-ransomware solutions incorporate AI to aggregate system-level insights and protect against zero-day attacks.

Risk

Security Boulevard

JUNE 22, 2025

Cybernews researchers reported that since the beginning of the year, they've detected 30 datasets containing 16 billion stolen credentials exposed on the internet, most of which had not been previously recorded and represent a massive trove of records that can be used in ransomware, phishing, BEC, and other attacks.

Phishing

Security Boulevard

DECEMBER 5, 2024

From phishing schemes and ransomware attacks to social engineering and doxxing, high-net-worth individuals (HNWIs) face an ever-evolving array of cyber threats, and the risks of digital exposure are greater than ever.

Cybersecurity

SecureWorld News

FEBRUARY 10, 2025

According to Charlie Madere of digital impersonation protection firm Memcyco, such attacks involve the use of phishing websites impersonating companies' websites. The dark web has a lot to do with the rise in frequency of ransomware attacks, as advanced payloads and tools are readily available.

DDOS

SecureList

NOVEMBER 29, 2024

The campaign, which we dubbed EastWind , used phishing emails with malicious shortcuts attached to deliver malware to target computers. The attack starts with phishing emails purporting to be a court order or summons from an institution in Colombia’s judicial system.

Energy and Utilities

SecureWorld News

MAY 28, 2025

In early May 2025, two of the United Kingdom's best-known grocers, Marks & Spencer (M&S) and the Co-op, as well as luxury retailer Harrods, were struck by sophisticated social-engineering attacks that tricked IT teams into resetting critical passwords and deploying ransomware across their networks.

Retail

Malwarebytes

JULY 29, 2025

According to Allianz, an attacker gained access to a third-party, cloud-based Customer Relationship Management (CRM) system through social engineering. Earlier this month we reported that Scattered Spider breached Australia’s largest airline Qantas by gaining access to a third-party platform, utilizing social engineering.

Social Engineering

Malwarebytes

JULY 2, 2025

Qantas says the breach occurred after a cybercriminal targeted a call centre and managed to gain access to the third party platform, presumably via social engineering. No group has claimed responsibility for the cyberattack yet, which is normal if it is a ransomware attack. 2FA that relies on a FIDO2 device can’t be phished.

Social Engineering

IT Security Guru

NOVEMBER 1, 2024

Types of Cybersecurity Threats Malware and Ransomware: These can disable systems or steal data for ransom. Phishing and Social Engineering: These tactics manipulate individuals to disclose sensitive information.

Technology

Malwarebytes

FEBRUARY 4, 2025

Generative AI tools can more convincingly write phishing emails so that the tell-tale signs of a scamlike misspellings and clumsy grammarare all but gone. In 2023, Malwarebytes Labs subverted these boundaries to successfully get ChatGPT to write ransomware twice. That could change in 2025.

Artificial Intelligence

eSecurity Planet

APRIL 8, 2025

Xanthorox reasoner advanced mimics human reasoning, helping attackers craft more believable phishing messages or manipulate targets through social engineering. It features a live web scraper tool that pulls data from over 50 search engines for real-time reconnaissance.

Social Engineering

Security Affairs

JUNE 29, 2025

House banned WhatsApp on government devices due to security concerns Russia-linked APT28 use Signal chats to target Ukraine official with malware China-linked APT Salt Typhoon targets Canadian Telecom companies U.S.

Data breaches

SecureWorld News

MARCH 17, 2025

Although there remains some ambiguity over whether ransomware was employed, the Play ransomware gang later claimed responsibility , alleging that sensitive data, such as payroll records, contracts, tax documents, and customer financial information, was exfiltrated.

Cyber Attacks

Digital Shadows

JANUARY 27, 2025

Streamlined RaaS Operations: The ransomware-as-a-service (RaaS) ecosystem has become more efficient, with affiliates adopting new, more specialized strategies like help-desk scams to accelerate and refine their attacks. Buyers of these credentials include ransomware affiliates, un-affiliated threat actors, and IABs.

Scams

eSecurity Planet

AUGUST 8, 2025

Tools like generative AI are fueling faster, more convincing phishing and social engineering campaigns. And while ransomware remains a pressing issue, he said it’s AI’s unknown ripple effects — from hiring needs to defense priorities — that make it harder to plan. His advice: don’t panic, but prepare.

Social Engineering

Security Affairs

DECEMBER 1, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Malwarebytes

JUNE 26, 2025

These jailbroken AIs could generate unrestricted content, including malicious code , phishing emails , and social engineering scripts. The end results are still the same, infections will usually be ransomware for businesses, information stealers for individuals, and so on.

Social Engineering

SecureWorld News

AUGUST 5, 2025

For the first time, phishing has taken the top spot, cited by 50% of respondents, surpassing previous top concerns like ransomware and user behavior. AI has enabled threat actors to craft more convincing phishing attacks, making them more likely to succeed even against organizations with otherwise robust cybersecurity systems.

Backups

Jane Frankland

MAY 3, 2025

While details remain sparse, reports suggest social engineering tactics like phishing, SIM swapping, and multi-factor authentication (MFA) fatigue attacks may have been used to infiltrate systems. Once inside, they’ll likely have used other methods to successfully bypass enterprise security tools.

Cyber Attacks

Hacker's King

MAY 24, 2025

In simpler terms, phishing scams, brute force attacks, and MFA bypass techniques. Phishing attacks Phishing so far makes for the most dangerous aspect of cybersecurity. Unlike the traditional methods of sending more information about a certain service, a phishing email acts the complete opposite.

Cyber Attacks

BH Consulting

OCTOBER 24, 2024

The malevolent seven: ENISA report identifies prime cybersecurity threats Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. Information Security Buzz has a good summary of the main points.

Social Engineering

Hacker's King

OCTOBER 26, 2024

Cybersecurity Week highlights various forms of threats, including phishing scams, ransomware attacks, and data breaches, which can have devastating effects on individuals and businesses alike. This practice minimizes the impact of data loss, especially in the event of ransomware attacks or hardware failures.

Cybersecurity

SecureWorld News

JULY 1, 2025

Ransomware-as-a-Service collectives go even further in allowing practically anyone to enact cyberattacks; the Play gang weaponized a 2025 Windows zero-day just days after it was introduced, bundling the exploit into its affiliate kit for paying customers. Artificial intelligence is multiplying attacker speed.

Social Engineering

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Meanwhile, “RansomHub” is rising rapidly due to its attractive ransomware-as-a-service (RaaS) model.

Cyber Attacks

Hacker's King

OCTOBER 22, 2024

With increasing threats, such as ransomware, data breaches, and phishing attacks, the demand for skilled cybersecurity experts is on the rise. As businesses, governments, and individuals continue to migrate to digital platforms, the risk of cyberattacks rises exponentially.

Cybersecurity

SecureWorld News

JANUARY 21, 2025

CISO takeaway: Cyber threats evolve constantly, with attackers using sophisticated tactics like ransomware-as-a-service or AI-driven malware. Just as an uninformed homeowner might misuse pest spray, an untrained employee is more likely to fall victim to phishing or social engineering attacks.

CISO