Social Engineering
JackFix Exclusive Alert: Dangerous Fake Windows Updates
Heads up — don’t paste that “Windows fix” command: a slick new scam uses fake CAPTCHAs and cloned sites to trick users into running malware that gives attackers persistent access to otherwise patched PCs.
AI Deepfake Stunning Surge: Identity Fraud Worsens
Identity fraud has entered a new era: generative AI churns out eerily lifelike voices and videos that let scammers impersonate bosses, loved ones and officials with uncanny accuracy. As these deepfake-enabled schemes become cheaper and harder to spot, individuals and businesses must rethink how they verify trust.
CISA: Exclusive Critical Spyware Threat to Signal, WhatsApp
CISA warns that commercial spyware and remote‑access trojans are being used to compromise Signal and WhatsApp—often via social engineering and sideloaded apps—turning everyday messaging into a gateway for stolen messages, media and device data.
Scam USPS Alerts: Exclusive Guide to Avoiding Costly Fraud
Think that text really came from the USPS? Modern phishing kits let crooks spin up convincing alerts and fake sites in minutes, turning routine delivery notices into money-stealing traps — this guide shows the clear red flags so you don’t get fooled.
CTM360 Exclusive: Alarming WhatsApp Hijack Campaign Exposed
CTM360 exposes HackOnChat, a clever and dangerous campaign that clones WhatsApp Web to trick users into revealing authentication codes and handing over their accounts. With thousands of malicious URLs and coordinated fronts, this WhatsApp account hijacking operation is alarmingly scalable and hard to takedown.
Python-Based WhatsApp Worm Exclusive: Dangerous Stealer
What would you do if your WhatsApp started messaging your friends without you? Researchers warn the Delphi-based Eternidade Stealer is hijacking accounts and weaponizing contact lists—using social engineering and IMAP-resolved C2 to spread quickly and dodge static defenses.
2FA Phishing Kit: Exclusive Alert on Dangerous BitB Pop-ups
Think your 2FA push is safe? Browser-in-the-Browser phishing kits like Sneaky 2FA now mimic real browser dialogs to trick users into approving account takeovers, making powerful relay attacks cheap and easy to rent.
Google Files Lawsuit Against Lighthouse Kit Exclusive Blow
Google just went to court to take apart a sprawling smishing operation it says was run by 25 people tied to a Chinese cyber collective, accusing them of using deceptive texts to spread malware, recruit botnets, and sell stolen credentials. The company is seeking asset freezes and third-party cooperation — pairing legal muscle with technical takedowns to short-circuit the infrastructure behind SMS-based attacks.
ThreatsDay Bulletin: Exclusive Critical Cyber Roundup
Every click can be the opening move in a campaign of trust-based deception. This bulletin shows how fast-moving actors like COLDRIVER are making signatures obsolete and why shifting to behavioral, intent-driven defenses is now essential.
Quantum Route Redirect Phishing Kit: Stunningly Dangerous
The Quantum Route Redirect phishing kit quietly hijacks web traffic, rerouting victims to eerily convincing fake sites. Learn how this route redirect phishing attack works and what you can do to stay one step ahead.
China-Aligned UTA0388 Exclusive: Dangerous AI Phishing
Imagine your inbox posing as a trusted colleague—researchers say UTA0388, a China‑aligned cluster, now uses AI to craft eerily personalized, time‑sensitive spear‑phishing that steals credentials and plants stealthy, long‑term access.
ClickFix Phishing Exclusive: Critical Hotel Malware Alert
Imagine a routine support ticket that silently installs malware—attackers are using ClickFix‑style pages sent from compromised hotel emails to steal credentials or drop remote‑access tools like PureRAT. Be cautious: don’t paste commands or log in from unexpected support links—verify the sender and the page first.
Google Maps Launches Exclusive Effortless Tool vs Extortion
When a one-star review reads like a ransom note, Google Maps is giving small businesses a direct line to fight back. The new dedicated form makes reporting review bombing and extortion attempts effortless, helping protect reputations and revenue.
I Paid Twice Phishing: Exclusive Scam Alert for Booking.com
Think you paid the hotel twice? A sophisticated I Paid Twice phishing campaign is hijacking Booking.com, Airbnb and Expedia bookings—using injected scripts and fake payment pages to trick travelers into handing over extra payments.
UNK_SmudgedSerpent Exclusive: Dangerous Lures for Academics
Think your inbox is just clutter? A newly observed actor, UNK_SmudgedSerpent, is luring academics with plausible conference invites, fake collaboration requests and weaponized drafts to steal unpublished research and private correspondence—forcing universities to choose between openness and much tougher defenses.
SmudgedSerpent Exclusive: Dangerous Hackers Target Experts
Meet SmudgedSerpent: during the summer 2025 Iran–Israel flare-up a stealthy cyber cluster used precision social engineering to target academics and policy experts. By exploiting researchers’ networks and unpublished work, these attacks show how adversaries now shape information and influence far faster than old‑school espionage.
Cybercriminals Targeting Payroll Sites Exclusive Warning
Imagine your paycheck landing in a strangers account—criminals are targeting payroll systems with social‑engineering scams that hijack credentials and reroute direct deposits. Simple fixes like multi‑factor authentication, tighter admin privileges, and out‑of‑band approvals can stop them before paychecks disappear.
Scattered Spider Exclusive: Dangerous Unified Collective
Imagine low‑tech social engineering and SIM swaps teaming up with mass data brokers — that’s Scattered Spider, ShinyHunters and LAPSUS$ fusing tactics to turn bulk theft into pinpoint extortion. Security teams and cloud customers now face a hybrid, high‑leverage threat targeting SaaS platforms like Salesforce.
Teams Flaw: Stunning Reveal of Critical Boss Spoofing
A newly revealed Microsoft Teams vulnerability let attackers convincingly impersonate executives, forge messages and even rewrite chat history—turning everyday collaboration into a pathway for fraud and data theft. Learn how Check Point’s findings expose the danger of boss‑spoofing and what organizations need to patch now.
Social Engineering: Exclusive Tips to Stop Costly Fraud
Think a caller with a supervisor sounds legit? Social engineering preys on our trust — and with leaked data and mass spoofing it can cost you dearly; these exclusive, easy-to-follow tips will help you spot scams and shut them down.
Europol Exclusive: Alarming Rise in Caller ID Spoofing
Europol’s recent takedown ripped the curtain back on how caller ID spoofing and SIM farms let criminals rent anonymity at scale — a win that still reads like a warning. With fraudsters shifting to SIMless virtual numbers and VoIP farms, the phone number we trust as ID has become a commodity for scams.
Shaq’s new ride Exclusive: Costly Hijack Exposed
Shaq’s new ride reveals a surprising weak spot: when celebrities rely on niche customization shops for bespoke engineering, those small specialists — holding valuable blueprints and client data — become prime targets for savvy criminals. A breach can mean leaked designs, stolen invoices and lucrative leverage for extortion.
Iran’s MuddyWater: Stunning, damaging 100+ network breach
A single hijacked government mailbox became MuddyWater’s battering ram, letting Tehran-linked operators quietly harvest credentials and pivot into 100+ networks across the Middle East and North Africa. It’s a stark reminder that low-cost social engineering and trusted infrastructure can give attackers exponential reach without a single zero-day.
SpaceX Exclusive: Cuts 2,500 Starlink Terminals, Major Hit
When investigators found scam camps and trafficking rings using consumer Starlink terminals to run cyber‑fraud and “cyber‑slavery,” SpaceX pulled the plug on about 2,500 devices — a bold move to stop connectivity from enabling exploitation.