Advertisement
Understanding Persistent BEC Success: AI-Driven Defense & Mitigation
BEC attacks thrive on sophisticated impersonation, bypassing traditional defenses. This analysis explores why these threats persist and offers AI-driven detection and
Scattered Spider Members Plead Guilty in TfL Infrastructure Attack
Two members of the Scattered Spider threat group plead guilty to the 2024 Transport for London hack, exposing risks of identity-based social engineering.
WhatsApp Phishing Campaign Deploys VBScript to Compromise PCs
Attackers target WhatsApp users with malicious ZIP files disguised as business documents to deliver VBScript-based remote access malware.

Cross-Platform Clipboard Hijacker: Fake Reputation Campaign Targets Crypto
Analysis of a cross-platform clipboard hijacker spread via elaborate fake reputation campaigns on GitHub, YouTube, and VirusTotal to steal cryptocurrency.

ClickFix Campaigns Expand Delivery with New Loaders and Fake Lures
ClickFix campaigns are now deploying BabaDeda, Lorem Ipsum, and Potemkin loaders through fake browser update social engineering lures.

AI-Native OS: The Future of Social Engineering Defense
Explore how AI-native operating systems are poised to transform social engineering defenses, shifting vigilance from users to automated systems.

Sniper Dz Phishing-as-a-Service Targets MENA Region via Facebook
Sniper Dz phishing campaigns leverage fake Facebook accounts and browser alerts to steal credentials from users across the Middle East and North Africa.

Chinese Smishing Network 'Outsider' Leverages Gemini AI for Phishing
Google sues a Chinese smishing network operating 'Outsider' PhaaS, accused of using Gemini AI to craft sophisticated phishing messages targeting Americans.
UNC3753 Targets US Law Firms with Vishing & Physical Intrusions
UNC3753 (Luna Moth) leverages vishing and physical office intrusions to steal sensitive data from US law firms and professional services, leading to swift extortion.
VS Code One-Click GitHub Token Theft via URI Handler Exploitation
A flaw in Visual Studio Code allows attackers to steal GitHub authentication tokens with a single click. Learn the technical details and mitigation steps.

Abusing Google DoubleClick for DesckVB RAT Delivery — Detection Guide
A new malspam campaign leverages Google DoubleClick redirects to bypass security filters and distribute DesckVB RAT, highlighting trust-based evasion tactics.
Meta AI Support Abuse Leads to Instagram Account Hijacking
Attackers exploit Meta AI support tools to bypass traditional security and hijack Instagram profiles, leaving legitimate users locked out of their accounts.