Tag: socialengineering
102 articles

UK Warns of Targeted Attacks on WhatsApp and Signal Accounts
The UK's cybersecurity agency has issued a warning about hackers targeting WhatsApp and Signal accounts, specifically using social engineering tactics to gain access to private conversations. To stay safe, "high-risk" individuals can take steps to protect themselves from these types of cyber-attacks.

WhatsApp Abused in Critical Multi-Stage Attack Warns Microsoft
Beware: a simple WhatsApp message can be the gateway for hackers to take control of your entire corporate network, as Microsoft warns of a new multi-stage social-engineering campaign exploiting the popular messaging app's security vulnerabilities. Stay vigilant - your harmless "ping" could be the weakest link in your security chain!

KrebsOnSecurity.com Exclusive: Best Security Insights at 16
For its 16th year, KrebsOnSecurity pulls back the curtain on how organized extortion rings, DDoS‑for‑hire botnets and scaled social‑engineering tradecraft turned lone hackers into multimillion‑dollar criminal businesses.

HashJack Exclusive: Dangerous Injection Weaponizes Websites
Meet HashJack — a new technique that turns everyday websites into traps for AI‑enabled browsers and automated agents, tricking them into leaking session tokens and secrets with a convincing prompt. What feels like a harmless CAPTCHA or verification dialog can quietly hand attackers the keys to your account until those tokens are revoked.

ClickFix Phishing Exclusive: Critical Hotel Malware Alert
Imagine a routine support ticket that silently installs malware—attackers are using ClickFix‑style pages sent from compromised hotel emails to steal credentials or drop remote‑access tools like PureRAT. Be cautious: don’t paste commands or log in from unexpected support links—verify the sender and the page first.

UNK_SmudgedSerpent Exclusive: Dangerous Lures for Academics
Think your inbox is just clutter? A newly observed actor, UNK_SmudgedSerpent, is luring academics with plausible conference invites, fake collaboration requests and weaponized drafts to steal unpublished research and private correspondence—forcing universities to choose between openness and much tougher defenses.

Investment Scams: Exclusive Asia Report on Alarming Spread
Our exclusive Asia report exposes the alarming spread of investment scams across the region—read on to spot the red flags and protect your money.

85,000 Pet Owner Records Exposed: Exclusive Critical Risk
A misconfigured database left 85,000 pet‑owner records — from names and addresses to medical notes and microchip IDs — publicly accessible, creating a roadmap for scammers, identity thieves and even pet‑theft. Here’s what was exposed, how it happened, and simple steps to protect your pet and family.

Singapore Officials Targeted in Stunning Damaging Scam
A stunning Singapore officials scam has exposed shocking vulnerabilities—discover how the damaging scheme unfolded and what it means for public trust.

ShinyHunters Exclusive: Damaging Corporate Extortion Wave
The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.

YouTube Videos Exposed: Exclusive Dangerous Malware Alert
Think twice before clicking — researchers have uncovered a coordinated network that’s published over 3,000 malicious videos, baiting viewers with fake tools and links that install credential stealers, cryptominers, and remote-access trojans.

85,000 Pet Owner Records Exposed in Major Data Breach
Turns out your pet’s medical chart can be a treasure map for crooks — over 85,000 pet and owner records were left publicly accessible, exposing names, contact details, microchip and medical data. What starts as spam can quickly turn into targeted fraud, identity theft or even false ownership claims, putting families and animals at real risk.

Feds Tie Scattered Spider Duo to $115M in Ransoms
U.S. prosecutors say 19‑year‑old Thalha Jubair helped power Scattered Spiders telecom‑focused extortion ring, allegedly netting at least $115 million through SIM‑swap scams, social engineering and account takeovers. The cross‑border indictment is a stark wake‑up call that human trust, lax recovery policies and reused credentials—not exotic malware—still fuel major ransoms.

calendar invite Shocking Leak: Risky Trust Damage
A misconfigured Outlook calendar invite from Cifas accidentally exposed dozens of fraud-prevention professionals’ email addresses — a simple slip with potentially serious consequences. It’s a wake-up call that default-private settings, group aliases and basic training aren’t optional if we want to protect the people who protect us.

copy-paste attacks: Dangerous, Must-Have Fixes
When a site tells you “paste this into your console” it may seem like helpful tech support, but ClickFix attacks are a fast‑growing social‑engineering scam that trick users into running scripts that steal tokens, clipboard data, or install persistent browser malware. Learn why low technical barriers, defenses that can be bypassed by user interaction, and high‑value browser tokens make copy‑paste attacks especially dangerous — and what can be done to stop them.

phishing emails: Urgent Warning—Must-Have Best Tips
Don’t panic — LastPass says it wasn’t hacked; those alarming emails are a phishing scam. Pause, verify updates through the official app or website, and report any suspicious messages.

Cryptocurrency ATMs: Risky Reality, Must-Have Alerts
Cryptocurrency ATMs offer quick, cash-to-crypto convenience—but their speed and perceived anonymity make them prime tools for scammers and regulatory headaches, so investors should scrutinize fees, compliance, and fraud controls before betting on the sector.

weaponize trust: Stunning, Risky Threats to Tech
This week’s ThreatsDay unpacks a staggering $15B crypto fraud, chilling satellite-enabled surveillance, and a rise in smishing — showing how everyday tech is being turned against us and what simple steps you can take to protect your money, data, and trust.

Whisper 2FA: Exclusive Risky Phishing Threat
Think 2FA is foolproof? Researchers warn Whisper 2FA — a phishing‑as‑a‑service tool tied to roughly one million credential‑theft attempts since July 2025 — shows attackers can cheaply scale real‑time relay attacks, so phishing‑resistant authentication and layered defenses are now essential.

online scam network Exposed: Stunning Risky Fraud Ring
The UK and US have hit a sprawling Southeast Asian scam network with coordinated sanctions to freeze assets and choke off the financial lifelines behind investment and romance frauds. The move targets call centres in Cambodia and Myanmar that allegedly use script-driven deception, coerced workers and complex laundering to prey on victims worldwide.

Scattered Lapsus$ Hunters: Exclusive Risky Hiatus
After the FBI seized their site, teenage collective Scattered Lapsus$ Hunters vowed to go dark until 2026 — a defiant restart in a familiar retire-regroup-return cycle. Whether they stick to it or not, defenders should treat the pause as a chance to patch vulnerabilities, rotate credentials and strengthen defenses.

subpoena management platform Stunning Risky Outage Exposes
When Kodex — the subpoena-tracking platform trusted by police and big tech — went dark after its domain was frozen over a forged legal order, agencies were left scrambling and the outage revealed how social engineering against registrars and cloud providers can cripple critical legal services without touching any code. It’s a wake-up call to strengthen verification, add redundancy, and treat DNS and registrar governance as core security, not an afterthought.

phishing Warning: Exclusive Risky Threat & Must-Have Fixes
ENISA warns that simple phishing emails and unpatched systems were behind most EU cyber intrusions last year, turning tiny mistakes into big national-security headaches. It’s a wake-up call to harden the basics—MFA, patching, email defenses, and smarter user training—before the next click becomes a crisis.

Windows shortcuts: Stunning, Risky DLL Lures
A single innocent-looking Windows shortcut in a ZIP can quietly trigger PowerShell to fetch a DLL implant and let attackers run code inside trusted processes — turning everyday convenience into a stealthy compromise. Stay skeptical of unexpected archives and treat shortcut icons as potentially dangerous until verified.