Advertisement
WhatsApp Metadata Leak: Exposure Risks and Mitigation Strategies
WhatsApp's metadata leakage allows strangers to infer limited user information without interaction, potentially aiding targeted social engineering or other malicious
Scattered Spider Member Tyler Buchanan Pleads Guilty in US
Tyler Buchanan, a British national linked to the Scattered Spider cybercrime group, pleaded guilty in the US to charges of hacking, fraud, and cryptocurrency theft.
Microsoft Teams Abused in Helpdesk Impersonation Attacks: TTPs & Mitigations
Microsoft warns of helpdesk impersonation attacks via Teams external collaboration. Understand TTPs for initial access, lateral movement, and critical mitigation
Axios Attack: Industrialized Social Engineering on NPM Maintainers
An analysis of the Axios NPM package attack reveals advanced, scaled social engineering campaigns targeting open-source maintainers, elevating supply chain risk.
UNC1069 Social Engineering Leads to Axios npm Supply Chain Compromise
Runtime Rebel details how North Korean threat actor UNC1069 leveraged targeted social engineering against an Axios npm package maintainer, leading to a critical supply
Drift Protocol Hacked for $285M via Durable Nonce Attack
Solana-based DEX Drift Protocol lost $285 million due to a social engineering and durable nonce attack, leading to Security Council takeover.
Venom Stealer MaaS: Commoditizing Information Theft via ClickFix Attacks
Analyze Venom Stealer MaaS, a new cybercrime platform enabling automated, persistent information-stealing through social engineering 'ClickFix' attacks. Learn detection
DeepLoad Malware Leverages ClickFix, WMI for Browser Credential Theft
DeepLoad malware leverages ClickFix social engineering and WMI for persistence to steal browser credentials, employing AI-assisted obfuscation for evasion.
macOS Terminal ClickFix Protections: Blocking Malicious Shell Commands
Apple introduces Terminal warnings in macOS Sequoia 15.2 to combat ClickFix social engineering attacks that trick users into executing malicious shell scripts.
ClickFix Social Engineering Drops Infiniti Stealer on macOS
Attackers use fake Cloudflare CAPTCHA pages and ClickFix tactics to deliver the Python-based Infiniti Stealer to macOS systems via terminal commands.
_Wavebreakmedia_Ltd_IFE-210813_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Lumma Stealer Phishing Campaign: Avoiding Copyright Notice Decoys
Phishing campaign targets healthcare and government sectors with copyright infringement decoys to deliver Lumma Stealer via legitimate cloud services.
Russian Intelligence Phishing Targets Signal and WhatsApp Users
The FBI warns of sophisticated phishing campaigns by Russian intelligence targeting Signal and WhatsApp users to harvest credentials and bypass encryption.