Social Engineering

German Agencies Warn of Signal Phishing Attacks Targeting Politicians, Military, and Journalists

Germany’s Federal Office for the Protection of the Constitution, known as BfV, together with the Federal Office for Information Security BSI, have issued a joint cybersecurity alert regarding an active phishing campaign abusing the Signal messaging platform. According to the advisory, the campaign is attributed to a likely state-sponsored threat actor and is specifically aimed at politicians, military officials, diplomats, […]

German Agencies Warn of Signal Phishing Attacks Targeting Politicians, Military, and Journalists Read More »

Mandiant Identifies ShinyHunters Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant has reported a significant rise in threat activity involving sophisticated voice phishing operations designed to compromise cloud-based software-as-a-service platforms. The activity shows strong tradecraft similarities to extortion campaigns historically associated with the financially motivated cybercrime group known as ShinyHunters. These attacks rely on advanced vishing techniques combined with fake credential harvesting websites that

Mandiant Identifies ShinyHunters Style Vishing Attacks Stealing MFA to Breach SaaS Platforms Read More »

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

Cybersecurity researchers have uncovered an advanced ClickFix campaign that combines deceptive CAPTCHA prompts with a signed Microsoft Application Virtualization (App-V) script to deliver a new information stealer known as Amatera. According to findings published by Blackpoint researchers Jack Patrick and Sam Decker, the attackers deliberately avoid launching PowerShell directly. Instead, they abuse a trusted Microsoft script

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services Read More »

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity experts have revealed a sophisticated dual-phase phishing campaign that uses stolen login credentials to install legitimate Remote Monitoring and Management (RMM) software, giving attackers long-term control over compromised systems. According to researchers at KnowBe4 Threat Labs, Jeewan Singh Jalal, Prabhakaran Ravichandhiran, and Anand Bodke, attackers are now bypassing traditional security defenses by leveraging trusted

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access Read More »

North Korean PurpleBravo Campaign Targets 3,136 IP Addresses Using Fake Job Interviews

Recorded Future’s Insikt Group has uncovered that the North Korean-linked PurpleBravo campaign targeted 3,136 IP addresses connected to potential victims across multiple industries, including artificial intelligence, cryptocurrency, financial services, IT services, marketing, and software development. The campaign, also known under aliases such as CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, Void Dokkaebi, and WaterPlum, has been active since

North Korean PurpleBravo Campaign Targets 3,136 IP Addresses Using Fake Job Interviews Read More »

Hackers Use LinkedIn Messages to Spread RAT Malware via DLL Sideloading

Cybersecurity researchers have identified a new phishing operation that weaponizes LinkedIn private messages to deliver malware, highlighting how social media platforms are increasingly being used as initial access vectors in cyberattacks. According to findings shared by ReliaQuest, the campaign relies on direct messages sent to targeted individuals, where attackers gradually build trust before convincing victims

Hackers Use LinkedIn Messages to Spread RAT Malware via DLL Sideloading Read More »

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media

The fraudulent investment scheme known as Nomani has surged by 62%, as cyber researchers from ESET report, with campaigns spreading beyond Facebook to platforms like YouTube.Slovak cybersecurity firm ESET revealed that it blocked over 64,000 unique URLs linked to this scam in 2025. Most of the detections came from countries including Czechia, Japan, Slovakia, Spain,

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media Read More »

Cracked Software and YouTube Videos Used to Spread CountLoader and GachiLoader Malware

Cybersecurity researchers have uncovered an active malware campaign that abuses cracked software websites and popular video platforms to distribute advanced loader malware, primarily CountLoader and GachiLoader. The activity highlights how threat actors continue to exploit user trust in free software and online tutorials to silently compromise systems. Researchers from Cyderes revealed that cracked software distribution

Cracked Software and YouTube Videos Used to Spread CountLoader and GachiLoader Malware Read More »

New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails

A new wave of phishing attacks linked to Operation ForumTroll has been observed targeting academic professionals in Russia, according to cybersecurity researchers at Kaspersky. The activity was detected in October 2025, marking a shift in the threat actor’s focus from organizations to individual scholars. Security analysts noted that the campaign primarily targets experts in political

New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails Read More »

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale

Cybersecurity researchers are warning about a new wave of highly advanced phishing kits that are enabling large scale credential theft by combining automation, artificial intelligence, and multi factor authentication bypass techniques. The newly observed toolkits, known as BlackForce, GhostFrame, InboxPrime AI, and Spiderman, represent a growing shift toward industrialized phishing operations. BlackForce Targets MFA Using

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale Read More »