social engineering Archives • Page 11 of 12 • Daily CyberSecurity

Fake Google Meet Page Tricks Users into Running Malware Fake Google Meet, PowerShell malware

Fake Google Meet Page Tricks Users into Running Malware

Do Son May 27, 2025

A deceptively crafted fake Google Meet page has surfaced on compromised WordPress sites, tricking unsuspecting visitors into...

Deceptive CAPTCHA: ClickFix Campaign Uses Clipboard Injection to Deliver Malware Example infection chain from CAPTCHA to Lumma Stealer

Deceptive CAPTCHA: ClickFix Campaign Uses Clipboard Injection to Deliver Malware

Do Son May 26, 2025

Threat actors have ramped up a new social engineering campaign, dubbed “ClickFix,” where fake CAPTCHA prompts embedded...

AI-Generated Malware: TikTok Videos Push Infostealers with PowerShell Commands TikTok malware, AI-generated malware

AI-Generated Malware: TikTok Videos Push Infostealers with PowerShell Commands

Do Son May 24, 2025

Trend Micro reveals a growing threat on TikTok, where AI-generated videos deceive users into running malicious PowerShell...

Social Engineering Attack: Coinbase Customer Data Stolen, 70K Users Affected Coinbase security, crypto user data

Social Engineering Attack: Coinbase Customer Data Stolen, 70K Users Affected

Do Son May 23, 2025

The publicly listed U.S. cryptocurrency exchange Coinbase recently disclosed that it had fallen victim to a sophisticated...

CAPTCHA Trap: Fake Verification Unleashes Lumma Stealer on Unsuspecting Users

Do Son May 13, 2025

Sophos X-Ops has uncovered a cunning cybercrime campaign using fake CAPTCHA pages to trick users into running...

Iranian Cyber Espionage Uses Fake Modeling Agency for Targeted Attacks Cyber Espionage, Iran

Iranian Cyber Espionage Uses Fake Modeling Agency for Targeted Attacks

Do Son May 8, 2025

Recently, researchers at Palo Alto Networks’ Unit 42 have uncovered a covert Iranian cyber-espionage campaign that employed...

APT36 Suspected in India Gov Spoofing Phishing with ClickFix Tactics APT36 phishing, ClickFix campaign

APT36 Suspected in India Gov Spoofing Phishing with ClickFix Tactics

Do Son May 8, 2025

Hunt.io, a threat hunting platform, has revealed a sophisticated phishing campaign using ClickFix-style tactics and spoofed Indian...

Scattered Spider (UNC3944) Resurfaces with Ties to DragonForce and RansomHub in Retail Attacks UNC3944, Scattered Spider

Scattered Spider (UNC3944) Resurfaces with Ties to DragonForce and RansomHub in Retail Attacks

Do Son May 7, 2025

A new report from Mandiant, a Google Cloud company, sheds light on the renewed activity of UNC3944,...

California Man to Plead Guilty in Hack of Disney Employee, Theft of 1.1TB of Confidential Slack Data

Do Son May 5, 2025

In a case that merges social engineering, malware, and corporate espionage, the U.S. Department of Justice (DOJ)...

Luna Moth’s Callback Phishing Attacks Target US Legal and Financial Firms

Do Son May 3, 2025

A new threat intelligence report from EclecticIQ unveils the evolving tradecraft of Luna Moth, a financially motivated...

North Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies to Spread Malware Trio North Korea malware North Korea, OFAC sanctions DPRK AI hiring, Wagemole campaigns

North Korea malware North Korea, OFAC sanctions DPRK AI hiring, Wagemole campaigns

North Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies to Spread Malware Trio

Do Son April 28, 2025

Threat analysts at Silent Push have uncovered a new campaign orchestrated by the North Korean state-sponsored APT...

Russian Hackers Abuse Microsoft 365 OAuth in Sophisticated Phishing Attacks OAuth Phishing Microsoft 365 OAuth

Russian Hackers Abuse Microsoft 365 OAuth in Sophisticated Phishing Attacks

Do Son April 24, 2025

Volexity has identified a series of advanced social engineering operations by suspected Russian threat actors targeting Microsoft...

State-Sponsored Actors Adopt ClickFix Technique in Cyber Espionage ClickFix State-sponsored actors

State-Sponsored Actors Adopt ClickFix Technique in Cyber Espionage

Do Son April 21, 2025

In a recent cybersecurity report by Proofpoint researchers, a notable trend has emerged: state-sponsored actors are increasingly...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Beware Fake PDF Converters: A Social Engineering Threat

Do Son April 16, 2025

In today’s digital age, online file converters have become indispensable tools for streamlining daily workflows. However, a...

Gootloader Malware Expands Its Reach with Advanced Social Engineering and SEO Poisoning

Do Son January 20, 2025

Sophos X-Ops has released an in-depth analysis of the notorious Gootloader malware family, highlighting its use of...

ClickFix: The Rising Threat of Clipboard-Based Social Engineering ChatGPT impersonation used in ClickFix payload delivery

ClickFix: The Rising Threat of Clipboard-Based Social Engineering

Do Son November 19, 2024

In a detailed report, Proofpoint researchers have unveiled the alarming rise of a unique social engineering method...

Compromised Credentials: New Cyberattack Exploits Industry Email Accounts LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

Compromised Credentials: New Cyberattack Exploits Industry Email Accounts

Do Son September 24, 2024

Proofpoint researchers have uncovered a campaign targeting transport and logistics companies across North America. These attackers are...

North Korea Targets DeFi and Crypto Companies with Advanced Social Engineering Attacks KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

North Korea Targets DeFi and Crypto Companies with Advanced Social Engineering Attacks

Do Son September 4, 2024

The FBI has warned sternly about North Korean state-sponsored hackers employing highly sophisticated social engineering tactics to...

Kimsuky APT: New TTPs Revealed in Rapid7 Cybersecurity Report PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout