Tag: SOCIAL MEDIA

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Summary: Microsoft has reported an ongoing phishing campaign titled Storm-1865, targeting the hospitality sector by posing as Booking.com to distribute credential-stealing malware through a social engineering technique known as ClickFix. This operation aims to facilitate financial fraud and theft, affecting individuals primarily in North America, Asia, and Europe.…
Read More
Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims
Unit 42 researchers have uncovered a widespread campaign distributing fraudulent cryptocurrency investment platforms through websites and mobile applications. The operation employs deceptive practices, impersonating well-known brands to lure victims, particularly in East Africa and Asia. By leveraging multi-level affiliate programs and unrealistic promises of high returns, the campaign closely resembles Ponzi schemes.…
Read More
Ramadan Scams on the Rise: Fake Giveaways, Crypto Traps & Fraudulent Donations | CloudSEK
This report highlights the rise of Ramadan-related cyber scams, particularly targeting charitable contributions and crypto investments. Cybercriminals are exploiting the goodwill associated with Ramadan to spread fraudulent schemes, often using social engineering tactics to deceive victims. Understanding these scams is essential for safeguarding against potential losses.…
Read More
The Rise of AI-Driven Cyber Attacks: How LLMs Are Reshaping the Threat Landscape
This article discusses the transformative impact of generative AI on cyberattacks, enhancing their speed and effectiveness, particularly through the use of Large Language Models (LLMs). It highlights how various Advanced Persistent Threat (APT) groups are employing AI for reconnaissance, phishing, vulnerability discovery, and malware development. As AI capabilities advance, cybersecurity professionals face growing challenges in defending against sophisticated AI-driven threats.…
Read More
Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections
Summary: The Trump administration has cut approximately million in federal funding for two critical cybersecurity initiatives aimed at supporting state and local election officials, raising concerns about the security of U.S. elections. This decision follows a broader reduction in federal oversight and support related to election security amid criticism of the Cybersecurity and Infrastructure Security Agency (CISA).…
Read More
US Hasn’t Determined Who Was Behind Cyberattack That Caused Outage on Musk’s X
Summary: U.S. officials are investigating a cyberattack on the social media platform X that affected thousands of users, but have not yet identified the perpetrators. Elon Musk, the platform’s owner, suggested that the attack may have links to Ukraine, although cybersecurity experts caution against making assumptions based solely on IP addresses.…
Read More
DDoS Strikes X: Cloudflare Saves Platform, Dark Storm Suspected
Summary: X/Twitter experienced multiple outages today due to a DDoS attack perpetrated by the hacker collective Dark Storm. After implementing Cloudflare’s protective measures, the platform resumed normal operations, but the attackers’ identity and motives raise concerns about future cybersecurity threats. Musk speculated that such an organized attack might hint at either professional or state-sponsored involvement.…
Read More
Smishing on INPS: How to Act in Case of Data Theft
This article discusses the rise in smishing scams impersonating the Italian National Institute of Social Security (INPS), aimed at stealing personal information. It outlines the methodology used by scammers, potential consequences for victims, and preventive measures to stay safe. Affected: INPS, personal data security, online users

Keypoints :

The CERT-AGID has reported a surge in scams exploiting the INPS name.…
Read More
Dark Web Profile: APT35
APT35, also known as Charming Kitten, is an Iranian state-sponsored cyber-espionage group targeting various sectors through sophisticated cyber campaigns. Since its emergence in 2014, APT35 has been involved in high-profile incidents such as the HBO data breach and attempted compromises of U.S. governmental and campaign-related accounts.…
Read More
Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links
Summary: A new malware campaign targeting the Middle East and North Africa has been utilizing a modified version of AsyncRAT since September 2024, attributed to a threat actor known as Desert Dexter. The campaign exploits social media to distribute malware and has affected around 900 victims, primarily from various sectors in countries like Libya, Saudi Arabia, and Egypt.…
Read More
RST TI Report Digest: 10 Mar 2025
This week’s threat intelligence report reveals a range of sophisticated cyber threats, including targeted multistage malware attacks, ransomware groups adopting new backconnect malware, and social engineering tactics employed in recruitment scams. Notable threats included a campaign targeting aviation and transport in the UAE, while other malware leveraged social media for distribution.…
Read More
Social Engineering: The Art of Psychological Exploitation Part-2
This article explores various effective phishing techniques deployed by cybercriminals to deceive users into divulging sensitive information. Techniques discussed include homograph attacks, address bar spoofing, and others that exploit user trust and browser features. Affected: users, online platforms, digital security

Keypoints :

Website phishing is a common social engineering attack.…
Read More
From Foothold to Takeover: Mastering Pivoting Moves
This article provides an overview of pivoting and lateral movement techniques in cybersecurity, focusing particularly on the tool Ligolo-ng. Ligolo-ng is highlighted for its efficiency, user-friendliness, security features, and cross-platform compatibility, making it a valuable asset for penetration testers. The article explains how to set up Ligolo-ng and its advantages compared to other tunneling tools.…
Read More
March Kicks Off with Major Exploits! | Weely Reports | Loginsoft
In March, the CISA catalog added nine new vulnerabilities, significantly impacting various platforms like VMware, Hitachi Vantara, Linux, and more. New botnet threats emerged alongside advanced threat actor tactics, emphasizing the critical importance of prompt patching and security measures. Key vulnerabilities include critical issues in VMware, Progress WhatsUp Gold, and Hitachi Vantara products which have already seen active exploitation.…
Read More